Created
October 9, 2015 05:46
-
-
Save jasonish/93abb7ac320040de94fe to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "dnp3": { | |
| "response": { | |
| "iin": { | |
| "indicators": [] | |
| }, | |
| "application": { | |
| "complete": false, | |
| "objects": [ | |
| { | |
| "items": [ | |
| { | |
| "state": 0, | |
| "reserved": 0, | |
| "prefix": 0, | |
| "index": 0, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "reserved": 0, | |
| "prefix": 0, | |
| "index": 1, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "reserved": 0, | |
| "prefix": 0, | |
| "index": 2, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "reserved": 0, | |
| "prefix": 0, | |
| "index": 3, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "reserved": 0, | |
| "prefix": 0, | |
| "index": 4, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "reserved": 0, | |
| "prefix": 0, | |
| "index": 5, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "reserved": 0, | |
| "prefix": 0, | |
| "index": 6, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "reserved": 0, | |
| "prefix": 0, | |
| "index": 7, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "reserved": 0, | |
| "prefix": 0, | |
| "index": 8, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "reserved": 0, | |
| "prefix": 0, | |
| "index": 9, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| } | |
| ], | |
| "group": 1, | |
| "variation": 2, | |
| "qualifier": 0, | |
| "prefix_code": 0, | |
| "range_code": 0, | |
| "start": 0, | |
| "stop": 9, | |
| "count": 10 | |
| }, | |
| { | |
| "items": [ | |
| { | |
| "state": 0, | |
| "prefix": 0, | |
| "index": 0, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "prefix": 0, | |
| "index": 1, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "prefix": 0, | |
| "index": 2, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "prefix": 0, | |
| "index": 3, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "prefix": 0, | |
| "index": 4, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "prefix": 0, | |
| "index": 5, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "prefix": 0, | |
| "index": 6, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "prefix": 0, | |
| "index": 7, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "prefix": 0, | |
| "index": 8, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| }, | |
| { | |
| "state": 0, | |
| "prefix": 0, | |
| "index": 9, | |
| "online": 0, | |
| "restart": 1, | |
| "comm_lost": 0, | |
| "remote_forced": 0, | |
| "local_forced": 0, | |
| "chatter_filter": 0 | |
| } | |
| ], | |
| "group": 3, | |
| "variation": 2, | |
| "qualifier": 0, | |
| "prefix_code": 0, | |
| "range_code": 0, | |
| "start": 0, | |
| "stop": 9, | |
| "count": 10 | |
| }, | |
| { | |
| "count": 10, | |
| "stop": 9, | |
| "start": 0, | |
| "range_code": 0, | |
| "prefix_code": 0, | |
| "qualifier": 0, | |
| "variation": 1, | |
| "group": 20 | |
| } | |
| ], | |
| "function_code": 129, | |
| "control": { | |
| "sequence": 2, | |
| "uns": false, | |
| "con": false, | |
| "fin": true, | |
| "fir": true | |
| } | |
| }, | |
| "dst": 1, | |
| "src": 10, | |
| "control": { | |
| "function_code": 4, | |
| "fcv": false, | |
| "fcb": false, | |
| "pri": true, | |
| "dir": false | |
| }, | |
| "type": "response" | |
| }, | |
| "request": { | |
| "application": { | |
| "complete": true, | |
| "objects": [ | |
| { | |
| "count": 0, | |
| "stop": 0, | |
| "start": 0, | |
| "range_code": 6, | |
| "prefix_code": 0, | |
| "qualifier": 6, | |
| "variation": 2, | |
| "group": 60 | |
| }, | |
| { | |
| "count": 0, | |
| "stop": 0, | |
| "start": 0, | |
| "range_code": 6, | |
| "prefix_code": 0, | |
| "qualifier": 6, | |
| "variation": 3, | |
| "group": 60 | |
| }, | |
| { | |
| "count": 0, | |
| "stop": 0, | |
| "start": 0, | |
| "range_code": 6, | |
| "prefix_code": 0, | |
| "qualifier": 6, | |
| "variation": 4, | |
| "group": 60 | |
| }, | |
| { | |
| "count": 0, | |
| "stop": 0, | |
| "start": 0, | |
| "range_code": 6, | |
| "prefix_code": 0, | |
| "qualifier": 6, | |
| "variation": 1, | |
| "group": 60 | |
| } | |
| ], | |
| "function_code": 1, | |
| "control": { | |
| "sequence": 2, | |
| "uns": false, | |
| "con": false, | |
| "fin": true, | |
| "fir": true | |
| } | |
| }, | |
| "dst": 10, | |
| "src": 1, | |
| "control": { | |
| "function_code": 4, | |
| "fcv": false, | |
| "fcb": false, | |
| "pri": true, | |
| "dir": true | |
| }, | |
| "type": "request" | |
| } | |
| }, | |
| "alert": { | |
| "severity": 3, | |
| "category": "", | |
| "signature": "SURICATA DNP3 Unknown object", | |
| "rev": 1, | |
| "signature_id": 2270004, | |
| "gid": 1, | |
| "action": "allowed" | |
| }, | |
| "tx_id": 3, | |
| "proto": "TCP", | |
| "timestamp": "2015-07-14T11:45:56.361312-0600", | |
| "flow_id": 106790066891968, | |
| "pcap_cnt": 21, | |
| "event_type": "alert", | |
| "src_ip": "127.0.0.1", | |
| "src_port": 20000, | |
| "dest_ip": "127.0.0.1", | |
| "dest_port": 59602 | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment