jasonish · August 15, 2016 19:46
diff --git a/eve.json b/eve.json
 {
  "_index": "logstash-2016.08.15",
  "_type": "log",
  "_id": "AVaPvH6ai0XQWusMHN2I",
  "_score": null,
  "_source": {
    "timestamp": "2016-08-15T13:45:04.231416-0600",
    "flow_id": 405580725,
    "in_iface": "eth1",
    "event_type": "alert",
    "src_ip": "10.16.1.11",
    "src_port": 46374,
    "dest_ip": "82.165.177.154",
    "dest_port": 80,
    "proto": "TCP",
    "tx_id": 0,
    "alert": {
      "action": "allowed",
      "gid": 1,
      "signature_id": 2006380,
      "rev": 12,
      "signature": "ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted",
      "category": "Potential Corporate Privacy Violation",
      "severity": 1
    },
    "http": {
      "hostname": "www.testmyids.com",
      "url": "/",
      "http_user_agent": "curl/7.47.1",
      "http_content_type": "text/html",
      "http_method": "GET",
      "protocol": "HTTP/1.1",
      "status": 200,
      "length": 39
    },
    "payload": "R0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy50ZXN0bXlpZHMuY29tDQpBdXRob3JpemF0aW9uOiBCYXNpYyBkWE5sY201aGJXVTZjR0Z6YzNkdmNtUT0NClVzZXItQWdlbnQ6IGN1cmwvNy40Ny4xDQpBY2NlcHQ6ICovKg0KDQo=",
    "payload_printable": "GET / HTTP/1.1\r\nHost: www.testmyids.com\r\nAuthorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=\r\nUser-Agent: curl/7.47.1\r\nAccept: */*\r\n\r\n",
    "stream": 1,
    "packet": "ABUXDQb32MuK7aFGCABFAAA0YfpAAEAGyW8KEAELUqWxmrUmAFCXUDQ71VzoSoAQAO3y4gAAAQEICgW2U5wIedMd",
    "host": "fw",
    "@version": "1",
    "@timestamp": "2016-08-15T19:45:04.231Z",
    "type": "log",
    "fields": {
      "type": "eve"
    },
    "count": 1,
    "beat": {
      "hostname": "fw.unx.ca",
      "name": "fw.unx.ca"
    },
    "source": "/var/log/suricata/eve.json",
    "offset": 147161,
    "input_type": "log",
    "tags": [
      "beats_input_codec_json_applied"
    ],
    "geoip": {
      "ip": "82.165.177.154",
      "country_code2": "DE",
      "country_code3": "DEU",
      "country_name": "Germany",
      "continent_code": "EU",
      "latitude": 51,
      "longitude": 9,
      "timezone": "Europe/Berlin",
      "location": [
        9,
        51
      ],
      "coordinates": [
        9,
        51
      ]
    }
  },
  "sort": [
    1471290304231
  ]
 }
	{
	"_index": "logstash-2016.08.15",
	"_type": "log",
	"_id": "AVaPvH6ai0XQWusMHN2I",
	"_score": null,
	"_source": {
	"timestamp": "2016-08-15T13:45:04.231416-0600",
	"flow_id": 405580725,
	"in_iface": "eth1",
	"event_type": "alert",
	"src_ip": "10.16.1.11",
	"src_port": 46374,
	"dest_ip": "82.165.177.154",
	"dest_port": 80,
	"proto": "TCP",
	"tx_id": 0,
	"alert": {
	"action": "allowed",
	"gid": 1,
	"signature_id": 2006380,
	"rev": 12,
	"signature": "ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted",
	"category": "Potential Corporate Privacy Violation",
	"severity": 1
	},
	"http": {
	"hostname": "www.testmyids.com",
	"url": "/",
	"http_user_agent": "curl/7.47.1",
	"http_content_type": "text/html",
	"http_method": "GET",
	"protocol": "HTTP/1.1",
	"status": 200,
	"length": 39
	},
	"payload": "R0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy50ZXN0bXlpZHMuY29tDQpBdXRob3JpemF0aW9uOiBCYXNpYyBkWE5sY201aGJXVTZjR0Z6YzNkdmNtUT0NClVzZXItQWdlbnQ6IGN1cmwvNy40Ny4xDQpBY2NlcHQ6ICovKg0KDQo=",
	"payload_printable": "GET / HTTP/1.1\r\nHost: www.testmyids.com\r\nAuthorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=\r\nUser-Agent: curl/7.47.1\r\nAccept: /\r\n\r\n",
	"stream": 1,
	"packet": "ABUXDQb32MuK7aFGCABFAAA0YfpAAEAGyW8KEAELUqWxmrUmAFCXUDQ71VzoSoAQAO3y4gAAAQEICgW2U5wIedMd",
	"host": "fw",
	"@version": "1",
	"@timestamp": "2016-08-15T19:45:04.231Z",
	"type": "log",
	"fields": {
	"type": "eve"
	},
	"count": 1,
	"beat": {
	"hostname": "fw.unx.ca",
	"name": "fw.unx.ca"
	},
	"source": "/var/log/suricata/eve.json",
	"offset": 147161,
	"input_type": "log",
	"tags": [
	"beats_input_codec_json_applied"
	],
	"geoip": {
	"ip": "82.165.177.154",
	"country_code2": "DE",
	"country_code3": "DEU",
	"country_name": "Germany",
	"continent_code": "EU",
	"latitude": 51,
	"longitude": 9,
	"timezone": "Europe/Berlin",
	"location": [
	9,
	51
	],
	"coordinates": [
	9,
	51
	]
	}
	},
	"sort": [
	1471290304231
	]
	}