Suricata Alert
Suricata eve.json alert
Alerts generated by enabled Suricata rule-sets.
Minor Alert (Spotify P2P Traffic)
{
"@timestamp": "2021-01-02T06:44:09.398Z",
"agent": {
"hostname": "sensor-dev",
"name": "sensor-dev",
"id": "6bf5192e-e2f1-49bb-ab7a-c04c26381e7e",
"type": "filebeat",
"ephemeral_id": "d25ef98c-b717-47de-b61e-71da4df4a2df",
"version": "7.9.2"
},
"destination": {
"address": "172.16.23.255",
"port": 57621,
"bytes": 0,
"ip": "172.16.23.255",
"packets": 0
},
"ecs": {
"version": "1.5.0"
},
"event": {
"severity": 3,
"original": "{\"timestamp\":\"2021-01-02T01:44:09.398482-0500\",\"flow_id\":918014348514287,\"in_iface\":\"ens37\",\"event_type\":\"alert\",\"src_ip\":\"172.16.23.1\",\"src_port\":57621,\"dest_ip\":\"172.16.23.255\",\"dest_port\":57621,\"proto\":\"UDP\",\"community_id\":\"1:MAZK8VOhlED0IWtc4eWEUm\\/Gb8A=\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027397,\"rev\":1,\"signature\":\"ET POLICY Spotify P2P Client\",\"category\":\"Not Suspicious Traffic\",\"severity\":3,\"metadata\":{\"updated_at\":[\"2019_05_30\"],\"signature_severity\":[\"Minor\"],\"performance_impact\":[\"Low\"],\"deployment\":[\"Internal\"],\"created_at\":[\"2019_05_30\"],\"attack_target\":[\"Client_Endpoint\"],\"affected_product\":[\"Windows_Client_Apps\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":471,\"pkts_toclient\":0,\"bytes_toserver\":40506,\"bytes_toclient\":0,\"start\":\"2021-01-01T21:49:08.152559-0500\"}}",
"created": "2021-01-15T03:34:20.671Z",
"kind": "alert",
"module": "suricata",
"start": "2021-01-02T02:49:08.152Z",
"category": [
"network",
"intrusion_detection"
],
"type": [
"allowed"
],
"dataset": "suricata.eve"
},
"fields": {
"originating_agent_tag": "sensordev_agt"
},
"fileset": {
"name": "eve"
},
"host": {
"name": "sensor-dev"
},
"input": {
"type": "log"
},
"log": {
"file": {
"path": "/opt/dynamite/suricata/logs/eve.json"
},
"offset": 14848090
},
"message": "Not Suspicious Traffic",
"network": {
"community_id": "1:MAZK8VOhlED0IWtc4eWEUm/Gb8A=",
"bytes": 40506,
"transport": "udp",
"packets": 471
},
"related": {
"ip": [
"172.16.23.1",
"172.16.23.255"
]
},
"rule": {
"name": "ET POLICY Spotify P2P Client",
"id": "2027397",
"category": "Not Suspicious Traffic"
},
"service": {
"type": "suricata"
},
"source": {
"address": "172.16.23.1",
"port": 57621,
"bytes": 40506,
"ip": "172.16.23.1",
"packets": 471
},
"suricata": {
"eve": {
"in_iface": "ens37",
"community_id": "1:MAZK8VOhlED0IWtc4eWEUm/Gb8A=",
"event_type": "alert",
"alert": {
"metadata": {
"performance_impact": [
"Low"
],
"affected_product": [
"Windows_Client_Apps"
],
"updated_at": [
"2019_05_30"
],
"attack_target": [
"Client_Endpoint"
],
"created_at": [
"2019_05_30"
],
"signature_severity": [
"Minor"
],
"deployment": [
"Internal"
]
},
"signature_id": 2027397,
"rev": 1,
"gid": 1,
"signature": "ET POLICY Spotify P2P Client",
"category": "Not Suspicious Traffic"
},
"flow_id": 918014348514287,
"flow": {}
}
},
"tags": [
"suricata"
]
}