Skip to content

Instantly share code, notes, and snippets.

@jasonish

jasonish/unknown-object.json

Created October 9, 2015 05:46
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jasonish/93abb7ac320040de94fe to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jasonish/93abb7ac320040de94fe to your computer and use it in GitHub Desktop.
Download ZIP
Raw
unknown-object.json
{
"dnp3": {
"response": {
"iin": {
"indicators": []
},
"application": {
"complete": false,
"objects": [
{
"items": [
{
"state": 0,
"reserved": 0,
"prefix": 0,
"index": 0,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"reserved": 0,
"prefix": 0,
"index": 1,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"reserved": 0,
"prefix": 0,
"index": 2,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"reserved": 0,
"prefix": 0,
"index": 3,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"reserved": 0,
"prefix": 0,
"index": 4,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"reserved": 0,
"prefix": 0,
"index": 5,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"reserved": 0,
"prefix": 0,
"index": 6,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"reserved": 0,
"prefix": 0,
"index": 7,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"reserved": 0,
"prefix": 0,
"index": 8,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"reserved": 0,
"prefix": 0,
"index": 9,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
}
],
"group": 1,
"variation": 2,
"qualifier": 0,
"prefix_code": 0,
"range_code": 0,
"start": 0,
"stop": 9,
"count": 10
},
{
"items": [
{
"state": 0,
"prefix": 0,
"index": 0,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"prefix": 0,
"index": 1,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"prefix": 0,
"index": 2,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"prefix": 0,
"index": 3,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"prefix": 0,
"index": 4,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"prefix": 0,
"index": 5,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"prefix": 0,
"index": 6,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"prefix": 0,
"index": 7,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"prefix": 0,
"index": 8,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
},
{
"state": 0,
"prefix": 0,
"index": 9,
"online": 0,
"restart": 1,
"comm_lost": 0,
"remote_forced": 0,
"local_forced": 0,
"chatter_filter": 0
}
],
"group": 3,
"variation": 2,
"qualifier": 0,
"prefix_code": 0,
"range_code": 0,
"start": 0,
"stop": 9,
"count": 10
},
{
"count": 10,
"stop": 9,
"start": 0,
"range_code": 0,
"prefix_code": 0,
"qualifier": 0,
"variation": 1,
"group": 20
}
],
"function_code": 129,
"control": {
"sequence": 2,
"uns": false,
"con": false,
"fin": true,
"fir": true
}
},
"dst": 1,
"src": 10,
"control": {
"function_code": 4,
"fcv": false,
"fcb": false,
"pri": true,
"dir": false
},
"type": "response"
},
"request": {
"application": {
"complete": true,
"objects": [
{
"count": 0,
"stop": 0,
"start": 0,
"range_code": 6,
"prefix_code": 0,
"qualifier": 6,
"variation": 2,
"group": 60
},
{
"count": 0,
"stop": 0,
"start": 0,
"range_code": 6,
"prefix_code": 0,
"qualifier": 6,
"variation": 3,
"group": 60
},
{
"count": 0,
"stop": 0,
"start": 0,
"range_code": 6,
"prefix_code": 0,
"qualifier": 6,
"variation": 4,
"group": 60
},
{
"count": 0,
"stop": 0,
"start": 0,
"range_code": 6,
"prefix_code": 0,
"qualifier": 6,
"variation": 1,
"group": 60
}
],
"function_code": 1,
"control": {
"sequence": 2,
"uns": false,
"con": false,
"fin": true,
"fir": true
}
},
"dst": 10,
"src": 1,
"control": {
"function_code": 4,
"fcv": false,
"fcb": false,
"pri": true,
"dir": true
},
"type": "request"
}
},
"alert": {
"severity": 3,
"category": "",
"signature": "SURICATA DNP3 Unknown object",
"rev": 1,
"signature_id": 2270004,
"gid": 1,
"action": "allowed"
},
"tx_id": 3,
"proto": "TCP",
"timestamp": "2015-07-14T11:45:56.361312-0600",
"flow_id": 106790066891968,
"pcap_cnt": 21,
"event_type": "alert",
"src_ip": "127.0.0.1",
"src_port": 20000,
"dest_ip": "127.0.0.1",
"dest_port": 59602
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment