http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data index f75c220..e3ffbe7 100644 --- a/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data +++ b/metron-interface/metron-alerts/e2e/mock-data/alerts_ui_e2e_index.data @@ -209,25 +209,25 @@ {"create": { "_id": "72f00fcd-2347-d75b-5c0a-08086f9e2a23"}} {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325676512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569374","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CHVSUC3iOxb3UpVxWd","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49194 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?60dbe33b908e0086292196ef001816bc tags:[] uid:CHVSUC3iOxb3UpVxWd trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6. 0) ts:1492671567.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569378","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574181","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325676512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569375","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569378","uri":"/?60dbe33b908e0086292196ef001816bc","tags":[],"ip_src_port":49194,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid" :"72f00fcd-2347-d75b-5c0a-08086f9e2a23","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} {"create": { "_id": "dcb3afed-1b68-d88a-7adb-f38183867920"}} -{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325677512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569382","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CZOU9CQKfQzbTKGZ8","resp_mime_types":["application/x-shockwave-flash"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CZOU9CQKfQzbTKGZ8 referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80 w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236 resp_fuids:[\"F95sxB3DPck4oMGLmc\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F95sxB3DPck4oMGLmc"],"timestamp":1505325677512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts": "1492671569382","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49185,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"dcb3afed-1b68-d88a-7adb-f38183867920","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":8973} +{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325677512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569382","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CZOU9CQKfQzbTKGZ8","resp_mime_types":["application/x-shockwave-flash"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49185 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CZOU9CQKfQzbTKGZ8 referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"application\\/x-shockwave-flash\"] trans_depth:1 host:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80 w.r0faf9.e8mfzdgrf7g0.groupprograms.in status_msg:OK id.orig_h:192.168.138.158 response_body_len:8973 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236 resp_fuids:[\"F95sxB3DPck4oMGLmc\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F95sxB3DPck4oMGLmc"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts": "1492671569382","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49185,"threatintelsplitterbolt:splitter:begin:ts":"1492671574181","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"dcb3afed-1b68-d88a-7adb-f38183867920","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":8973} {"create": { "_id": "50d6e395-0f31-a9c3-143e-25d7f44aadde"}} {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325678512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"Cn2j4crCA6ckU3XP5","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574844","original_string":"HTTP | id.orig_p:49190 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?b2566564b3ba1a38e61c83957a7dbcd5 tags:[] uid:Cn2j4crCA6ckU3XP5 trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325678512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569383","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/?b2566564b3ba1a38e61c83957a7dbcd5","tags":[],"ip_src_port":49190,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":" 50d6e395-0f31-a9c3-143e-25d7f44aadde","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} {"create": { "_id": "e90a5ca0-599d-05f2-18c4-13b563606f2e"}} -{"bro_timestamp":1505325679512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cx8Ucg1r67RywyWab1","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:Cx8Ucg1r67RywyWab1 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2 ; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"F3XRx03OXSVJ1iQGhe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3XRx03OXSVJ1iQGhe"],"timestamp":1505325679512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitter bolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"e90a5ca0-599d-05f2-18c4-13b563606f2e","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} +{"bro_timestamp":1505325679512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569383","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cx8Ucg1r67RywyWab1","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:Cx8Ucg1r67RywyWab1 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2 ; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"F3XRx03OXSVJ1iQGhe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F3XRx03OXSVJ1iQGhe"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitter bolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574844","status_msg":"OK","guid":"e90a5ca0-599d-05f2-18c4-13b563606f2e","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} {"create": { "_id": "fdb3c737-37fb-8bdf-6ace-78e8c41972a7"}} {"bro_timestamp":1505325680512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569384","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","uid":"CUrRne3iLIxXavQtci","trans_depth":32,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574845","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168473040 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:32 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671567.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121 ","adapter:hostfromjsonlistadapter:end:ts":"1492671569387","host":"node1","adapter:geoadapter:end:ts":"1492671574076","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574182","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325680512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569384","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569387","uri":"/api/v1/clusters/metron_cluster/services?fields=ServiceInfo/state,ServiceInfo/maintenance_state,components/ServiceComponentInfo/component_name&minimal_response=true&_=1484168473040","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574845","guid":"fdb3c737-37fb-8bdf-6ace-78e8c41972a7","response_body_len":0} {"create": { "_id": "735fcf0d-58f6-1b6a-9e33-8d94bc5a1be0"}} {"bro_timestamp":1505325681512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569387","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574076","uid":"CUrRne3iLIxXavQtci","trans_depth":22,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168417107 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:22 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671567.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671569389","host":"node1","adapter:geoad apter:end:ts":"1492671574077","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671574182","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325681512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569387","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569389","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484168417107","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"735fcf0d-58f6-1b6a-9e33-8d94bc5a1be0","response_body_len":0} {"create": { "_id": "09552ace-9c09-8069-a3f0-73e146579030"}} -{"bro_timestamp":1505325682512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569388","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C5UfKV32U65H7ojqJd","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:C5UfKV32U65H7ojqJd referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2 ; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"FZKJP2gGkPyTrWpLe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569392","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZKJP2gGkPyTrWpLe"],"timestamp":1505325682512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569388","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569391","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterb olt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"09552ace-9c09-8069-a3f0-73e146579030","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825} +{"bro_timestamp":1505325682512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575571","enrichmentsplitterbolt:splitter:begin:ts":"1492671569388","enrichmentjoinbolt:joiner:ts":"1492671574179","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"C5UfKV32U65H7ojqJd","resp_mime_types":["image/png"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/us.png tags:[] uid:C5UfKV32U65H7ojqJd referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:825 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2 ; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671567.0 id.resp_h:95.163.121.204 resp_fuids:[\"FZKJP2gGkPyTrWpLe\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671569392","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FZKJP2gGkPyTrWpLe"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671569388","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569391","uri":"/img/flags/us.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterb olt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"09552ace-9c09-8069-a3f0-73e146579030","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":825} {"create": { "_id": "1ff42d27-d69b-eab5-a2ca-7875ebf8336e"}} {"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325683512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575571","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671569393","enrichmentjoinbolt:joiner:ts":"1492671574179","trans_id":62139,"adapter:geoadapter:begin:ts":"1492671574077","uid":"C1fDU21X4Ys3xP7137","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:50683 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:62139 rcode:0 rcode_name:NOERROR TC:false RA:true uid:C1fDU21X4Ys3xP7137 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671567.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts": "1492671569395","Z":0,"adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574182","qclass":1,"timestamp":1505325683512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671569393","query":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569395","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":50683,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"1ff42d27-d69b-eab5-a2ca-7875ebf8336e"} {"create": { "_id": "ae14f2cf-6cc5-941f-2c98-9ce9b6e0bf81"}} {"qclass_name":"C_INTERNET","bro_timestamp":1505325684512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671575571","qtype":1,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671569399","enrichmentjoinbolt:joiner:ts":"1492671574179","trans_id":6088,"adapter:geoadapter:begin:ts":"1492671574077","uid":"CqrOfMusHaczrDBz8","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:50509 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:kritischerkonsum.uni-koeln.de trans_id:6088 rcode:0 rcode_name:NOERROR TC:false RA:false uid:CqrOfMusHaczrDBz8 RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671567.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts":"1492671569401","Z":0,"adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitt er:end:ts":"1492671574182","qclass":1,"timestamp":1505325684512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671569399","query":"kritischerkonsum.uni-koeln.de","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671569401","rcode_name":"NOERROR","TC":false,"RA":false,"RD":true,"ip_src_port":50509,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671574182","adapter:threatinteladapter:begin:ts":"1492671574850","guid":"ae14f2cf-6cc5-941f-2c98-9ce9b6e0bf81"} {"create": { "_id": "a105fca8-ec40-a98f-b64e-06e4d97a800f"}} -{"bro_timestamp":1505325685512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573715","enrichmentjoinbolt:joiner:ts":"1492671574181","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsUjA541poEzvhMfuf","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CsUjA541poEzvhMfuf referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2 ; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"FGcm94EWzm8st4LQj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573729","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FGcm94EWzm8st4LQj"],"timestamp":1505325685512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573715","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573729","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbo lt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"a105fca8-ec40-a98f-b64e-06e4d97a800f","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} +{"bro_timestamp":1505325685512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573715","enrichmentjoinbolt:joiner:ts":"1492671574181","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CsUjA541poEzvhMfuf","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CsUjA541poEzvhMfuf referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2 ; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"FGcm94EWzm8st4LQj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573729","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FGcm94EWzm8st4LQj"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573715","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573729","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbo lt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"a105fca8-ec40-a98f-b64e-06e4d97a800f","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} {"create": { "_id": "52ad66d7-80e8-9174-17f4-9b8e6e61fbc1"}} -{"bro_timestamp":1505325686512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573812","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CFbOTR2z2k8dUYUMmi","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CFbOTR2z2k8dUYUMmi resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0. 30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"F73miB3YQ8nA17F2Te\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573815","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F73miB3YQ8nA17F2Te"],"timestamp":1505325686512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573812","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid": "52ad66d7-80e8-9174-17f4-9b8e6e61fbc1","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} +{"bro_timestamp":1505325686512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573812","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CFbOTR2z2k8dUYUMmi","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CFbOTR2z2k8dUYUMmi resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0. 30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:95.163.121.204 resp_fuids:[\"F73miB3YQ8nA17F2Te\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671573815","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["F73miB3YQ8nA17F2Te"],"timestamp":1505370580000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573812","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid": "52ad66d7-80e8-9174-17f4-9b8e6e61fbc1","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} {"create": { "_id": "ba44eb73-69d8-ccd2-f08b-636f9c15b261"}} {"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325687512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671575623","enrichmentsplitterbolt:splitter:begin:ts":"1492671573813","enrichmentjoinbolt:joiner:ts":"1492671574182","adapter:geoadapter:begin:ts":"1492671574077","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CLKLkp1z9ZWAE0eou","resp_mime_types":["text/html"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671574850","original_string":"HTTP | id.orig_p:49186 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/ tags:[] uid:CLKLkp1z9ZWAE0eou referrer:http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745 resp_mime_types:[\"text\\/html\"] trans_depth:1 host:r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in st atus_msg:OK id.orig_h:192.168.138.158 response_body_len:121635 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671571.0 id.resp_h:62.75.195.236 resp_fuids:[\"FrcnSsZqVzpjB9o3j\"]","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671573817","host":"r03afd2.c3008e.xc07r.b0f.a39.h7f0fa5eu.vb8fbl.e8mfzdgrf7g0.groupprograms.in","adapter:geoadapter:end:ts":"1492671574077","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671574186","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FrcnSsZqVzpjB9o3j"],"timestamp":1505325687512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671573813","request_body_len":0,"enri chments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671573815","uri":"/","tags":[],"referrer":"http://va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in/?285a4d4e4e5a4d4d4649584c5d43064b4745","ip_src_port":49186,"threatintelsplitterbolt:splitter:begin:ts":"1492671574186","adapter:threatinteladapter:begin:ts":"1492671574850","status_msg":"OK","guid":"ba44eb73-69d8-ccd2-f08b-636f9c15b261","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":121635} {"create": { "_id": "6a437817-ef04-e264-2eef-5edd0b37d280"}} @@ -311,11 +311,11 @@ {"create": { "_id": "3cf6c636-ea29-4654-1632-c38a2c130f1c"}} {"bro_timestamp":1505325727512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594637","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CVxPm9xkzN80U39i9","resp_mime_types":["image/png"],"trans_depth":4,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:49205 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/bitcoin.png tags:[] uid:CVxPm9xkzN80U39i9 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:4 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:5523 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FOUZap2sbK6jyWeLZ8\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594637","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594644","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FOUZap2sbK6jyWeLZ8"],"timestamp":1505325727512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/img/bitcoin.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49205,"threatintelsplitterbo lt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","status_msg":"OK","guid":"3cf6c636-ea29-4654-1632-c38a2c130f1c","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":5523} {"create": { "_id": "fd436051-cfdd-c29a-e07c-a08a83740b23"}} -{"bro_timestamp":1505325728512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","uid":"CUrRne3iLIxXavQtci","trans_depth":241,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:241 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671593.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"node1","adapter:geo adapter:end:ts":"1492671594638","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671594645","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325728512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"fd436051-cfdd-c29a-e07c-a08a83740b23","response_body_len":0} +{"bro_timestamp":1505325728512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","uid":"CUrRne3iLIxXavQtci","trans_depth":241,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:241 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671593.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"node1","adapter:geo adapter:end:ts":"1492671594638","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671594645","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","uri":"/api/v1/clusters/metron_cluster/requests?to=end&page_size=10&fields=Requests&_=1484169388617","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671594644","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"fd436051-cfdd-c29a-e07c-a08a83740b23","response_body_len":0} {"create": { "_id": "d41c8e3b-0b86-9084-2f6a-82db51a337fe"}} {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325729512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594649","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"C5DBCB4BP3zJovMQlf","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"HTTP | id.orig_p:49204 status_code:200 method:POST request_body_len:110 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9 tags:[] uid:C5DBCB4BP3zJovMQlf resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FMZdAx3UlrSOgAQdsj\"] host:comarksecurity.com status_msg:OK id .orig_h:192.168.138.158 response_body_len:14 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:72.34.49.86 resp_fuids:[\"FtEGkz1CUNMfkJKrZh\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671594637","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FtEGkz1CUNMfkJKrZh"],"timestamp":1505325729512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":110,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_add r:postalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671594637","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?u=ka6nnuvccqlw9","tags":[],"orig_fuids":["FMZdAx3UlrSOgAQdsj"],"ip_src_port":49204,"threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","status_msg":"OK","guid":"d41c8e3b-0b86-9084-2f6a-82db51a337fe","enrichments:geo:ip_dst_addr:country":"US","response_body_len":14} {"create": { "_id": "777d9c8c-4c97-08bd-09ba-66e9366cccd5"}} -{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325730512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594649","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","trans_id":18350,"adapter:geoadapter:begin:ts":"1492671594638","uid":"CLv9mm30dHjZkUTCSl","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:60078 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:18350 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CLv9mm30dHjZkUTCSl RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts ":"1492671594638","Z":0,"adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","qclass":1,"timestamp":1505325730512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594635","query":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":60078,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"777d9c8c-4c97-08bd-09ba-66e9366cccd5"} +{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325730512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594649","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","trans_id":18350,"adapter:geoadapter:begin:ts":"1492671594638","uid":"CLv9mm30dHjZkUTCSl","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594647","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:60078 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:18350 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CLv9mm30dHjZkUTCSl RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts ":"1492671594638","Z":0,"adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594645","qclass":1,"timestamp":1505363380000,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594635","query":"va872g.g90e1h.b8.642b63u.j985a2.v33e.37.pa269cc.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":60078,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594645","adapter:threatinteladapter:begin:ts":"1492671594647","guid":"777d9c8c-4c97-08bd-09ba-66e9366cccd5"} {"create": { "_id": "0e99ba49-46a8-8efe-098f-15456c107bc9"}} {"bro_timestamp":1505325731512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594650","enrichmentsplitterbolt:splitter:begin:ts":"1492671594635","enrichmentjoinbolt:joiner:ts":"1492671594643","adapter:geoadapter:begin:ts":"1492671594638","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"CrRM6qLedsBZ3P0d8","resp_mime_types":["image/x-icon"],"trans_depth":2,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594648","original_string":"HTTP | id.orig_p:49207 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/favicon.ico tags:[] uid:CrRM6qLedsBZ3P0d8 resp_mime_types:[\"image\\/x-icon\"] trans_depth:2 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:318 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30 729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FlDlsY39iNQUeDK2Dj\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594638","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594638","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594646","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FlDlsY39iNQUeDK2Dj"],"timestamp":1505325731512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594635","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594638","uri":"/favicon.ico","tags":[],"ip_src_port":49207,"threatintelsplitterbolt:splitter:begin:ts":"1492671594646","adapter:threatinteladapter:begin:ts":"1492671594648","status_msg":"OK","guid":"0 e99ba49-46a8-8efe-098f-15456c107bc9","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":318} {"create": { "_id": "e9a942f0-9410-a2ef-79d3-297448ca7a9a"}} @@ -323,13 +323,13 @@ {"create": { "_id": "cadf2f10-468c-2ad9-625c-39dce0668ea0"}} {"bro_timestamp":1505325733512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"55.7386,37.6068","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"55.7386","uid":"Cxo2i52HmVbQpiKMQ4","resp_mime_types":["image/png"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49209 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/img/flags/de.png tags:[] uid:Cxo2i52HmVbQpiKMQ4 referrer:http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg resp_mime_types:[\"image\\/png\"] trans_depth:1 host:7oqnsnzwwnm6zb7y.gigapaysun.com status_msg:OK id.orig_h:192.168.138.158 response_body_len:534 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2 ; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671593.0 id.resp_h:95.163.121.204 resp_fuids:[\"FPOfpJ1mfdIRvALw8j\"]","ip_dst_addr":"95.163.121.204","adapter:hostfromjsonlistadapter:end:ts":"1492671594643","host":"7oqnsnzwwnm6zb7y.gigapaysun.com","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"37.6068","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FPOfpJ1mfdIRvALw8j"],"timestamp":1505325733512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594643","uri":"/img/flags/de.png","tags":[],"referrer":"http://7oqnsnzwwnm6zb7y.gigapaysun.com/11iQmfg","ip_src_port":49209,"threatintelsplitte rbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid":"cadf2f10-468c-2ad9-625c-39dce0668ea0","enrichments:geo:ip_dst_addr:country":"RU","response_body_len":534} {"create": { "_id": "becc5966-68a2-e67d-3493-b7bc9514e3c9"}} -{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325734512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CydFJ34ePzeFrkKCMc","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CydFJ34ePzeFrkKCMc trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6. 0) ts:1492671593.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671594644","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505325734512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671594644","uri":"/?d71e0bd86db9587158745a986a4b3606","tags":[],"ip_src_port":49192,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid" :"becc5966-68a2-e67d-3493-b7bc9514e3c9","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} +{"enrichments:geo:ip_dst_addr:locID":"2973783","bro_timestamp":1505325734512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"48.5839,7.7455","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671594654","enrichmentsplitterbolt:splitter:begin:ts":"1492671594639","enrichmentjoinbolt:joiner:ts":"1492671594646","adapter:geoadapter:begin:ts":"1492671594643","enrichments:geo:ip_dst_addr:latitude":"48.5839","uid":"CydFJ34ePzeFrkKCMc","trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594650","original_string":"HTTP | id.orig_p:49192 status_code:200 method:GET request_body_len:0 id.resp_p:80 uri:/?d71e0bd86db9587158745a986a4b3606 tags:[] uid:CydFJ34ePzeFrkKCMc trans_depth:1 host:62.75.195.236 status_msg:OK id.orig_h:192.168.138.158 response_body_len:0 user_agent:Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6. 0) ts:1492671593.0 id.resp_h:62.75.195.236","ip_dst_addr":"62.75.195.236","adapter:hostfromjsonlistadapter:end:ts":"1492671594644","host":"62.75.195.236","adapter:geoadapter:end:ts":"1492671594643","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594648","enrichments:geo:ip_dst_addr:longitude":"7.7455","user_agent":"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671594639","request_body_len":0,"enrichments:geo:ip_dst_addr:city":"Strasbourg","enrichments:geo:ip_dst_addr:postalCode":"67100","adapter:hostfromjsonlistadapter:begin:ts":"1492671594644","uri":"/?d71e0bd86db9587158745a986a4b3606","tags":[],"ip_src_port":49192,"threatintelsplitterbolt:splitter:begin:ts":"1492671594648","adapter:threatinteladapter:begin:ts":"1492671594650","status_msg":"OK","guid" :"becc5966-68a2-e67d-3493-b7bc9514e3c9","enrichments:geo:ip_dst_addr:country":"FR","response_body_len":0} {"create": { "_id": "4d864bb0-0cb1-4005-f707-c62f7b0e7264"}} -{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325735512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594671","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594655","enrichmentjoinbolt:joiner:ts":"1492671594661","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671594657","uid":"CgJVs33o5YodJJYQyk","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594667","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CgJVs33o5YodJJYQyk RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts" :"1492671594657","Z":0,"adapter:geoadapter:end:ts":"1492671594657","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594664","qclass":1,"timestamp":1505325735512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594655","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594657","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594664","adapter:threatinteladapter:begin:ts":"1492671594667","guid":"4d864bb0-0cb1-4005-f707-c62f7b0e7264"} +{"TTLs":[29],"qclass_name":"C_INTERNET","bro_timestamp":1505325735512,"qtype_name":"A","ip_dst_port":53,"threatinteljoinbolt:joiner:ts":"1492671594671","qtype":1,"rejected":false,"answers":["62.75.195.236"],"enrichmentsplitterbolt:splitter:begin:ts":"1492671594655","enrichmentjoinbolt:joiner:ts":"1492671594661","trans_id":27248,"adapter:geoadapter:begin:ts":"1492671594657","uid":"CgJVs33o5YodJJYQyk","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671594667","original_string":"DNS | AA:false TTLs:[29.0] qclass_name:C_INTERNET id.orig_p:65315 qtype_name:A qtype:1 rejected:false id.resp_p:53 query:ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in answers:[\"62.75.195.236\"] trans_id:27248 rcode:0 rcode_name:NOERROR TC:false RA:true uid:CgJVs33o5YodJJYQyk RD:true proto:udp id.orig_h:192.168.138.158 Z:0 qclass:1 ts:1492671593.0 id.resp_h:192.168.138.2","ip_dst_addr":"192.168.138.2","adapter:hostfromjsonlistadapter:end:ts" :"1492671594657","Z":0,"adapter:geoadapter:end:ts":"1492671594657","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671594664","qclass":1,"timestamp":1505363380000,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671594655","query":"ubb67.3c147o.u806a4.w07d919.o5f.f1.b80w.r0faf9.e8mfzdgrf7g0.groupprograms.in","rcode":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671594657","rcode_name":"NOERROR","TC":false,"RA":true,"RD":true,"ip_src_port":65315,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671594664","adapter:threatinteladapter:begin:ts":"1492671594667","guid":"4d864bb0-0cb1-4005-f707-c62f7b0e7264"} {"create": { "_id": "4c732cb0-05cc-bdb4-9898-886a93129aba"}} {"enrichments:geo:ip_dst_addr:locID":"5368361","bro_timestamp":1505325736512,"status_code":200,"enrichments:geo:ip_dst_addr:location_point":"34.0494,-118.2641","ip_dst_port":80,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichments:geo:ip_dst_addr:dmaCode":"803","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","enrichments:geo:ip_dst_addr:latitude":"34.0494","uid":"CvI6xrY2n5mRaFjFa","resp_mime_types":["text/plain"],"trans_depth":1,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:49200 status_code:200 method:POST request_body_len:96 id.resp_p:80 orig_mime_types:[\"text\\/plain\"] uri:/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42 tags:[] uid:CvI6xrY2n5mRaFjFa resp_mime_types:[\"text\\/plain\"] trans_depth:1 orig_fuids:[\"FE73U6RnooUIz1k3l\"] host:comarksecurity.com status_msg:OK id.o rig_h:192.168.138.158 response_body_len:996 user_agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) ts:1492671596.0 id.resp_h:72.34.49.86 resp_fuids:[\"FbCMi2mD3uLfGjK7j\"]","ip_dst_addr":"72.34.49.86","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","host":"comarksecurity.com","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.138.158","threatintelsplitterbolt:splitter:end:ts":"1492671598098","enrichments:geo:ip_dst_addr:longitude":"-118.2641","user_agent":"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)","resp_fuids":["FbCMi2mD3uLfGjK7j"],"timestamp":1505325736512,"method":"POST","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":96,"enrichments:geo:ip_dst_addr:city":"Los Angeles","enrichments:geo:ip_dst_addr:po stalCode":"90014","adapter:hostfromjsonlistadapter:begin:ts":"1492671598092","orig_mime_types":["text/plain"],"uri":"/wp-content/themes/grizzly/img5.php?t=8r1gf1b2t1kuq42","tags":[],"orig_fuids":["FE73U6RnooUIz1k3l"],"ip_src_port":49200,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","status_msg":"OK","guid":"4c732cb0-05cc-bdb4-9898-886a93129aba","enrichments:geo:ip_dst_addr:country":"US","response_body_len":996} {"create": { "_id": "cb6a4983-48ac-4c00-2f44-9d1bd9b50575"}} -{"bro_timestamp":1505325737512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","uid":"CUrRne3iLIxXavQtci","trans_depth":118,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:118 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671596.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:en d:ts":"1492671598093","host":"node1","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505325737512,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"cb6a4983-48ac-4c00-2f44-9d1bd9b50575","response_body_len":0} +{"bro_timestamp":1505325737512,"ip_dst_port":8080,"threatinteljoinbolt:joiner:ts":"1492671598104","enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","adapter:geoadapter:begin:ts":"1492671598093","uid":"CUrRne3iLIxXavQtci","trans_depth":118,"protocol":"http","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"HTTP | id.orig_p:50451 method:GET request_body_len:0 id.resp_p:8080 uri:/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631 tags:[] uid:CUrRne3iLIxXavQtci referrer:http://node1:8080/ trans_depth:118 host:node1 id.orig_h:192.168.66.1 response_body_len:0 user_agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36 ts:1492671596.0 id.resp_h:192.168.66.121","ip_dst_addr":"192.168.66.121","adapter:hostfromjsonlistadapter:en d:ts":"1492671598093","host":"node1","adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36","timestamp":1505363380000,"method":"GET","enrichmentsplitterbolt:splitter:end:ts":"1492671598090","request_body_len":0,"adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","uri":"/api/v1/clusters/metron_cluster?fields=Clusters/health_report,Clusters/total_hosts,alerts_summary_hosts&minimal_response=true&_=1484168774631","tags":[],"referrer":"http://node1:8080/","ip_src_port":50451,"threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"cb6a4983-48ac-4c00-2f44-9d1bd9b50575","response_body_len":0} {"create": { "_id": "a5e95569-a9ee-c024-ace7-7d0e2613b29a"}} {"qclass_name":"C_INTERNET","bro_timestamp":1505325738512,"qtype_name":"PTR","ip_dst_port":5353,"threatinteljoinbolt:joiner:ts":"1492671598104","qtype":12,"rejected":false,"enrichmentsplitterbolt:splitter:begin:ts":"1492671598090","enrichmentjoinbolt:joiner:ts":"1492671598095","trans_id":0,"adapter:geoadapter:begin:ts":"1492671598093","uid":"Cx7bil4EcuyIC1pVvb","protocol":"dns","source:type":"alerts_ui_e2e","adapter:threatinteladapter:end:ts":"1492671598101","original_string":"DNS | AA:false qclass_name:C_INTERNET id.orig_p:5353 qtype_name:PTR qtype:12 rejected:false id.resp_p:5353 query:_googlecast._tcp.local trans_id:0 TC:false RA:false uid:Cx7bil4EcuyIC1pVvb RD:false proto:udp id.orig_h:192.168.66.1 Z:0 qclass:1 ts:1492671596.0 id.resp_h:224.0.0.251","ip_dst_addr":"224.0.0.251","adapter:hostfromjsonlistadapter:end:ts":"1492671598093","Z":0,"adapter:geoadapter:end:ts":"1492671598093","ip_src_addr":"192.168.66.1","threatintelsplitterbolt:splitter:end:ts":"1492671598098","qclass":1, "timestamp":1505325738512,"AA":false,"enrichmentsplitterbolt:splitter:end:ts":"1492671598090","query":"_googlecast._tcp.local","adapter:hostfromjsonlistadapter:begin:ts":"1492671598093","TC":false,"RA":false,"RD":false,"ip_src_port":5353,"proto":"udp","threatintelsplitterbolt:splitter:begin:ts":"1492671598098","adapter:threatinteladapter:begin:ts":"1492671598101","guid":"a5e95569-a9ee-c024-ace7-7d0e2613b29a"} {"create": { "_id": "fa91598f-51b2-2b60-11f2-6fbabc162b7e"}}
http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/package.json ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/package.json b/metron-interface/metron-alerts/package.json index bc2c726..1be70f3 100644 --- a/metron-interface/metron-alerts/package.json +++ b/metron-interface/metron-alerts/package.json @@ -21,12 +21,14 @@ "@angular/platform-browser": "^4.0.0", "@angular/platform-browser-dynamic": "^4.0.0", "@angular/router": "^4.0.0", + "@types/moment": "^2.13.0", "ace-builds": "^1.2.6", "bootstrap": "4.0.0-alpha.6", "core-js": "^2.4.1", "font-awesome": "^4.7.0", - "ng2-dragula": "^1.5.0", "moment": "^2.18.1", + "pikaday-time": "^1.6.1", + "ng2-dragula": "^1.5.0", "rxjs": "^5.1.0", "web-animations-js": "^2.2.2", "zone.js": "^0.8.4" @@ -38,6 +40,7 @@ "@types/jasmine": "2.5.38", "@types/moment": "^2.13.0", "@types/node": "~6.0.60", + "@types/pikaday-time": "^1.4.2", "codelyzer": "~2.0.0", "compression": "1.6.2", "elementor": "^2.1.0", http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/_variables.scss ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/_variables.scss b/metron-interface/metron-alerts/src/_variables.scss index 44ed9f6..21cdfdf 100644 --- a/metron-interface/metron-alerts/src/_variables.scss +++ b/metron-interface/metron-alerts/src/_variables.scss @@ -49,6 +49,7 @@ $mine-shaft-7: #2C2C2C; $mine-shaft-8: #353535; $mine-shaft-9: #2B2B2B; $mine-shaft-10: #303030; +$mine-shaft-11: #3A3A3A; $dove-grey: #737373; $tundora: #4D4D4D; $tundora-1: #404040; @@ -86,6 +87,7 @@ $eastern-blue: #1F91BE; $mantis: #80BF4D; $sky-blue: #75D2ED; $outer-space: #2E3A3F; +$abbey: #58595B; $white: #FFFFFF; $iron: #D1D3D4; $rolling-stone: #808285; @@ -110,6 +112,27 @@ $nav-content-nav-width: 200px; $login-label: #606060; $black: #000000; + +//Pikaday +$pd-text-color: #999999; +$pd-title-color: #999999; +$pd-title-bg: #3D3D3D; +$pd-picker-bg: #3D3D3D; +$pd-picker-border: #4D4D4D; +$pd-picker-border-bottom: #353535; +$pd-picker-shadow: rgba(0,0,0,.5); +$pd-th-color: #999; +$pd-day-color: #999999; +$pd-day-bg: #2D2D2D; +$pd-day-hover-color: #FDFEFE; +$pd-day-hover-bg: #1F91BE; +$pd-day-today-color: #FFFFFF; +$pd-day-selected-color: #1E87AF; +$pd-day-selected-bg: tranparent; +$pd-day-selected-shadow: tranparent; +$pd-day-disabled-color: #999; +$pd-week-color: #999; + @mixin place-holder-text { font-family: Roboto; http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html index bcecef3..63b4e41 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.html @@ -24,6 +24,9 @@ <button class="btn btn-secondary btn-search-clear" type="button" (click)="onClear()"></button> </span> <span class="input-group-btn"> + <app-time-range (timeRangeChange)="onTimeRangeChange($event)" [disabled]="timeStampfilterPresent" [selectedTimeRange]="selectedTimeRange"> </app-time-range> + </span> + <span class="input-group-btn"> <button class="btn btn-secondary btn-search" type="button" (click)="onSearch(alertSearchDirective.getSeacrhText())"></button> </span> </div> http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss index a803df0..01b8f9a 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.scss @@ -66,7 +66,7 @@ $searchbox-height: 42px; .btn-saved-searches { font-size: 15px; - + font-family: Roboto; background: $mine-shaft-5; border: 1px solid $tundora; color: $silver-chalice; @@ -86,7 +86,7 @@ $searchbox-height: 42px; .btn-search-clear { border-top: 1px solid $tundora; border-bottom: 1px solid $tundora; - border-right: 1px solid $blue-chill; + border-right: 1px solid $tundora; background: $mine-shaft-1; border-left: none; padding: 0px 5px 0px 0px; http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts index 06d3fb2..228c4f7 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.component.ts @@ -35,8 +35,9 @@ import {MetronDialogBox, DialogType} from '../../shared/metron-dialog-box'; import {AlertSearchDirective} from '../../shared/directives/alert-search.directive'; import {SearchResponse} from '../../model/search-response'; import {ElasticsearchUtils} from '../../utils/elasticsearch-utils'; -import {TableViewComponent} from './table-view/table-view.component'; import {Filter} from '../../model/filter'; +import {THREAT_SCORE_FIELD_NAME, TIMESTAMP_FIELD_NAME, ALL_TIME} from '../../utils/constants'; +import {TableViewComponent} from './table-view/table-view.component'; import {Pagination} from '../../model/pagination'; import {PatchRequest} from '../../model/patch-request'; @@ -58,7 +59,9 @@ export class AlertsListComponent implements OnInit, OnDestroy { refreshTimer: Subscription; pauseRefresh = false; lastPauseRefreshValue = false; - threatScoreFieldName = 'threat:triage:score'; + timeStampfilterPresent = false; + selectedTimeRange = new Filter(TIMESTAMP_FIELD_NAME, ALL_TIME, false); + threatScoreFieldName = THREAT_SCORE_FIELD_NAME; @ViewChild('table') table: ElementRef; @ViewChild('dataViewComponent') dataViewComponent: TableViewComponent; @@ -104,12 +107,23 @@ export class AlertsListComponent implements OnInit, OnDestroy { let queryBuilder = new QueryBuilder(); queryBuilder.setGroupby(this.queryBuilder.groupRequest.groups.map(group => group.field)); queryBuilder.searchRequest = savedSearch.searchRequest; + queryBuilder.filters = savedSearch.filters; this.queryBuilder = queryBuilder; + this.setSelectedTimeRange(savedSearch.filters); this.prepareColumnData(savedSearch.tableColumns, []); + this.timeStampfilterPresent = this.queryBuilder.isTimeStampFieldPresent(); this.search(true, savedSearch); }); } + setSelectedTimeRange(filters: Filter[]) { + filters.forEach(filter => { + if (filter.field === TIMESTAMP_FIELD_NAME && filter.dateFilterValue) { + this.selectedTimeRange = JSON.parse(JSON.stringify(filter)); + } + }); + } + calcColumnsToDisplay() { let availableWidth = document.documentElement.clientWidth - (200 + (15 * 4)); /* screenwidth - (navPaneWidth + (paddings))*/ availableWidth = availableWidth - (55 + 25 + 25); /* availableWidth - (score + colunSelectIcon +selectCheckbox )*/ @@ -157,14 +171,16 @@ export class AlertsListComponent implements OnInit, OnDestroy { } onClear() { - this.queryBuilder.displayQuery = ''; + this.timeStampfilterPresent = false; + this.queryBuilder.clearSearch(); + this.selectedTimeRange = new Filter(TIMESTAMP_FIELD_NAME, ALL_TIME, false); this.search(); } onSearch($event) { - this.queryBuilder.displayQuery = $event; + this.queryBuilder.setSearch($event); + this.timeStampfilterPresent = this.queryBuilder.isTimeStampFieldPresent(); this.search(); - return false; } @@ -186,6 +202,7 @@ export class AlertsListComponent implements OnInit, OnDestroy { } onAddFilter(filter: Filter) { + this.timeStampfilterPresent = (filter.field === TIMESTAMP_FIELD_NAME); this.queryBuilder.addOrUpdateFilter(filter); this.search(); } @@ -214,6 +231,16 @@ export class AlertsListComponent implements OnInit, OnDestroy { this.colNumberTimerId = setTimeout(() => { this.calcColumnsToDisplay(); }, 500); } + onTimeRangeChange(filter: Filter) { + if (filter.value === ALL_TIME) { + this.queryBuilder.removeFilter(filter.field); + } else { + this.queryBuilder.addOrUpdateFilter(filter); + } + + this.search(); + } + prepareColumnData(configuredColumns: ColumnMetadata[], defaultColumns: ColumnMetadata[]) { this.alertsColumns = (configuredColumns && configuredColumns.length > 0) ? configuredColumns : defaultColumns; this.queryBuilder.setFields(this.getColumnNamesForQuery()); @@ -255,6 +282,7 @@ export class AlertsListComponent implements OnInit, OnDestroy { } removeFilter(field: string) { + this.timeStampfilterPresent = (field === TIMESTAMP_FIELD_NAME) ? false : this.timeStampfilterPresent; this.queryBuilder.removeFilter(field); this.search(); } @@ -301,7 +329,9 @@ export class AlertsListComponent implements OnInit, OnDestroy { savedSearch = new SaveSearch(); savedSearch.searchRequest = this.queryBuilder.searchRequest; savedSearch.tableColumns = this.alertsColumns; - savedSearch.name = savedSearch.getDisplayString(); + savedSearch.filters = this.queryBuilder.filters; + savedSearch.searchRequest.query = ''; + savedSearch.name = this.queryBuilder.generateNameForSearchRequest(); } this.saveSearchService.saveAsRecentSearches(savedSearch).subscribe(() => { @@ -314,6 +344,7 @@ export class AlertsListComponent implements OnInit, OnDestroy { this.searchResponse = results; this.pagination.total = results.total; this.alerts = results.results ? results.results : []; + this.setSelectedTimeRange(this.queryBuilder.filters); } showConfigureTable() { @@ -358,7 +389,7 @@ export class AlertsListComponent implements OnInit, OnDestroy { tryStartPolling() { if (!this.pauseRefresh) { this.tryStopPolling(); - this.refreshTimer = this.searchService.pollSearch(this.queryBuilder.searchRequest).subscribe(results => { + this.refreshTimer = this.searchService.pollSearch(this.queryBuilder).subscribe(results => { this.setData(results); }); } http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts index 27b7e2e..6e0dd2a 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/alerts-list.module.ts @@ -27,6 +27,7 @@ import {ListGroupModule} from '../../shared/list-group/list-grup.module'; import {CollapseModule} from '../../shared/collapse/collapse.module'; import {MetronTablePaginationModule} from '../../shared/metron-table/metron-table-pagination/metron-table-pagination.module'; import {ConfigureRowsModule} from '../configure-rows/configure-rows.module'; +import {TimeRangeModule} from '../../shared/time-range/time-range.module'; import {GroupByModule} from '../../shared/group-by/group-by.module'; import {AlertFiltersComponent} from './alert-filters/alert-filters.component'; import {TableViewComponent} from './table-view/table-view.component'; @@ -34,7 +35,7 @@ import {TreeViewComponent} from './tree-view/tree-view.component'; @NgModule({ imports: [routing, SharedModule, ConfigureRowsModule, MetronSorterModule, MetronTablePaginationModule, - ListGroupModule, CollapseModule, GroupByModule], + ListGroupModule, CollapseModule, GroupByModule, TimeRangeModule], exports: [AlertsListComponent], declarations: [AlertsListComponent, TableViewComponent, TreeViewComponent, AlertFiltersComponent], providers: [DecimalPipe, SearchService] http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts index 863e127..e9f96eb 100644 --- a/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts +++ b/metron-interface/metron-alerts/src/app/alerts/alerts-list/query-builder.ts @@ -19,6 +19,7 @@ import {Filter} from '../../model/filter'; import {ColumnNamesService} from '../../service/column-names.service'; import {SearchRequest} from '../../model/search-request'; import {SortField} from '../../model/sort-field'; +import {TIMESTAMP_FIELD_NAME} from '../../utils/constants'; import {GroupRequest} from '../../model/group-request'; import {Group} from '../../model/group'; @@ -29,27 +30,20 @@ export class QueryBuilder { private _displayQuery = this._query; private _filters: Filter[] = []; - set query(value: string) { - value = value.replace(/\\:/g, ':'); - this._query = value; - this.updateFilters(this._query, false); - this.onSearchChange(); - } - get query(): string { return this._query; } - set displayQuery(value: string) { - this._displayQuery = value; - this.updateFilters(this._displayQuery, true); - this.onSearchChange(); - } - get displayQuery(): string { return this._displayQuery; } + set filters(filters: Filter[]) { + filters.forEach(filter => { + this.addOrUpdateFilter(filter) + }); + } + get filters(): Filter[] { return this._filters; } @@ -62,7 +56,7 @@ export class QueryBuilder { set searchRequest(value: SearchRequest) { this._searchRequest = value; - this.query = this._searchRequest.query; + this.setSearch(this._searchRequest.query); } get groupRequest(): GroupRequest { @@ -70,10 +64,28 @@ export class QueryBuilder { return this._groupRequest; } + setSearch(query: string) { + this.updateFilters(query, true); + this.onSearchChange(); + } + + clearSearch() { + this._filters = []; + this.onSearchChange(); + } + addOrUpdateFilter(filter: Filter) { - let existingFilter = this._filters.find(tFilter => tFilter.field === filter.field); + let existingFilterIndex = -1; + let existingFilter = this._filters.find((tFilter, index) => { + if (tFilter.field === filter.field) { + existingFilterIndex = index; + return true; + } + return false; + }); + if (existingFilter) { - existingFilter.value = filter.value; + this._filters.splice(existingFilterIndex, 1, filter); } else { this._filters.push(filter); } @@ -82,22 +94,33 @@ export class QueryBuilder { } generateSelect() { - let select = this._filters.map(filter => { - return filter.field.replace(/:/g, '\\:') + - ':' + - String(filter.value) - .replace(/[\*\+\-=~><\"\?^\${}\(\)\:\!\/[\]\\\s]/g, '\\$&') // replace single special characters - .replace(/\|\|/g, '\\||') // replace || - .replace(/\&\&/g, '\\&&'); // replace && - }).join(' AND '); + let select = this._filters.map(filter => filter.getQueryString()).join(' AND '); return (select.length === 0) ? '*' : select; } - generateSelectForDisplay() { + generateNameForSearchRequest() { let select = this._filters.map(filter => ColumnNamesService.getColumnDisplayValue(filter.field) + ':' + filter.value).join(' AND '); return (select.length === 0) ? '*' : select; } + generateSelectForDisplay() { + let appliedFilters = []; + this._filters.reduce((appliedFilters, filter) => { + if (filter.display) { + appliedFilters.push(ColumnNamesService.getColumnDisplayValue(filter.field) + ':' + filter.value); + } + + return appliedFilters; + }, appliedFilters); + + let select = appliedFilters.join(' AND '); + return (select.length === 0) ? '*' : select; + } + + isTimeStampFieldPresent(): boolean { + return this._filters.some(filter => (filter.field === TIMESTAMP_FIELD_NAME && !isNaN(Number(filter.value)))); + } + onSearchChange() { this._query = this.generateSelect(); this._displayQuery = this.generateSelectForDisplay(); @@ -133,7 +156,7 @@ export class QueryBuilder { private updateFilters(tQuery: string, updateNameTransform = false) { let query = tQuery; - this._filters = []; + this.removeDisplayedFilters(); if (query && query !== '' && query !== '*') { let terms = query.split(' AND '); @@ -146,4 +169,12 @@ export class QueryBuilder { } } } + + private removeDisplayedFilters() { + for (let i = this._filters.length-1; i >= 0; i--) { + if (this._filters[i].display) { + this._filters.splice(i, 1); + } + } + } } http://git-wip-us.apache.org/repos/asf/metron/blob/5243366c/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts b/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts index d3bd9da..b27da3a 100644 --- a/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts +++ b/metron-interface/metron-alerts/src/app/alerts/save-search/save-search.component.ts @@ -47,7 +47,9 @@ export class SaveSearchComponent implements OnInit { save() { this.saveSearch.searchRequest = this.saveSearchService.queryBuilder.searchRequest; this.saveSearch.tableColumns = this.saveSearchService.tableColumns; - + this.saveSearch.filters = this.saveSearchService.queryBuilder.filters; + this.saveSearch.searchRequest.query = ''; + this.saveSearchService.saveSearch(this.saveSearch).subscribe(() => { this.goBack(); }, error => {
