{
  "_index": "logstash-alert-2022.09.11",
  "_type": "_doc",
  "_id": "Bwr-LYMBfTCdXV7at9mB",
  "_version": 1,
  "_score": null,
  "_source": {
    "stream": 1,
    "input": {
      "type": "log"
    },
    "proto": "TCP",
    "http": {
      "http_method": "GET",
      "hostname": "voxepimid.com",
      "url": "/Lssaas.dll",
      "protocol": "HTTP/1.1",
      "http_response_body_printable": "MZ......................@...............................................!..L.!This program cannot be run in DOS mode.\r\r\n$...............................................G.......G.......G.......................z...............z.......z.......z.......Rich............PE..d...i..b..........\" .....j...V........\n...................................................`...........................................\r.P... .\r.<...............@V..............T.....\r...............................\r.8...............@............................text....h.......j.................. ..`.rdata...c.......d...n..............@..@.data...t.....\r..P....\r.............@....pdata..@V.......X...\"..............@..@_RDATA...............z..............@..@.reloc..T............|..............@..B................................................................................................................................................................................................................................................................H..(H.\r]/.......H.\r.g...\\...H..(................H.L$.3...u.H.D$.H.8.u.3...H.D$.H...@ ...........H.L$.3...u.H.D$.H.8.u.3...H.D$.H...@............L.D$.H.T$.H.L$.H......H...#..H3.H.D$x.D$@....H....\r.H.D$ A.l...L....\r......H..$.........H..$....H.D$0H..$....H.D$(H..o.\r.H.D$ A.m...L..m.\r......H..$.........H..$....H....|..........u..D$@..............L.L$HL..$....H..$....H..$......t...D$@.|$@.t5.D$@.D$(H....\r.H.D$ A.....L....\r......H..$..........kH..$....H.xx.t\\L.D$HH..$....H.PxH..$.....8Y...D$@.|$@.t3.D$@.D$(H....\r.H.D$ A.....L....\r......H..$.........H..$....H..$..........|$@....t\n.|$@....u..D$@....H....\r.H.D$ A.....L....\r......H..$..........D$@H.L$xH3..M...H............................H.L$.H..8H.D$@..,....u2H..Z...H.D$ A.Y...L...........H.L$@...........$...H.D$@H....|...........uLH.D$@H.L$@H......H9.....v2H..>...H.D$ A.e...L..d........H.L$@.-.............H.D$@H.. ....vIH.D$@H.L$@H......H9. ...s/H......H.D$ A.p...L...........H.L$@...........hH.D$@H.......t/H......H.D$ A.y...L...........H.L$@...........*H......H.D$ A.....L..|........H.L$@.e...3.H..8...............H.L$.H...H.D$ H.......u\nH..$......H.D$ H......H..$H..$H.........................H.L$.H..XH.D$8....H.D$`H......H.D$@H.L$`.#7..H.D$HH.|$@.u..D$H.....H.D$@H.....H........D$0.|$0.t0.|$0.t..|$0.t..|$0.t..|$0\nt..wH.D$@H..H.D$8.....H.D$@H.....H........D$4H.D$@H.@.H.L$8H..H..H.D$8.D$4H.L$8H..H..H.D$8H.D$`.x..|..D$4H.L$8H..H..H.D$8./H......H.D$ A.....L..!........H.L$`............H.D$8H.L$HH..H..H..X.......L.D$.H.T$.H.L$.H..X.D$0....H.|$`.t.H.D$`H.8.u\n..........H......H.D$ A.....L...\n.......H.L$`.`...H.D$`H....|...........u]H.L$`..-...D$0.|$0.t..D$0.....H.D$`H.xp.t3H.D$`H.@p..........u.H.L$`..7...D$0.|$0.t..D$0.J...H.L$`......D$0.|$0....t@.|$0.t9.D$0.D$(H..U\n..H.D$ A.....L..c\n.......H.L$`......D$0.....H.D$`.x..tXH.L$`......D$0.|$0....t@.|$0.t9.D$0.D$(H..\"\n..H.D$ A.....L..(\n.......H.L$`.y....D$0.....H.D$`H.............H.D$`H.......t4H.D$`H......H.D$`.........u.H.D$`H....X...H.L$`..i.......H.L$`......D$0.|$0.tJ.|$0....u.3.......D$0.D$(H......H.D$ A.0...L...........H.L$`......D$0.....H.D$`H.......urH.D$`.......ud.....H.L$`......D$0.|$0.tJ.|$0....u.3.......D$0.D$(H..7...H.D$ A.?...L..=........H.L$`.>....D$0.T...H.D$`.............H......H.D$ A.F...L..*........H.L$`.....H.D$`H....|...................Hk..H.L$`H............u.H.L$`..2..H.L$`H9. ...tOH......H.D$ A.S...L...........H.L$`.E...H.D$`H....|...........u............}...H.D$`H....|.........um.....Hk..H.L$`H.............tOH......H.D$ A.d...L...........H.L$`.....H.D$`H....|...........u..u.............H.D$`H....|.................H.D$`.......u.H.D$`H....|.................H.D$`H....|...........u!H.D$`H....|........u.H.D$`.@.....H.L$`..N...D$0.|$0....t@.|$0.t9.D$0.D$(H......H.D$ A.....L...........H.L$`.\r....D$0.#........H......H.D$ A.....L...........H.L$`.....H.D$`.x..|%A.d..H.L$`.M....D$0.|$0.t..D$0......2H......H.D$ A.....L...........H.L$`.?...................|H.D$`.x..uqH.D$`H....d....|`H.D$`.@....D$4H.D$`.L$4.H.H.D$`H....d...9D$4~2H..M...H.D$ A.....L..s........H.L$`...............H.D$`.......u2H..U...H.D$ A.....L..k........H.L$`.|.............H.D$`.......t2H..M...H.D$ A.....L..[........H.L$`.<.............H.D$`H.L$`H......H......H.D$`.x..u.3.H.L$`.Cd..H.D$`H....|.........uYH.D$`.x..uNH.L$`..G...D$0.|$0.t9.D$0.D$(H......H.D$ A.....L...........H.L$`......D$0......_...H.D$`H......H9D$ps.H.D$pH.D$@..H.D$`H......H.D$@H.D$@H.D$8L.D$8H.D$`H......H.L$h.J...H.D$`H.L$8H......H+.H.L$`H......H.D$`H.......u!H.D$`H..........H.D$`..,.........H.D$`H......H.D$8H.L$`H......H......H.D$ A.....L...........H.L$`......D$8H..X.............L.D$.H.T$.H.L$.H..H.D$0....H......H.D$ A.....L...........H.L$P.M...H.|$P.t.H.D$PH.8.u\n..........H.L$P......D$0.|$0.t9.D$0.D$(H......H.D$ A.....L...........H.L$P.+....D$0.....H.D$P.x..tKH.L$P......D$0.|$0.t6.D$0.D$(H..[...H.D$ A.....L..i........H.L$P......D$0.DL.D$`H.T$XH.L$P......D$0H..E...H.D$ A.....L..C........H.L$P.L....D$0H..H....................D.D$..T$.H.L$.H..X.D$@....H.|$`.t.H.D$`H.8.u\n......2...H..2.\r.H.D$ A.\\...L..8.\r......H.L$`.......D$p..L$h.D$0.L$(H.. .\r.H.D$ A.]...L....\r......H.L$`.....H.D$`..h.......H.D$`H..p............Hk..H.L$`H..`.....T$h........Hk..H.L$`H..`.....T$p.....H.L$`......D$@.|$@.t6.D$@.D$(H....\r.H.D$ A.f...L....\r......H.L$`.7....D$@.*H....\r.H.D$ A.i...L.",
      "length": 5283,
      "http_content_type": "application/octet-stream",
      "server": "apache/1.17.10 (Ubuntu)",
      "http_response_body": "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADa+rLtnpvcvp6b3L6em9y+ivDYv5Wb3L6K8N+/lpvcvorw2b8Dm9y+R+/Zv76b3L5H79i/kZvcvkfv37+Um9y+ivDdv5ub3L6em92+6pvcvnrv37+Zm9y+H+LYv8yb3L5679m/kZvcvnrv3L+fm9y+eu/ev5+b3L5SaWNonpvcvgAAAAAAAAAAUEUAAGSGBgBp5+NiAAAAAAAAAADwACIgCwIOHABqCwAAVgQAAAAAABQCCgAAEAAAAAAAgAEAAAAAEAAAAAIAAAYAAAAAAAAABgAAAAAAAAAAABAAAAQAAAAAAAACAGABAAAQAAAAAAAAEAAAAAAAAAAAEAAAAAAAABAAAAAAAAAAAAAAEAAAANDZDQBQAAAAINoNADwAAAAAAAAAAAAAAACADwBAVgAAAAAAAAAAAAAA8A8AVA4AAJCLDQAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsIsNADgBAAAAAAAAAAAAAACACwBAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAAAVaAsAABAAAABqCwAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAwGMCAACACwAAZAIAAG4LAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAHSHAQAA8A0AAFABAADSDQAAAAAAAAAAAAAAAABAAADALnBkYXRhAABAVgAAAIAPAABYAAAAIg8AAAAAAAAAAAAAAAAAQAAAQF9SREFUQQAA9AAAAADgDwAAAgAAAHoPAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAFQOAAAA8A8AABAAAAB8DwAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiD7ChIjQ1dLw8A6OCvBQBIjQ3pZwsA6FzuCQBIg8Qow8zMzMzMzMzMzMzMzMzMzEiJTCQIM8CFwHX6SItEJAhIgzgAdQQzwOsLSItEJAhIiwCLQCDDzMzMzMzMzMzMzEiJTCQIM8CFwHX6SItEJAhIgzgAdQQzwOsLSItEJAhIiwCLQATDzMzMzMzMzMzMzEyJRCQYSIlUJBBIiUwkCEiB7IgAAABIiwULIw8ASDPESIlEJHjHRCRAAAAAAEiNBYTfDQBIiUQkIEG5bAAAAEyNBZLfDQC6AQAAAEiLjCSQAAAA6Ji8AQBIi4QkoAAAAEiJRCQwSIuEJJgAAABIiUQkKEiNBW/fDQBIiUQkIEG5bQAAAEyNBW3fDQC6AwAAAEiLjCSQAAAA6JO+AQBIi4QkkAAAAEiLAIuAfAEAANHog+ABhcB1EsdEJECAj///6dIAAADpzQAAAEyNTCRITIuEJKAAAABIi5QkmAAAAEiLjCSQAAAA6JV0AACJRCRAg3wkQAB0NYtEJECJRCQoSI0FA98NAEiJRCQgQbmBAAAATI0FCd8NALoDAAAASIuMJJAAAADoB70BAOtrSIuEJJAAAABIg3h4AHRcTI1EJEhIi4QkkAAAAEiLUHhIi4wkkAAAAOg4WQAAiUQkQIN8JEAAdDOLRCRAiUQkKEiNBb7eDQBIiUQkIEG5igAAAEyNBcTeDQC6AwAAAEiLjCSQAAAA6Jq8AQBIi5QkoAAAAEiLjCSYAAAA6PW0BQCBfCRAAKD//3QKgXwkQICb//91CMdEJEAAmf//SI0Fit4NAEiJRCQgQbmeAAAATI0FmN4NALoBAAAASIuMJJAAAADo/roBAItEJEBIi0wkeEgzzOhN5QkASIHEiAAAAMPMzMzMzMzMzMzMzMzMzMzMzMzMzMxIiUwkCEiD7DhIi0QkQIO4LAEAAAF1MkiNBVoMDgBIiUQkIEG5WRMAAEyNBYAMDgC6AwAAAEiLTCRA6JG6AQC4AQAAAOkkAQAASItEJEBIiwCLgHwBAADR6IPgAYP4AXVMSItEJEBIi0wkQEiLiQgBAABIOYj4AAAAdjJIjQU+DA4ASIlEJCBBuWUTAABMjQVkDA4AugMAAABIi0wkQOgtugEAuAEAAADpwAAAAEiLRCRASIO4IAEAAAB2SUiLRCRASItMJEBIi4nwAAAASDmIIAEAAHMvSI0FkwwOAEiJRCQgQblwEwAATI0FyQwOALoDAAAASItMJEDo0rkBALgBAAAA62hIi0QkQEiDuOAAAAAAdC9IjQXtCw4ASIlEJCBBuXkTAABMjQWbDA4AugMAAABIi0wkQOiUuQEAuAEAAADrKkiNBf4LDgBIiUQkIEG5gxMAAEyNBXwMDgC6AwAAAEiLTCRA6GW5AQAzwEiDxDjDzMzMzMzMzMzMzMzMzMxIiUwkCEiD7BhIi0QkIEiDuOAAAAAAdQpIxwQkAAAAAOsQSItEJCBIi4DwAAAASIkEJEiLBCRIg8QYw8zMzMzMzMzMzMzMzMzMzMzMzMzMzEiJTCQISIPsWEjHRCQ4AAAAAEiLRCRgSIuAgAAAAEiJRCRASItMJGDoIzcAAEiJRCRISIN8JEAAdQmLRCRI6fIAAABIi0QkQEgFgAAAAEiLyOiK+///iUQkMIN8JDACdDCDfCQwBnQXg3wkMAd0EIN8JDAIdAmDfCQwCnQC63dIi0QkQEiLAEiJRCQ46ZQAAABIi0QkQEgFgAAAAEiLyOgM+///iUQkNEiLRCRASItAGEiLTCQ4SAPISIvBSIlEJDiLRCQ0SItMJDhIA8hIi8FIiUQkOEiLRCRgg3gYAnwUi0QkNEiLTCQ4SAPISIvBSIlEJDjrL0iNBRsLDgBIiUQkIEG5uBMAAEyNBSELDgC6AQAAAEiLTCRg6OK3AQC4AJT//+sQSItEJDhIi0wkSEgDyEiLwUiDxFjDzMzMzMzMTIlEJBhIiVQkEEiJTCQISIPsWMdEJDCS////SIN8JGAAdAtIi0QkYEiDOAB1CrgAj///6ecHAABIjQUBCw4ASIlEJCBBue8TAABMjQX3Cg4AugIAAABIi0wkYOhgtwEASItEJGBIiwCLgHwBAADR6IPgAYP4AXVdSItMJGDo7i0AAIlEJDCDfCQwAHQJi0QkMOmJBwAASItEJGBIg3hwAHQzSItEJGBIi0BwD7aAwAMAAIP4AXUeSItMJGDorzcAAIlEJDCDfCQwAHQJi0QkMOlKBwAASItMJGDo0aoAAIlEJDCBfCQwAJX//3RAg3wkMAB0OYtEJDCJRCQoSI0FVQoOAEiJRCQgQbkRFAAATI0FYwoOALoBAAAASItMJGDo3LcBAItEJDDp8gYAAEiLRCRgg3gIEHRYSItMJGDorgMFAIlEJDCBfCQwAJX//3RAg3wkMAB0OYtEJDCJRCQoSI0FIgoOAEiJRCQgQbkcFAAATI0FKAoOALoBAAAASItMJGDoebcBAItEJDDpjwYAAEiLRCRgSIO44AAAAAAPhY4FAABIi0QkYEiDuKgAAAAAdDRIi0QkYEiLiJgAAABIi0QkYP+QqAAAAIP4/3UYSItEJGBIiwCLkFgBAABIi0wkYOgaaQAAugEAAABIi0wkYOibFAAAiUQkMIN8JDAAdEqBfCQwgI3//3UHM8DpDgYAAItEJDCJRCQoSI0FkAkOAEiJRCQgQbkwFAAATI0FlgkOALoBAAAASItMJGDov7YBAItEJDDp1QUAAEiLRCRgSIO48AAAAAB1ckiLRCRgg7joAAAAF3VkugEAAABIi0wkYOgaFAAAiUQkMIN8JDAAdEqBfCQwgI3//3UHM8DpjQUAAItEJDCJRCQoSI0FNwkOAEiJRCQgQbk/FAAATI0FPQkOALoBAAAASItMJGDoPrYBAItEJDDpVAUAAEiLRCRgg7joAAAAFg+FtQIAAEiNBRwJDgBIiUQkIEG5RhQAAEyNBSoJDgC6AQAAAEiLTCRg6Lu0AQBIi0QkYEiLAIuAfAEAAIPgAYXAD4WEAAAAuAEAAABIa8AASItMJGBIi4nYAAAAD7YEAYXAdRhIi0wkYOj7MgAASItMJGBIOYEgAQAAdE9IjQXWCA4ASIlEJCBBuVMUAABMjQXsCA4AugEAAABIi0wkYOhFtAEASItEJGBIiwCLgHwBAADR6IPgAYP4AXUF6fj9//+4AIn//+l9BAAASItEJGBIiwCLgHwBAACD4AGD+AF1bbgBAAAASGvAAEiLTCRgSIuJ2AAAAA+2BAGD+AF0T0iNBYsIDgBIiUQkIEG5ZBQAAEyNBaEIDgC6AQAAAEiLTCRg6MKzAQBIi0QkYEiLAIuAfAEAANHog+ABg/gBdQXpdf3//7gAif//6foDAABIi0QkYEiLAIuAfAEAAMHoDoPgAYXAD4TAAAAASItEJGCDuLABAAAAdRxIi0QkYEiLAIuAfAEAAMHoBIPgA4XAD4SWAAAASItEJGBIiwCLgHwBAADR6IPgAYP4AXUhSItEJGBIiwCLgHwBAACD4AGFwHUMSItEJGDHQAwDAAAASItMJGDo0k4FAIlEJDCBfCQwAJX//3RAg3wkMAB0OYtEJDCJRCQoSI0FzgcOAEiJRCQgQbmJFAAATI0F3AcOALoBAAAASItMJGDoDbQBAItEJDDpIwMAAOmKAAAASI0FyAcOAEiJRCQgQbmUFAAATI0F3gcOALoDAAAASItMJGDol7IBAEiLRCRgg3gYAXwlQbBksgFIi0wkYOhNBAAAiUQkMIN8JDAAdAmLRCQw6cgCAADrMkiNBagHDgBIiUQkIEG5sBQAAEyNBa4HDgC6AQAAAEiLTCRg6D+yAQC4AJT//+mUAgAA6QD8///rfEiLRCRgg3gMA3VxSItEJGBIiwCDuGQBAAAAfGBIi0QkYItAEP/AiUQkNEiLRCRgi0wkNIlIEEiLRCRgSIsAi4BkAQAAOUQkNH4ySI0FTQcOAEiJRCQgQbnRFAAATI0FcwcOALoBAAAASItMJGDovLEBALgAif//6RECAABIi0QkYIO46AAAABV1MkiNBVUHDgBIiUQkIEG52xQAAEyNBWsHDgC6AgAAAEiLTCRg6HyxAQC4AJf//+nRAQAASItEJGCDuOgAAAAXdDJIjQVNBw4ASIlEJCBBueEUAABMjQVbBw4AugEAAABIi0wkYOg8sQEAuACJ///pkQEAAEiLRCRgSItMJGBIi4nYAAAASImI4AAAAEiLRCRgg3gIEHUMM9JIi0wkYOhDZAAASItEJGBIiwCLgHwBAACD4AGD+AF1WUiLRCRgg3gMA3VOSItMJGDo2EcFAIlEJDCDfCQwAHQ5i0QkMIlEJChIjQXeBg4ASIlEJCBBufcUAABMjQX0Bg4AugEAAABIi0wkYOjdsQEAi0QkMOnzAAAA6V/6//9Ii0QkYEiLgPAAAABIOUQkcHMMSItEJHBIiUQkQOsRSItEJGBIi4DwAAAASIlEJEBIi0QkQEiJRCQ4TItEJDhIi0QkYEiLkOAAAABIi0wkaOhK7AkASItEJGBIi0wkOEiLgPAAAABIK8FIi0wkYEiJgfAAAABIi0QkYEiDuPAAAAAAdSFIi0QkYEjHgOAAAAAAAAAASItEJGDHgCwBAAAAAAAA6x1Ii0QkYEiLgOAAAABIA0QkOEiLTCRgSImB4AAAAEiNBR4GDgBIiUQkIEG5ERUAAEyNBRQGDgC6AgAAAEiLTCRg6KWvAQCLRCQ4SIPEWMPMzMzMzMzMzMzMzMxMiUQkGEiJVCQQSIlMJAhIg+xIx0QkMJL///9IjQXmBg4ASIlEJCBBuY0VAABMjQXkBg4AugIAAABIi0wkUOhNrwEASIN8JFAAdAtIi0QkUEiDOAB1CrgAj///6egAAABIi0wkUOgWowAAiUQkMIN8JDAAdDmLRCQwiUQkKEiNBaQGDgBIiUQkIEG5lRUAAEyNBbIGDgC6AQAAAEiLTCRQ6CuwAQCLRCQw6ZoAAABIi0QkUIN4CBB0S0iLTCRQ6P37BACJRCQwg3wkMAB0NotEJDCJRCQoSI0FWwUOAEiJRCQgQbmeFQAATI0FaQYOALoBAAAASItMJFDo0q8BAItEJDDrREyLRCRgSItUJFhIi0wkUOiIpQAAiUQkMEiNBUUGDgBIiUQkIEG5qRUAAEyNBUMGDgC6AgAAAEiLTCRQ6EyuAQCLRCQwSIPESMPMzMzMzMzMzMzMzMzMzMzMzMzMRIhEJBiIVCQQSIlMJAhIg+xYx0QkQJL///9Ig3wkYAB0C0iLRCRgSIM4AHUKuACP///pMgEAAEiNBTL9DQBIiUQkIEG5XBIAAEyNBTj9DQC6AgAAAEiLTCRg6NGtAQAPtkQkcA+2TCRoiUQkMIlMJChIjQUg/Q0ASIlEJCBBuV0SAABMjQUu/Q0AugMAAABIi0wkYOiXrQEASItEJGDHgGgBAAAVAAAASItEJGBIx4BwAQAAAgAAALgBAAAASGvAAEiLTCRgSIuJYAEAAA+2VCRoiBQIuAEAAABIa8ABSItMJGBIi4lgAQAAD7ZUJHCIFAiyAUiLTCRg6BIcAACJRCRAg3wkQAB0NotEJECJRCQoSI0FsPwNAEiJRCQgQblmEgAATI0FvvwNALoBAAAASItMJGDoN64BAItEJEDrKkiNBbL8DQBIiUQkIEG5aRIAAEyN",
      "status": 200
    },
    "log": {
      "file": {
        "path": "/var/log/suricata/eve-discovery-0.json"
      },
      "offset": 277962538
    },
    "src_port": 80,
    "hostname_info": {
      "domain": "voxepimid.com",
      "domain_without_tld": "voxepimid",
      "tld": "com",
      "url": "voxepimid.com",
      "host": "voxepimid.com"
    },
    "flow": {
      "pkts_toclient": 7,
      "bytes_toserver": 301,
      "start": "2022-09-11T21:20:00.032676+0200",
      "dest_ip": "45.153.241.65",
      "dest_port": 80,
      "bytes_toclient": 7322,
      "src_ip": "10.8.3.101",
      "pkts_toserver": 4,
      "src_port": 56101
    },
    "src_ip": "45.153.241.65",
    "net_info": {
      "dest_agg": "user.ydyqn.org.affected-users",
      "dest": [
        "USER.ydyqn.org",
        "AFFECTED USERS"
      ]
    },
    "@version": "1",
    "discovery": {
      "value": "apache/1.17.10 (Ubuntu)",
      "key": "http.server",
      "asset": "10.8.3.101",
      "asset_net": "user.ydyqn.org.affected-users",
      "asset_role": []
    },
    "@timestamp": "2022-09-11T19:20:00.062Z",
    "ether": {
      "dest_mac": "20:e5:2a:b6:93:f1",
      "src_mac": "00:08:02:1c:47:ae"
    },
    "alert": {
      "action": "allowed",
      "rev": 1,
      "category": "Unknown Traffic",
      "severity": 3,
      "gid": 1,
      "signature": "SN SIGHTINGS Newly discovered HTTP server remote",
      "metadata": {
        "provider": [
          "Stamus"
        ],
        "stamus_classification": [
          "stamus_sightings"
        ],
        "sightings_key": [
          "http.server"
        ],
        "created_at": [
          "2022_01_25"
        ],
        "updated_at": [
          "2022_01_25"
        ],
        "sightings_asset": [
          "dest_ip"
        ]
      },
      "signature_id": 3120011
    },
    "metadata": {
      "flowbits": [
        "min.gethttp",
        "stamus.sightings"
      ]
    },
    "dest_port": 56101,
    "app_proto": "http",
    "files": [
      {
        "size": 5283,
        "tx_id": 0,
        "sid": [
          1000003
        ],
        "stored": true,
        "filename": "/Lssaas.dll",
        "magic": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows",
        "file_id": 0,
        "gaps": false,
        "state": "UNKNOWN"
      }
    ],
    "payload": "SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuMTcuMTAgKFVidW50dSkNCkRhdGU6IFdlZCwgMDMgQXVnIDIwMjIgMjM6MjA6MjQgR01UDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL29jdGV0LXN0cmVhbQ0KQ29udGVudC1MZW5ndGg6IDEwMTg4ODANCkxhc3QtTW9kaWZpZWQ6IE1vbiwgMDEgQXVnIDIwMjIgMTA6NTU6MTcgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFVGFnOiAiNjJlN2IxMTUtZjhjMDAiDQpBY2NlcHQtUmFuZ2VzOiBieXRlcw0KDQpNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAQAADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0gY2Fubm90IGJlIHJ1biBpbiBET1MgbW9kZS4NDQokAAAAAAAAANr6su2em9y+npvcvp6b3L6K8Ni/lZvcvorw37+Wm9y+ivDZvwOb3L5H79m/vpvcvkfv2L+Rm9y+R+/fv5Sb3L6K8N2/m5vcvp6b3b7qm9y+eu/fv5mb3L4f4ti/zJvcvnrv2b+Rm9y+eu/cv5+b3L56796/n5vcvlJpY2iem9y+AAAAAAAAAABQRQAAZIYGAGnn42IAAAAAAAAAAPAAIiALAg4cAGoLAABWBAAAAAAAFAIKAAAQAAAAAACAAQAAAAAQAAAAAgAABgAAAAAAAAAGAAAAAAAAAAAAEAAABAAAAAAAAAIAYAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAA0NkNAFAAAAAg2g0APAAAAAAAAAAAAAAAAIAPAEBWAAAAAAAAAAAAAADwDwBUDgAAkIsNABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwiw0AOAEAAAAAAAAAAAAAAIALAEADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAABVoCwAAEAAAAGoLAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAADAYwIAAIALAABkAgAAbgsAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAdIcBAADwDQAAUAEAANINAAAAAAAAAAAAAAAAAEAAAMAucGRhdGEAAEBWAAAAgA8AAFgAAAAiDwAAAAAAAAAAAAAAAABAAABAX1JEQVRBAAD0AAAAAOAPAAACAAAAeg8AAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAAVA4AAADwDwAAEAAAAHwPAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASIPsKEiNDV0vDwDo4K8FAEiNDelnCwDoXO4JAEiDxCjDzMzMzMzMzMzMzMzMzMzMSIlMJAgzwIXAdfpIi0QkCEiDOAB1BDPA6wtIi0QkCEiLAItAIMPMzMzMzMzMzMzMSIlMJAgzwIXAdfpIi0QkCEiDOAB1BDPA6wtIi0QkCEiLAItABMPMzMzMzMzMzMzMTIlEJBhIiVQkEEiJTCQISIHsiAAAAEiLBQsjDwBIM8RIiUQkeMdEJEAAAAAASI0FhN8NAEiJRCQgQblsAAAATI0Fkt8NALoBAAAASIuMJJAAAADomLwBAEiLhCSgAAAASIlEJDBIi4QkmAAAAEiJRCQoSI0Fb98NAEiJRCQgQbltAAAATI0Fbd8NALoDAAAASIuMJJAAAADok74BAEiLhCSQAAAASIsAi4B8AQAA0eiD4AGFwHUSx0QkQICP///p0gAAAOnNAAAATI1MJEhMi4QkoAAAAEiLlCSYAAAASIuMJJAAAADolXQAAIlEJECDfCRAAHQ1i0QkQIlEJChIjQUD3w0ASIlEJCBBuYEAAABMjQUJ3w0AugMAAABIi4wkkAAAAOgHvQEA62tIi4QkkAAAAEiDeHgAdFxMjUQkSEiLhCSQAAAASItQeEiLjCSQAAAA6DhZAACJRCRAg3wkQAB0M4tEJECJRCQoSI0Fvt4NAEiJRCQgQbmKAAAATI0FxN4NALoDAAAASIuMJJAAAADomrwBAEiLlCSgAAAASIuMJJgAAADo9bQFAIF8JEAAoP//dAqBfCRAgJv//3UIx0QkQACZ//9IjQWK3g0ASIlEJCBBuZ4AAABMjQWY3g0AugEAAABIi4wkkAAAAOj+ugEAi0QkQEiLTCR4SDPM6E3lCQBIgcSIAAAAw8zMzMzMzMzMzMzMzMzMzMzMzMzMzEiJTCQISIPsOEiLRCRAg7gsAQAAAXUySI0FWgwOAEiJRCQgQblZEwAATI0FgAwOALoDAAAASItMJEDokboBALgBAAAA6SQBAABIi0QkQEiLAIuAfAEAANHog+ABg/gBdUxIi0QkQEiLTCRASIuJCAEAAEg5iPgAAAB2MkiNBT4MDgBIiUQkIEG5ZRMAAEyNBWQMDgC6AwAAAEiLTCRA6C26AQC4AQAAAOnAAAAASItEJEBIg7ggAQAAAHZJSItEJEBIi0wkQEiLifAAAABIOYggAQAAcy9IjQWTDA4ASIlEJCBBuXATAABMjQXJDA4AugMAAABIi0wkQOjSuQEAuAEAAADraEiLRCRASIO44AAAAAB0L0iNBe0LDgBIiUQkIEG5eRMAAEyNBZsMDgC6AwAAAEiLTCRA6JS5AQC4AQAAAOsqSI0F/gsOAEiJRCQgQbmDEwAATI0FfAwOALoDAAAASItMJEDoZbkBADPASIPEOMPMzMzMzMzMzMzMzMzMzEiJTCQISIPsGEiLRCQgSIO44AAAAAB1CkjHBCQAAAAA6xBIi0QkIEiLgPAAAABIiQQkSIsEJEiDxBjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMSIlMJAhIg+xYSMdEJDgAAAAASItEJGBIi4CAAAAASIlEJEBIi0wkYOgjNwAASIlEJEhIg3wkQAB1CYtEJEjp8gAAAEiLRCRASAWAAAAASIvI6Ir7//+JRCQwg3wkMAJ0MIN8JDAGdBeDfCQwB3QQg3wkMAh0CYN8JDAKdALrd0iLRCRASIsASIlEJDjplAAAAEiLRCRASAWAAAAASIvI6Az7//+JRCQ0SItEJEBIi0AYSItMJDhIA8hIi8FIiUQkOItEJDRIi0wkOEgDyEiLwUiJRCQ4SItEJGCDeBgCfBSLRCQ0SItMJDhIA8hIi8FIiUQkOOsvSI0FGwsOAEiJRCQgQbm4EwAATI0FIQsOALoBAAAASItMJGDo4rcBALgAlP//6xBIi0QkOEiLTCRISAPISIvBSIPEWMPMzMzMzMxMiUQkGEiJVCQQSIlMJAhIg+xYx0QkMJL///9Ig3wkYAB0C0iLRCRgSIM4AHUKuACP///p5wcAAEiNBQELDgBIiUQkIEG57xMAAEyNBfcKDgC6AgAAAEiLTCRg6GC3AQBIi0QkYEiLAIuAfAEAANHog+ABg/gBdV1Ii0wkYOjuLQAAiUQkMIN8JDAAdAmLRCQw6YkHAABIi0QkYEiDeHAAdDNIi0QkYEiLQHAPtoDAAwAAg/gBdR5Ii0wkYOivNwAAiUQkMIN8JDAAdAmLRCQw6UoHAABIi0wkYOjRqgAAiUQkMIF8JDAAlf//dECDfCQwAHQ5i0QkMIlEJChIjQVVCg4ASIlEJCBBuREUAABMjQVjCg4AugEAAABIi0wkYOjctwEAi0QkMOnyBgAASItEJGCDeAgQdFhIi0wkYOiuAwUAiUQkMIF8JDAAlf//dECDfCQwAHQ5i0QkMIlEJChIjQUiCg4ASIlEJCBBuRwUAABMjQUoCg4AugEAAABIi0wkYOh5twEAi0QkMOmPBgAASItEJGBIg7jgAAAAAA+FjgUAAEiLRCRgSIO4qAAAAAB0NEiLRCRgSIuImAAAAEiLRCRg/5CoAAAAg/j/dRhIi0QkYEiLAIuQWAEAAEiLTCRg6BppAAC6AQAAAEiLTCRg6JsUAACJRCQwg3wkMAB0SoF8JDCAjf//dQczwOkOBgAAi0QkMIlEJChIjQWQCQ4ASIlEJCBBuTAUAABMjQWWCQ4AugEAAABIi0wkYOi/tgEAi0QkMOnVBQAASItEJGBIg7jwAAAAAHVySItEJGCDuOgAAAAXdWS6AQAAAEiLTCRg6BoUAACJRCQwg3wkMAB0SoF8JDCAjf//dQczwOmNBQAAi0QkMIlEJChIjQU3CQ4ASIlEJCBBuT8UAABMjQU9CQ4AugEAAABIi0wkYOg+tgEAi0QkMOlUBQAASItEJGCDuOgAAAAWD4W1AgAASI0FHAkOAEiJRCQgQblGFAAATI0FKgkOALoBAAAASItMJGDou7QBAEiLRCRgSIsAi4B8AQAAg+ABhcAPhYQAAAC4AQAAAEhrwABIi0wkYEiLidgAAAAPtgQBhcB1GEiLTCRg6PsyAABIi0wkYEg5gSABAAB0T0iNBdYIDgBIiUQkIEG5UxQAAEyNBewIDgC6AQAAAEiLTCRg6EW0AQBIi0QkYEiLAIuAfAEAANHog+ABg/gBdQXp+P3//7gAif//6X0EAABIi0QkYEiLAIuAfAEAAIPgAYP4AXVtuAEAAABIa8AASItMJGBIi4nYAAAAD7YEAYP4AXRPSI0FiwgOAEiJRCQgQblkFAAATI0FoQgOALoBAAAASItMJGDowrMBAEiLRCRgSIsAi4B8AQAA0eiD4AGD+AF1Bel1/f//uACJ///p+gMAAEiLRCRgSIsAi4B8AQAAwegOg+ABhcAPhMAAAABIi0QkYIO4sAEAAAB1HEiLRCRgSIsAi4B8AQAAwegEg+ADhcAPhJYAAABIi0QkYEiLAIuAfAEAANHog+ABg/gBdSFIi0QkYEiLAIuAfAEAAIPgAYXAdQxIi0QkYMdADAMAAABIi0wkYOjSTgUAiUQkMIF8JDAAlf//dECDfCQwAHQ5i0QkMIlEJChIjQXOBw4ASIlEJCBBuYkUAABMjQXcBw4AugEAAABIi0wkYOgNtAEAi0QkMOkjAwAA6YoAAABIjQXIBw4ASIlEJCBBuZQUAABMjQXeBw4AugMAAABIi0wkYOiXsgEASItEJGCDeBgB",
    "host": "SSProbe-1",
    "tx_id": 0,
    "timestamp": "2022-09-11T21:20:00.062070+0200",
    "payload_printable": "HTTP/1.1 200 OK\r\nServer: apache/1.17.10 (Ubuntu)\r\nDate: Wed, 03 Aug 2022 23:20:24 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 1018880\r\nLast-Modified: Mon, 01 Aug 2022 10:55:17 GMT\r\nConnection: keep-alive\r\nETag: \"62e7b115-f8c00\"\r\nAccept-Ranges: bytes\r\n\r\nMZ......................@...............................................!..L.!This program cannot be run in DOS mode.\r\r\n$...............................................G.......G.......G.......................z...............z.......z.......z.......Rich............PE..d...i..b..........\" .....j...V........\n...................................................`...........................................\r.P... .\r.<...............@V..............T.....\r...............................\r.8...............@............................text....h.......j.................. ..`.rdata...c.......d...n..............@..@.data...t.....\r..P....\r.............@....pdata..@V.......X...\"..............@..@_RDATA...............z..............@..@.reloc..T............|..............@..B................................................................................................................................................................................................................................................................H..(H.\r]/.......H.\r.g...\\...H..(................H.L$.3...u.H.D$.H.8.u.3...H.D$.H...@ ...........H.L$.3...u.H.D$.H.8.u.3...H.D$.H...@............L.D$.H.T$.H.L$.H......H...#..H3.H.D$x.D$@....H....\r.H.D$ A.l...L....\r......H..$.........H..$....H.D$0H..$....H.D$(H..o.\r.H.D$ A.m...L..m.\r......H..$.........H..$....H....|..........u..D$@..............L.L$HL..$....H..$....H..$......t...D$@.|$@.t5.D$@.D$(H....\r.H.D$ A.....L....\r......H..$..........kH..$....H.xx.t\\L.D$HH..$....H.PxH..$.....8Y...D$@.|$@.t3.D$@.D$(H....\r.H.D$ A.....L....\r......H..$.........H..$....H..$..........|$@....t\n.|$@....u..D$@....H....\r.H.D$ A.....L....\r......H..$..........D$@H.L$xH3..M...H............................H.L$.H..8H.D$@..,....u2H..Z...H.D$ A.Y...L...........H.L$@...........$...H.D$@H....|...........uLH.D$@H.L$@H......H9.....v2H..>...H.D$ A.e...L..d........H.L$@.-.............H.D$@H.. ....vIH.D$@H.L$@H......H9. ...s/H......H.D$ A.p...L...........H.L$@...........hH.D$@H.......t/H......H.D$ A.y...L...........H.L$@...........*H......H.D$ A.....L..|........H.L$@.e...3.H..8...............H.L$.H...H.D$ H.......u\nH..$......H.D$ H......H..$H..$H.........................H.L$.H..XH.D$8....H.D$`H......H.D$@H.L$`.#7..H.D$HH.|$@.u..D$H.....H.D$@H.....H........D$0.|$0.t0.|$0.t..|$0.t..|$0.t..|$0\nt..wH.D$@H..H.D$8.....H.D$@H.....H........D$4H.D$@H.@.H.L$8H..H..H.D$8.D$4H.L$8H..H..H.D$8H.D$`.x..|..D$4H.L$8H..H..H.D$8./H......H.D$ A.....L..!........H.L$`............H.D$8H.L$HH..H..H..X.......L.D$.H.T$.H.L$.H..X.D$0....H.|$`.t.H.D$`H.8.u\n..........H......H.D$ A.....L...\n.......H.L$`.`...H.D$`H....|...........u]H.L$`..-...D$0.|$0.t..D$0.....H.D$`H.xp.t3H.D$`H.@p..........u.H.L$`..7...D$0.|$0.t..D$0.J...H.L$`......D$0.|$0....t@.|$0.t9.D$0.D$(H..U\n..H.D$ A.....L..c\n.......H.L$`......D$0.....H.D$`.x..tXH.L$`......D$0.|$0....t@.|$0.t9.D$0.D$(H..\"\n..H.D$ A.....L..(\n.......H.L$`.y....D$0.....H.D$`H.............H.D$`H.......t4H.D$`H......H.D$`.........u.H.D$`H....X...H.L$`..i.......H.L$`......D$0.|$0.tJ.|$0....u.3.......D$0.D$(H......H.D$ A.0...L...........H.L$`......D$0.....H.D$`H.......urH.D$`.......ud.....H.L$`......D$0.|$0.tJ.|$0....u.3.......D$0.D$(H..7...H.D$ A.?...L..=........H.L$`.>....D$0.T...H.D$`.............H......H.D$ A.F...L..*........H.L$`.....H.D$`H....|...................Hk..H.L$`H............u.H.L$`..2..H.L$`H9. ...tOH......H.D$ A.S...L...........H.L$`.E...H.D$`H....|...........u............}...H.D$`H....|.........um.....Hk..H.L$`H.............tOH......H.D$ A.d...L...........H.L$`.....H.D$`H....|...........u..u.............H.D$`H....|.................H.D$`.......u.H.D$`H....|.................H.D$`H....|...........u!H.D$`H....|........u.H.D$`.@.....H.L$`..N...D$0.|$0....t@.|$0.t9.D$0.D$(H......H.D$ A.....L...........H.L$`.\r....D$0.#........H......H.D$ A.....L...........H.L$`.....H.D$`.x..",
    "ecs": {
      "version": "1.12.0"
    },
    "type": "json-log",
    "dest_ip": "10.8.3.101",
    "packet_info": {
      "linktype": 1
    },
    "event_type": "alert",
    "packet": "AAgCHEeuIOUqtpPxCABFAAWUNQAAAIAG1BwtmfFBCggDZQBQ2yUt3FgvQMoG2FAY+vDR5AAABbj8DQC6AgAAAEiLTCRg6MmsAQAzwEiDxFjDzMzMzMzMzMzMzMzMzMzMzMzMSIlMJAhIg+xIx0QkMJL///9Ig3wkUAB0C0iLRCRQSIM4AHUKuACP///pywAAAEiNBXMEDgBIiUQkIEG5uBUAAEyNBXkEDgC6AgAAAEiLTCRQ6FqsAQBIi0QkUEiDuHgBAAAAdA9Ii0wkUOjxIgAA6YUAAABIi0QkUIN4CBB1UEUzwLIBSItMJFDo8v3//4lEJDCDfCQwAHQ2i0QkMIlEJChIjQUoBA4ASIlEJCBBucMVAABMjQU2BA4AugEAAABIi0wkUOgnrQEAi0QkMOsqSI0FKgQOAEiJRCQgQbnIFQAATI0FMAQOALoCAAAASItMJFDouasBADPASIPESMPMzMzMzMzMzMzMzMzMzMzMzMxIiUwkCEiD7ChIg3wkMAB1AutXSItEJDBIBYAAAABIi8jomusCAEiLRCQwSAXYAAAASIvI6IfrAgBIi0QkMEiDwEhIi8johtYCAEiLRCQwSIPAYEiLyOh11gIAungBAABIi0wkMOjmpAUASIPEKMPMzMzMzMzMzMzMzMzMzMzMzEiJTCQISIPsKEGwKLICSItMJDDo2Pz//0iDxCjDzMzMzMzMzMzMzMzMzMzMzMzMzEiJTCQISIPsWMdEJECS////SItEJGCDuOgAAAAWdR5Ii0wkYOhHBAAAiUQkQIN8JEAAdAmLRCRA6SEEAABIi0QkYIO46AAAABQPhWEBAABIi0QkYEiDuPAAAAABdENIi0QkYEiLgPAAAABIiUQkKEiNBYr3DQBIiUQkIEG52hEAAEyNBZj3DQC6AQAAAEiLTCRg6FmqAQC4AI7//+m9AwAAuAEAAABIa8AASItMJGBIi4nYAAAAD7YEAYP4AXRPuAEAAABIa8AASItMJGBIi4nYAAAAD7YEAYlEJChIjQVN9w0ASIlEJCBBueERAABMjQVj9w0AugEAAABIi0wkYOjsqQEAuACO///pUAMAAEiLRCRgSIsAi4B8AQAA0eiD4AGD+AEPhYYAAABIi0QkYIN4CAp0e0iLRCRgg3gIDHRwSItEJGBIg3hwAHUySI0FFfcNAEiJRCQgQbnsEQAATI0FM/cNALoBAAAASItMJGDofKkBALgAmf//6eACAABIjQUj9w0ASIlEJCBBufARAABMjQVJ9w0AugEAAABIi0wkYOhKqQEAuICb///prgIAAEiLRCRgg7joAAAAFQ+FAwIAAEiLRCRgSIO48AAAAAJ0Q0iLRCRgSIuA8AAAAEiJRCQoSI0FB/cNAEiJRCQgQbn+EQAATI0FFfcNALoBAAAASItMJGDo5qgBALgAjv//6UoCAAC4AQAAAEhrwAFIi0wkYEiLidgAAAAPtgQBuQEAAABIa8kASItUJGBIi5LYAAAAD7YMColEJDCJTCQoSI0Fy/YNAEiJRCQgQbkDEgAATI0F4fYNALoCAAAASItMJGDoeqgBALgBAAAASGvAAEiLTCRgSIuJ2AAAAA+2BAGD+AJ1T7gBAAAASGvAAUiLTCRgSIuJ2AAAAA+2BAGJRCQoSI0FoPYNAEiJRCQgQbkLEgAATI0FtvYNALoBAAAASItMJGDoF6gBALiAiP//6XsBAAC4AQAAAEhrwABIi0wkYEiLidgAAAAPtgQBg/gBdU+4AQAAAEhrwAFIi0wkYEiLidgAAAAPtgQBhcB1MkiNBWv2DQBIiUQkIEG5EhIAAEyNBXn2DQC6AgAAAEiLTCRg6KqnAQC4gIf//+kOAQAAuAEAAABIa8AASItMJGBIi4nYAAAAD7YEAYP4AXVNuAEAAABIa8ABSItMJGBIi4k=",
    "alerted": true,
    "agent": {
      "version": "7.16.1",
      "hostname": "SSProbe-1",
      "id": "9f305fa4-6db1-485c-81f9-598dce1469e3",
      "type": "filebeat",
      "ephemeral_id": "da6efa0f-f749-4bb3-8918-c3514cb604ff",
      "name": "SSProbe-1"
    },
    "in_iface": "tppdummy0",
    "tags": [
      "beats_input_codec_json_applied"
    ],
    "flow_id": 140344558276557
  },
  "fields": {
    "flow.start": [
      "2022-09-11T19:20:00.032Z"
    ],
    "@timestamp": [
      "2022-09-11T19:20:00.062Z"
    ],
    "EveBox": [
      140344558276557
    ],
    "Scirius": [
      3120011
    ],
    "timestamp": [
      "2022-09-11T19:20:00.062Z"
    ]
  },
  "highlight": {
    "alert.signature": [
      "SN @kibana-highlighted-field@SIGHTINGS@/kibana-highlighted-field@ Newly discovered HTTP server remote"
    ]
  },
  "sort": [
    1662924000062
  ]
}