70 lines
1.7 KiB
Plaintext
70 lines
1.7 KiB
Plaintext
|
|
||
|
{
|
||
|
"Type": 0,
|
||
|
"ExpectMode": 0,
|
||
|
"Whitelisted": false,
|
||
|
"Stage": "",
|
||
|
"Enriched": {
|
||
|
"machine_uuid": "user1_machine1",
|
||
|
"trust_factor": "4",
|
||
|
"user_uuid": "1",
|
||
|
"watcher_ip": "1.2.3.4"
|
||
|
},
|
||
|
"Overflow": {
|
||
|
"MapKey": "7e159c83f45e4cabfe4c2d8653a24ac79506a703",
|
||
|
"scenario": "http_404-scan",
|
||
|
"bucket_id": "morning-sea",
|
||
|
"alert_message": "31.222.187.197 performed 'http_404-scan' (6 events over 2s) at 2020-01-02 15:31:32 +0000 UTC",
|
||
|
"events_count": 6,
|
||
|
"start_at": "2020-01-02T15:31:30Z",
|
||
|
"ban_applications": [
|
||
|
{
|
||
|
"MeasureType": "ban",
|
||
|
"MeasureExtra": "",
|
||
|
"Until": "2020-01-02T19:31:32Z",
|
||
|
"StartIp": 1781924660,
|
||
|
"EndIp": 1781924660,
|
||
|
"IpText": "31.222.187.197",
|
||
|
"Reason": "ban on ip 31.222.187.197",
|
||
|
"Scenario": "",
|
||
|
"SignalOccurenceID": 985
|
||
|
}
|
||
|
],
|
||
|
"stop_at": "2020-01-14T06:44:14Z",
|
||
|
"Source_ip": "31.222.187.197",
|
||
|
"Source_range": "\u003cnil\u003e",
|
||
|
"Source_AutonomousSystemNumber": "0",
|
||
|
"Source_AutonomousSystemOrganization": "",
|
||
|
"Source_Country": "CN",
|
||
|
"Source_Latitude": 39.92890167236328,
|
||
|
"Source_Longitude": 116.38829803466797,
|
||
|
"sources": {
|
||
|
"31.222.187.197": {
|
||
|
"Ip": "31.222.187.197",
|
||
|
"Range": {
|
||
|
"IP": "",
|
||
|
"Mask": null
|
||
|
},
|
||
|
"AutonomousSystemNumber": "0",
|
||
|
"AutonomousSystemOrganization": "",
|
||
|
"Country": "CN",
|
||
|
"Latitude": 39.92890167236328,
|
||
|
"Longitude": 116.38829803466797,
|
||
|
"Flags": null
|
||
|
}
|
||
|
},
|
||
|
"capacity": 5,
|
||
|
"leak_speed": 10000000000,
|
||
|
"Reprocess": true,
|
||
|
"Labels": {
|
||
|
"remediation": "true",
|
||
|
"service": "http",
|
||
|
"type": "scan"
|
||
|
}
|
||
|
},
|
||
|
"Time": "0001-01-01T00:00:00Z",
|
||
|
"StrTime": "",
|
||
|
"MarshaledTime": "",
|
||
|
"Process": true
|
||
|
}
|
||
|
|