{
  "_index": "logstash-ssh-2022.09.11",
  "_type": "_doc",
  "_id": "cOK6LIMBfTCdXV7a_9jg",
  "_version": 1,
  "_score": null,
  "_source": {
    "input": {
      "type": "log"
    },
    "proto": "TCP",
    "log": {
      "offset": 1654723366,
      "file": {
        "path": "/var/log/suricata/eve-0.json"
      }
    },
    "src_port": 5800,
    "ssh": {
      "client": {
        "software_version": "Go",
        "hassh": {
          "hash": "38e9f62bd8a6fd3920e44b7694e23cf5",
          "string": "curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,aes128-gcm@openssh.com,aes128-cbc,3des-cbc,chacha20-poly1305@openssh.com;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none"
        },
        "proto_version": "2.0"
      },
      "server": {
        "software_version": "OpenSSH_7.2p2",
        "hassh": {
          "hash": "d43d91bc39d5aaed819ad9f6b57b7348",
          "string": "curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com"
        },
        "proto_version": "2.0"
      }
    },
    "see_id": "2e2cf4a77cbd",
    "src_ip": "xx.xx.xx.xx",
    "net_info": {},
    "@version": "1",
    "@timestamp": "2022-09-11T13:26:38.920Z",
    "vlan": [
      123
    ],
    "ether": {
      "dest_mac": "84:78:ac:15:9d:42",
      "src_mac": "d8:67:d9:18:8f:da"
    },
    "host": "SSProbe-1",
    "ecs": {
      "version": "1.12.0"
    },
    "dest_port": 22,
    "type": "json-log",
    "tags": [
      "beats_input_codec_json_applied"
    ],
    "tx_id": 0,
    "timestamp": "2022-09-11T15:26:38.920828+0200",
    "see_name": "stamus-central-server",
    "dest_ip": "xx.xx.xx.xx",
    "event_type": "ssh",
    "agent": {
      "version": "7.16.1",
      "hostname": "SSProbe-1",
      "id": "9f305fa4-6db1-485c-81f9-598dce1469e3",
      "type": "filebeat",
      "ephemeral_id": "da6efa0f-f749-4bb3-8918-c3514cb604ff",
      "name": "SSProbe-1"
    },
    "in_iface": "tppdummy0",
    "flow_id": 1745846877384258
  },
  "fields": {
    "@timestamp": [
      "2022-09-11T13:26:38.920Z"
    ],
    "EveBox": [
      1745846877384258
    ],
    "timestamp": [
      "2022-09-11T13:26:38.920Z"
    ]
  },
  "sort": [
    1662902798920
  ]
}