From 18aa4392f4a5708cc38d5f9e2ecec5dcda858c54 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Mon, 15 Feb 2021 13:01:55 +0100 Subject: [PATCH] Sync ftd and asa data streams with beats --- ...test-additional-messages.log-expected.json | 177 +++--- .../pipeline/test-asa-fix.log-expected.json | 26 +- .../test/pipeline/test-asa.log-expected.json | 536 +++++++++--------- .../test-dap-records.log-expected.json | 2 +- .../pipeline/test-filtered.log-expected.json | 6 +- .../pipeline/test-hostnames.log-expected.json | 4 +- .../pipeline/test-not-ip.log-expected.json | 6 +- .../pipeline/test-sample.log-expected.json | 142 ++--- .../asa/agent/stream/stream.yml.hbs | 4 + .../data_stream/asa/agent/stream/udp.yml.hbs | 4 + .../elasticsearch/ingest_pipeline/default.yml | 16 +- .../pipeline/test-asa-fix.log-expected.json | 14 +- .../test/pipeline/test-asa.log-expected.json | 536 +++++++++--------- .../test/pipeline/test-dns.log-expected.json | 42 +- .../pipeline/test-filtered.log-expected.json | 4 +- ...est-firepower-management.log-expected.json | 68 +-- .../pipeline/test-intrusion.log-expected.json | 8 +- .../test-no-type-id.log-expected.json | 8 +- .../pipeline/test-not-ip.log-expected.json | 6 +- .../pipeline/test-sample.log-expected.json | 142 ++--- ...test-security-connection.log-expected.json | 20 +- ...st-security-file-malware.log-expected.json | 20 +- ...st-security-malware-site.log-expected.json | 2 +- .../ftd/agent/stream/stream.yml.hbs | 4 + .../data_stream/ftd/agent/stream/udp.yml.hbs | 4 + .../elasticsearch/ingest_pipeline/default.yml | 16 +- packages/cisco/manifest.yml | 2 +- 27 files changed, 941 insertions(+), 878 deletions(-) diff --git a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-additional-messages.log-expected.json b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-additional-messages.log-expected.json index 8ae43171e72..f457d1e7ed3 100644 --- a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-additional-messages.log-expected.json +++ b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-additional-messages.log-expected.json @@ -56,7 +56,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971317300Z", + "ingested": "2021-02-15T11:59:05.289165070Z", "code": "302013", "original": "%FTD-6-302013: Built inbound TCP connection 111111111 for net:10.10.10.10/53500 (8.8.8.8/53500) to fw111:192.168.2.2/53500 (8.8.5.4/53500)", "kind": "event", @@ -137,7 +137,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971328900Z", + "ingested": "2021-02-15T11:59:05.289180087Z", "code": "302015", "original": "%FTD-6-302015: Built inbound UDP connection 111111111 for net:10.10.10.10/53500 (8.8.8.8/53500) to fw111:192.168.2.2/53500 (8.8.5.4/53500)", "kind": "event", @@ -202,7 +202,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971334Z", + "ingested": "2021-02-15T11:59:05.289183522Z", "code": "302020", "original": "%FTD-6-302020: Built inbound ICMP connection for faddr 10.10.10.10/0 gaddr 8.8.8.8/0 laddr 192.168.2.2/0 type 3 code 3", "kind": "event", @@ -256,7 +256,7 @@ "event": { "severity": 7, "duration": 0, - "ingested": "2021-01-28T23:44:33.971340200Z", + "ingested": "2021-02-15T11:59:05.289186269Z", "code": "609002", "original": "%FTD-7-609002: Teardown local-host net:192.168.2.2 duration 0:00:00", "kind": "event", @@ -311,7 +311,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:44:33.971346100Z", + "ingested": "2021-02-15T11:59:05.289188869Z", "code": "609001", "original": "%FTD-7-609001: Built local-host net:192.168.2.2", "kind": "event", @@ -371,7 +371,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971352400Z", + "ingested": "2021-02-15T11:59:05.289191360Z", "code": "302020", "original": "%FTD-6-302020: Built inbound ICMP connection for faddr 10.10.10.10/0 gaddr 8.8.8.8/0 laddr 192.168.2.2/0 type 3 code 1", "kind": "event", @@ -445,7 +445,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971357400Z", + "ingested": "2021-02-15T11:59:05.289193807Z", "code": "805001", "original": "%FTD-6-805001: Offloaded TCP Flow for connection 111111111 from fw111:10.10.10.10/111 (8.8.8.8/111) to fw111:192.168.2.2/111 (8.8.5.4/111)", "kind": "event", @@ -519,7 +519,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971363600Z", + "ingested": "2021-02-15T11:59:05.289196359Z", "code": "805002", "original": "%FTD-6-805002: TCP Flow is no longer offloaded for connection 941243214 from net:10.192.18.4/51261 (10.192.18.4/51261) to fw109:10.192.70.66/443 (10.192.70.66/443)", "kind": "event", @@ -588,7 +588,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:44:33.971371400Z", + "ingested": "2021-02-15T11:59:05.289198756Z", "code": "710005", "original": "%FTD-7-710005: UDP request discarded from 192.168.2.2/68 to fw111:10.10.10.10/67", "kind": "event", @@ -663,7 +663,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971377100Z", + "ingested": "2021-02-15T11:59:05.289201387Z", "code": "303002", "original": "%FTD-6-303002: FTP connection from net:192.168.2.2/63656 to fw111:10.192.18.4/21, user testuser Stored file /export/home/sysm/ftproot/sdsdsds/tmp.log", "kind": "event", @@ -704,7 +704,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:44:33.971382200Z", + "ingested": "2021-02-15T11:59:05.289233480Z", "code": "710006", "original": "%FTD-7-710006: VRRP request discarded from 192.168.2.2 to fw111:192.18.4", "kind": "event", @@ -748,7 +748,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:33.971387300Z", + "ingested": "2021-02-15T11:59:05.289263407Z", "code": "313005", "original": "%FTD-4-313005: No matching connection for ICMP error message: icmp src fw111:10.192.33.100 dst fw111:192.18.4 (type 3, code 3) on fw111 interface. Original IP payload: udp src 192.18.4/53 dst 8.8.8.8/10872.", "kind": "event", @@ -811,7 +811,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971392Z", + "ingested": "2021-02-15T11:59:05.289267615Z", "code": "302021", "original": "%ASA-6-302021: Teardown ICMP connection for faddr 192.168.2.2/0 gaddr 8.8.8.8/2 laddr 10.10.10.10/2 type 8 code 0", "kind": "event", @@ -865,7 +865,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:44:33.971398100Z", + "ingested": "2021-02-15T11:59:05.289270264Z", "code": "609001", "original": "%ASA-7-609001: Built local-host net:10.10.10.10", "kind": "event", @@ -919,7 +919,7 @@ "event": { "severity": 7, "duration": 0, - "ingested": "2021-01-28T23:44:33.971404700Z", + "ingested": "2021-02-15T11:59:05.289275579Z", "code": "609002", "original": "%ASA-7-609002: Teardown local-host identity:10.10.10.10 duration 0:00:00", "kind": "event", @@ -981,7 +981,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971411Z", + "ingested": "2021-02-15T11:59:05.289278084Z", "code": "302020", "original": "%ASA-6-302020: Built inbound ICMP connection for faddr 10.10.10.10/0 gaddr 8.8.8.8/0 laddr 10.192.46.90/0", "kind": "event", @@ -1041,7 +1041,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971418900Z", + "ingested": "2021-02-15T11:59:05.289281586Z", "code": "302020", "original": "%ASA-6-302020: Built outbound ICMP connection for faddr 10.10.10.10/0 gaddr 8.8.8.8/0 laddr 192.168.2.2/0 type 3 code 3", "kind": "event", @@ -1112,7 +1112,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:33.971426600Z", + "ingested": "2021-02-15T11:59:05.289284352Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 2960892904 for out111:10.10.10.10/443 to fw111:192.168.2.2/55225 duration 0:00:00 bytes 0 TCP Reset-I", "kind": "event", @@ -1192,7 +1192,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971434300Z", + "ingested": "2021-02-15T11:59:05.289286815Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 1588662 for intfacename:192.168.2.2/80 (8.8.8.8/80) to net:10.10.10.10/54839 (8.8.8.8/54839)", "kind": "event", @@ -1267,7 +1267,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:33.971442100Z", + "ingested": "2021-02-15T11:59:05.289289193Z", "code": "302012", "original": "%ASA-6-302012: Teardown dynamic UDP translation from fw111:10.10.10.10/54230 to out111:192.168.2.2/54230 duration 0:00:00", "kind": "event", @@ -1332,7 +1332,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:33.971449800Z", + "ingested": "2021-02-15T11:59:05.289291604Z", "code": "313004", "original": "%ASA-4-313004: Denied ICMP type=0, from laddr 10.10.10.10 on interface fw502 to 192.168.2.2: no matching session", "kind": "event", @@ -1403,7 +1403,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971457500Z", + "ingested": "2021-02-15T11:59:05.289294729Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from fw111:10.10.10.10/57006 to out111:192.168.2.2/57006", "kind": "event", @@ -1468,7 +1468,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:33.971465300Z", + "ingested": "2021-02-15T11:59:05.289297248Z", "code": "106001", "original": "%ASA-2-106001: Inbound TCP connection denied from 192.168.2.2/43803 to 10.10.10.10/14322 flags SYN on interface out111", "kind": "event", @@ -1558,7 +1558,7 @@ "event": { "severity": 2, "duration": 124000000000, - "ingested": "2021-01-28T23:44:33.971473200Z", + "ingested": "2021-02-15T11:59:05.289299975Z", "code": "302016", "original": "%ASA-2-302016: Teardown UDP connection 1671727 for intfacename:10.10.10.10/161 to net:192.186.2.2/53356 duration 0:02:04 bytes 64585", "kind": "event", @@ -1638,7 +1638,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:33.971481100Z", + "ingested": "2021-02-15T11:59:05.289302382Z", "code": "302015", "original": "%ASA-2-302015: Built outbound UDP connection 1743372 for intfacename:10.10.10.10/161 (8.8.8.4/161) to net:192.168.2.2/22638 (8.8.8.8/22638)", "kind": "event", @@ -1719,7 +1719,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:33.971502700Z", + "ingested": "2021-02-15T11:59:05.289304940Z", "code": "302015", "original": "%ASA-2-302015: Built outbound UDP connection 1743372 for intfacename:10.10.10.10/161 (8.8.8.4/161) to net:192.168.2.2/22638 (8.8.8.8/22638)", "kind": "event", @@ -1793,7 +1793,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:33.971507700Z", + "ingested": "2021-02-15T11:59:05.289308554Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src fw111:10.10.10.10/64388 dst out111:192.168.2.2/443 by access-group \"out1111_access_out\" [0x47e21ef4, 0x47e21ef4]", "kind": "event", @@ -1858,7 +1858,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:33.971514100Z", + "ingested": "2021-02-15T11:59:05.289311050Z", "code": "106021", "original": "%ASA-4-106021: Deny TCP reverse path check from 192.168.2.2 to 10.10.10.10 on interface fw111", "kind": "event", @@ -1924,7 +1924,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:33.971533800Z", + "ingested": "2021-02-15T11:59:05.289313409Z", "code": "106006", "original": "%ASA-2-106006: Deny inbound UDP from 192.168.2.2/65020 to 10.10.10.10/65020 on interface fw111", "kind": "event", @@ -1988,7 +1988,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971540200Z", + "ingested": "2021-02-15T11:59:05.289315889Z", "code": "106015", "original": "%ASA-6-106015: Deny TCP (no connection) from 192.168.2.2/53089 to 10.10.10.10/443 flags FIN PSH ACK on interface out111", "kind": "event", @@ -2051,7 +2051,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971550200Z", + "ingested": "2021-02-15T11:59:05.289318373Z", "code": "106015", "original": "%ASA-6-106015: Deny TCP (no connection) from 192.168.2.2/17127 to 10.10.10.10/443 flags PSH ACK on interface out111", "kind": "event", @@ -2114,7 +2114,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971558400Z", + "ingested": "2021-02-15T11:59:05.289320969Z", "code": "106015", "original": "%ASA-6-106015: Deny TCP (no connection) from 192.168.2.2/24223 to 10.10.10.10/443 flags RST on interface fw111", "kind": "event", @@ -2189,7 +2189,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971563900Z", + "ingested": "2021-02-15T11:59:05.289323840Z", "code": "302022", "original": "%ASA-6-302022: Built director stub TCP connection for fw1111:10.10.10.10/38540 (8.8.8.5/38540) to net:192.168.2.2/10051 (8.8.8.8/10051)", "kind": "event", @@ -2268,7 +2268,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971569Z", + "ingested": "2021-02-15T11:59:05.289326380Z", "code": "302022", "original": "%ASA-6-302022: Built forwarder stub TCP connection for fw111:10.10.10.10/38540 (8.8.8.5/38540) to net:192.168.2.2/10051 (8.8.8.8/10051)", "kind": "event", @@ -2347,7 +2347,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971574Z", + "ingested": "2021-02-15T11:59:05.289328954Z", "code": "302022", "original": "%ASA-6-302022: Built backup stub TCP connection for fw111:10.10.10.10/38540 (8.8.8.5/38540) to net:192.1682.2.2/10051 (8.8.8.8/10051)", "kind": "event", @@ -2392,7 +2392,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971578800Z", + "ingested": "2021-02-15T11:59:05.289331461Z", "code": "302023", "original": "%ASA-6-302023: Teardown stub TCP connection for fw111:10.10.10.10/39210 to net:192.168.2.2/10051 duration 0:00:00 forwarded bytes 0 Cluster flow with CLU closed on owner", "kind": "event", @@ -2431,7 +2431,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971584900Z", + "ingested": "2021-02-15T11:59:05.289333927Z", "code": "302023", "original": "%ASA-6-302023: Teardown stub TCP connection for net:10.10.10.10/10051 to unknown:192.168.2.2/39222 duration 0:00:00 forwarded bytes 0 Forwarding or redirect flow removed to create director or backup flow", "kind": "event", @@ -2458,6 +2458,9 @@ }, "@timestamp": "2021-05-05T19:03:27.000Z", "related": { + "user": [ + "aaaa" + ], "hosts": [ "dev01" ] @@ -2473,7 +2476,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:44:33.971591600Z", + "ingested": "2021-02-15T11:59:05.289336285Z", "code": "111009", "original": "%ASA-7-111009: User 'aaaa' executed cmd: show access-list fw211111_access_out brief", "kind": "event", @@ -2501,6 +2504,9 @@ }, "@timestamp": "2021-05-05T19:02:26.000Z", "related": { + "user": [ + "aaaa" + ], "hosts": [ "dev01" ] @@ -2516,7 +2522,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:44:33.971597800Z", + "ingested": "2021-02-15T11:59:05.289338697Z", "code": "111009", "original": "%ASA-7-111009: User 'aaaa' executed cmd: show access-list aaa_out brief", "kind": "event", @@ -2584,7 +2590,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971605700Z", + "ingested": "2021-02-15T11:59:05.289341071Z", "code": "106100", "original": "%ASA-6-106100: access-list fw111_out permitted tcp ptaaac/192.168.2.2(62157) -\u003e fw111/10.10.10.10(3452) hit-cnt 1 first hit [0x38ff326b, 0x00000000]", "kind": "event", @@ -2656,7 +2662,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971627600Z", + "ingested": "2021-02-15T11:59:05.289343600Z", "code": "106100", "original": "%ASA-6-106100: access-list fw111_out permitted tcp net/192.168.2.2(49033) -\u003e fw111/10.10.10.10(6007) hit-cnt 2 300-second interval [0x38ff326b, 0x00000000]", "kind": "event", @@ -2700,7 +2706,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971635500Z", + "ingested": "2021-02-15T11:59:05.289346129Z", "code": "302027", "original": "%ASA-6-302027: Teardown stub ICMP connection for fw1111:10.10.10.10/6426 to net:192.168.2.2/0 duration 1:00:04 forwarded bytes 56 Cluster flow with CLU closed on owner", "kind": "event", @@ -2739,7 +2745,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971657800Z", + "ingested": "2021-02-15T11:59:05.289350309Z", "code": "302026", "original": "%ASA-6-302026: Built director stub ICMP connection for fw111:10.10.10.10/32004 (8.8.8.5) to net:192.168.2.2/0 (8.8.8.8)", "kind": "event", @@ -2801,7 +2807,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:44:33.971665500Z", + "ingested": "2021-02-15T11:59:05.289352809Z", "code": "710005", "original": "%ASA-7-710005: UDP request discarded from 10.10.10.10/1985 to net:192.168.2.2/1985", "kind": "event", @@ -2841,7 +2847,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971673400Z", + "ingested": "2021-02-15T11:59:05.289355452Z", "code": "302025", "original": "%ASA-6-302025: Teardown stub UDP connection for net:192.168.2.2/123 to unknown:10.10.10.10/123 duration 0:01:00 forwarded bytes 48 Cluster flow with CLU removed from due to idle timeout", "kind": "event", @@ -2880,7 +2886,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971678300Z", + "ingested": "2021-02-15T11:59:05.289357896Z", "code": "302024", "original": "%ASA-6-302024: Built backup stub UDP connection for net:192.168.2.2/9051 (8.8.8.5(19051) to fw111:10.10.10.10/123 (8.8.8.8/123)", "kind": "event", @@ -2937,7 +2943,6 @@ "dev01" ], "ip": [ - "10.10.10.10", "10.10.10.10" ] }, @@ -2946,7 +2951,7 @@ }, "event": { "severity": 3, - "ingested": "2021-01-28T23:44:33.971684600Z", + "ingested": "2021-02-15T11:59:05.289360240Z", "code": "106014", "original": "%ASA-3-106014: Deny inbound icmp src fw111:10.10.10.10 dst fw111:10.10.10.10(type 8, code 0)", "kind": "event", @@ -2989,7 +2994,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:33.971690700Z", + "ingested": "2021-02-15T11:59:05.289362464Z", "code": "733100", "original": "%ASA-4-733100: [192.168.2.2] drop rate-1 exceeded. Current burst rate is 0 per second, max configured rate is -4; Current average rate is 7 per second, max configured rate is -4; Cumulative total count is 9063", "kind": "event", @@ -3056,7 +3061,6 @@ "dev01" ], "ip": [ - "10.10.10.10", "10.10.10.10" ] }, @@ -3065,7 +3069,7 @@ }, "event": { "severity": 3, - "ingested": "2021-01-28T23:44:33.971696900Z", + "ingested": "2021-02-15T11:59:05.289364794Z", "code": "106010", "original": "%ASA-3-106010: Deny inbound sctp src fw111:10.10.10.10/5114 dst fw111:10.10.10.10/2", "kind": "event", @@ -3136,7 +3140,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:33.971701900Z", + "ingested": "2021-02-15T11:59:05.289366984Z", "code": "507003", "original": "%ASA-4-507003: tcp flow from fw111:10.10.10.10/49574 to out111:192.168.2.2/80 terminated by inspection engine, reason - disconnected, dropped packet.", "kind": "event", @@ -3183,7 +3187,6 @@ "dev01" ], "ip": [ - "10.20.30.40", "10.20.30.40" ] }, @@ -3192,7 +3195,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:33.971708300Z", + "ingested": "2021-02-15T11:59:05.289369304Z", "code": "304001", "original": "%ASA-5-304001: 10.20.30.40 Accessed URL 10.20.30.40:http://10.20.30.40/", "kind": "event", @@ -3239,7 +3242,6 @@ "dev01" ], "ip": [ - "10.20.30.40", "10.20.30.40" ] }, @@ -3248,7 +3250,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:33.971716200Z", + "ingested": "2021-02-15T11:59:05.289371471Z", "code": "304001", "original": "%ASA-5-304001: 10.20.30.40 Accessed URL someuser@10.20.30.40:http://10.20.30.40/IOFUHSIU98[0]", "kind": "event", @@ -3295,7 +3297,6 @@ "dev01" ], "ip": [ - "10.20.30.40", "10.20.30.40" ] }, @@ -3304,7 +3305,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:33.971721900Z", + "ingested": "2021-02-15T11:59:05.289373657Z", "code": "304001", "original": "%ASA-5-304001: 10.20.30.40 Accessed JAVA URL 10.20.30.40:http://10.20.30.40/some/longer/url-asd-er9789870[0]_=23", "kind": "event", @@ -3351,7 +3352,6 @@ "dev01" ], "ip": [ - "10.20.30.40", "10.20.30.40" ] }, @@ -3360,7 +3360,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:33.971727Z", + "ingested": "2021-02-15T11:59:05.289375796Z", "code": "304001", "original": "%ASA-5-304001: 10.20.30.40 Accessed JAVA URL someuser@10.20.30.40:http://10.20.30.40/", "kind": "event", @@ -3461,7 +3461,7 @@ "event": { "severity": 6, "duration": 3602000000000, - "ingested": "2021-01-28T23:44:33.971732100Z", + "ingested": "2021-02-15T11:59:05.289377970Z", "code": "302304", "original": "%ASA-6-302304: Teardown TCP state-bypass connection 2751765169 from server.deflan:1.2.3.4/54242 to server.deflan:2.3.4.5/9101 duration 1:00:02 bytes 245 Connection timeout", "kind": "event", @@ -3534,7 +3534,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:33.971736900Z", + "ingested": "2021-02-15T11:59:05.289380154Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:10.10.10.2/56444 dst srv:192.168.2.2/51635(testhostname.domain) by access-group \"global_access_1\"", "kind": "event", @@ -3624,7 +3624,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:33.971743Z", + "ingested": "2021-02-15T11:59:05.289382395Z", "code": "106100", "original": "%ASA-5-106100: access-list testrulename denied tcp insideintf/somedomainname.local(27218) -\u003e OUTSIDE/195.122.12.242(53) hit-cnt 1 first hit [0x16847359, 0x00000000]", "kind": "event", @@ -3673,7 +3673,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:33.971749500Z", + "ingested": "2021-02-15T11:59:05.289384578Z", "code": "111004", "original": "%ASA-5-111004: console end configuration: OK", "kind": "event", @@ -3701,6 +3701,9 @@ }, "@timestamp": "2021-04-27T02:03:03.000Z", "related": { + "user": [ + "enable_15" + ], "hosts": [ "dev01" ], @@ -3723,7 +3726,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:33.971755800Z", + "ingested": "2021-02-15T11:59:05.289386789Z", "code": "111010", "original": "%ASA-5-111010: User 'enable_15', running 'CLI' from IP 10.10.0.87, executed 'clear'", "kind": "event", @@ -3751,6 +3754,9 @@ }, "@timestamp": "2021-04-27T02:03:03.000Z", "related": { + "user": [ + "enable_15" + ], "hosts": [ "dev01" ] @@ -3766,7 +3772,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:33.971763600Z", + "ingested": "2021-02-15T11:59:05.289388975Z", "code": "502103", "original": "%ASA-5-502103: User priv level changed: Uname: enable_15 From: 1 To: 15", "kind": "event", @@ -3820,6 +3826,9 @@ }, "@timestamp": "2021-04-27T02:03:03.000Z", "related": { + "user": [ + "*****" + ], "hosts": [ "dev01" ], @@ -3833,7 +3842,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971771500Z", + "ingested": "2021-02-15T11:59:05.289391184Z", "code": "605004", "original": "%ASA-6-605004: Login denied from 10.10.1.212/51923 to FCD-FS-LAN:10.10.1.254/https for user \"*****\"", "kind": "event", @@ -3863,6 +3872,9 @@ }, "@timestamp": "2021-04-27T02:03:03.000Z", "related": { + "user": [ + "admin" + ], "hosts": [ "dev01" ], @@ -3885,7 +3897,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971779300Z", + "ingested": "2021-02-15T11:59:05.289393427Z", "code": "611102", "original": "%ASA-6-611102: User authentication failed: IP address: 10.10.0.87, Uname: admin", "kind": "event", @@ -3936,6 +3948,9 @@ }, "@timestamp": "2021-04-27T02:03:03.000Z", "related": { + "user": [ + "admin" + ], "hosts": [ "dev01" ], @@ -3949,7 +3964,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971787100Z", + "ingested": "2021-02-15T11:59:05.289395610Z", "code": "605005", "original": "%ASA-6-605005: Login permitted from 10.10.0.87/6651 to FCD-FS-LAN:10.10.1.254/ssh for user \"admin\"", "kind": "event", @@ -3979,6 +3994,9 @@ }, "@timestamp": "2021-04-27T02:03:03.000Z", "related": { + "user": [ + "admin" + ], "hosts": [ "dev01" ], @@ -4001,7 +4019,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971794800Z", + "ingested": "2021-02-15T11:59:05.289397819Z", "code": "611101", "original": "%ASA-6-611101: User authentication succeeded: IP address: 10.10.0.87, Uname: admin", "kind": "event", @@ -4066,7 +4084,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:33.971802600Z", + "ingested": "2021-02-15T11:59:05.289400173Z", "code": "713049", "original": "%ASA-5-713049: Group = 91.240.17.178, IP = 91.240.17.178, Security negotiation complete for LAN-to-LAN Group (91.240.17.178) Responder, Inbound SPI = 0x276b1da2, Outbound SPI = 0x0e1a581d", "kind": "event", @@ -4093,6 +4111,9 @@ }, "@timestamp": "2021-04-27T02:03:03.000Z", "related": { + "user": [ + "91.240.17.178" + ], "hosts": [ "dev01" ], @@ -4138,7 +4159,7 @@ "event": { "severity": 4, "duration": 0, - "ingested": "2021-01-28T23:44:33.971810400Z", + "ingested": "2021-02-15T11:59:05.289403310Z", "code": "113019", "original": "%ASA-4-113019: Group = 91.240.17.178, Username = 91.240.17.178, IP = 91.240.17.178, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:32m:16s, Bytes xmt: 297103, Bytes rcv: 1216163, Reason: User Requested", "kind": "event", @@ -4167,6 +4188,9 @@ }, "@timestamp": "2021-04-27T02:03:03.000Z", "related": { + "user": [ + "testuser" + ], "hosts": [ "dev01" ], @@ -4204,7 +4228,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:33.971818200Z", + "ingested": "2021-02-15T11:59:05.289405477Z", "code": "722051", "original": "%ASA-4-722051: Group some-policy User testuser IP 8.8.8.8 IPv4 Address 8.8.4.4 IPv6 address 2001:4860:4860::8888 assigned to session", "kind": "event", @@ -4232,6 +4256,9 @@ }, "@timestamp": "2021-04-27T02:03:03.000Z", "related": { + "user": [ + "testuser" + ], "hosts": [ "dev01" ], @@ -4269,7 +4296,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:33.971826Z", + "ingested": "2021-02-15T11:59:05.289407654Z", "code": "716002", "original": "%ASA-6-716002: Group another-policy User testuser IP 8.8.8.8 WebVPN session terminated: User Requested.", "kind": "event", @@ -4367,7 +4394,7 @@ }, "event": { "severity": 3, - "ingested": "2021-01-28T23:44:33.971833700Z", + "ingested": "2021-02-15T11:59:05.289409837Z", "code": "710003", "original": "%ASA-3-710003: TCP access denied by ACL from 104.46.88.19/6370 to outside:195.74.114.34/23", "kind": "event", diff --git a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-asa-fix.log-expected.json index 519473c905e..00e7fd6a20f 100644 --- a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -51,7 +51,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.493090800Z", + "ingested": "2021-02-15T11:59:07.863582034Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 110577675 for Outside:10.123.123.123/53723(LOCAL\\Elastic) to Inside:10.233.123.123/53 duration 0:00:00 bytes 148 (zzzzzz)", "kind": "event", @@ -114,7 +114,6 @@ "SNL-ASA-VPN-A01" ], "ip": [ - "10.123.123.123", "10.123.123.123" ] }, @@ -123,7 +122,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.493103100Z", + "ingested": "2021-02-15T11:59:07.863590744Z", "code": "106023", "original": "%ASA-4-106023: Deny icmp src Inside:10.123.123.123 dst Outside:10.123.123.123 (type 11, code 0) by access-group \"Inside_access_in\" [0x0, 0x0]", "kind": "event", @@ -165,7 +164,6 @@ "@timestamp": "2013-04-15T09:36:50.000Z", "related": { "ip": [ - "10.123.123.123", "10.123.123.123" ] }, @@ -184,7 +182,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.493111100Z", + "ingested": "2021-02-15T11:59:07.863593146Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src dmz:10.123.123.123/6316 dst outside:10.123.123.123/53 type 3, code 0, by access-group \"acl_dmz\" [0xe3afb522, 0x0]", "kind": "event", @@ -251,7 +249,6 @@ "SNL-ASA-VPN-A01" ], "ip": [ - "10.123.123.123", "10.123.123.123" ] }, @@ -260,7 +257,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.493118800Z", + "ingested": "2021-02-15T11:59:07.863595230Z", "code": "106023", "original": "%ASA-4-106023: Deny udp src Inside:10.123.123.123/57621(LOCAL\\Elastic) dst Outside:10.123.123.123/57621 by access-group \"Inside_access_in\" [0x0, 0x0]", "kind": "event", @@ -297,7 +294,6 @@ "SNL-ASA-VPN-A01" ], "ip": [ - "10.123.123.123", "10.123.123.123" ] }, @@ -317,7 +313,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:36.493126600Z", + "ingested": "2021-02-15T11:59:07.863597248Z", "code": "106017", "original": "%ASA-2-106017: Deny IP due to Land Attack from 10.123.123.123 to 10.123.123.123", "kind": "event", @@ -370,7 +366,7 @@ }, "event": { "severity": 3, - "ingested": "2021-01-28T23:44:36.493134400Z", + "ingested": "2021-02-15T11:59:07.863599183Z", "code": "313008", "original": "%ASA-3-313008: Denied IPv6-ICMP type=134, code=0 from fe80::1ff:fe23:4567:890a on interface ISP1", "kind": "event", @@ -435,7 +431,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.493142100Z", + "ingested": "2021-02-15T11:59:07.863601097Z", "code": "313009", "original": "%ASA-4-313009: Denied invalid ICMP code 9, for Inside:10.255.0.206/8795 (10.255.0.206/8795) to identity:10.12.31.51/0 (10.12.31.51/0), ICMP id 295, ICMP type 8", "kind": "event", @@ -504,7 +500,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.493149900Z", + "ingested": "2021-02-15T11:59:07.863603042Z", "code": "106100", "original": "%ASA-6-106100: access-list incoming permitted udp dmz2/127.2.3.4(56575) -\u003e inside/127.3.4.5(53) hit-cnt 1 first hit [0x93d0e533, 0x578ef52f]", "kind": "event", @@ -569,7 +565,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.493157600Z", + "ingested": "2021-02-15T11:59:07.863604914Z", "code": "106100", "original": "%ASA-6-106100: access-list incoming permitted udp dmz2/127.2.3.4(56575)(LOCAL\\\\username) -\u003e inside/127.3.4.5(53) hit-cnt 1 first hit [0x93d0e533, 0x578ef52f]", "kind": "event", @@ -641,7 +637,7 @@ }, "event": { "severity": 3, - "ingested": "2021-01-28T23:44:36.493165400Z", + "ingested": "2021-02-15T11:59:07.863606793Z", "code": "106102", "original": "%ASA-session-3-106102: access-list dev_inward_client permitted udp for user redacted outside/10.123.123.20(49721) -\u003e inside/10.223.223.40(53) hit-cnt 1 first hit [0x3c8b88c1, 0xbee595c3]", "kind": "event", @@ -724,7 +720,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:44:36.493173100Z", + "ingested": "2021-02-15T11:59:07.863608678Z", "code": "106103", "original": "%ASA-1-106103: access-list filter denied icmp for user joe inside/10.1.2.3(64321) -\u003e outside/1.2.33.40(8080) hit-cnt 1 first hit [0x3c8b88c1, 0xbee595c3]", "kind": "event", diff --git a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-asa.log-expected.json index 78842af7161..06ae5ddbc2c 100644 --- a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-asa.log-expected.json @@ -53,7 +53,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968627Z", + "ingested": "2021-02-15T11:59:08.260899367Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:100.66.98.44/8256", "kind": "event", @@ -127,7 +127,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968639Z", + "ingested": "2021-02-15T11:59:08.260908021Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11757 for outside:100.66.205.104/80 (100.66.205.104/80) to inside:172.31.98.44/1772 (172.31.98.44/1772)", "kind": "event", @@ -207,7 +207,7 @@ "event": { "severity": 6, "duration": 67000000000, - "ingested": "2021-01-28T23:44:36.968647100Z", + "ingested": "2021-02-15T11:59:08.260910363Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11749 for outside:100.66.211.242/80 to inside:172.31.98.44/1758 duration 0:01:07 bytes 38110 TCP Reset-I", "kind": "event", @@ -286,7 +286,7 @@ "event": { "severity": 6, "duration": 67000000000, - "ingested": "2021-01-28T23:44:36.968654900Z", + "ingested": "2021-02-15T11:59:08.260912502Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11748 for outside:100.66.211.242/80 to inside:172.31.98.44/1757 duration 0:01:07 bytes 44010 TCP Reset-I", "kind": "event", @@ -365,7 +365,7 @@ "event": { "severity": 6, "duration": 67000000000, - "ingested": "2021-01-28T23:44:36.968662700Z", + "ingested": "2021-02-15T11:59:08.260914465Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11745 for outside:100.66.185.90/80 to inside:172.31.98.44/1755 duration 0:01:07 bytes 7652 TCP Reset-I", "kind": "event", @@ -444,7 +444,7 @@ "event": { "severity": 6, "duration": 67000000000, - "ingested": "2021-01-28T23:44:36.968670500Z", + "ingested": "2021-02-15T11:59:08.260936008Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11744 for outside:100.66.185.90/80 to inside:172.31.98.44/1754 duration 0:01:07 bytes 7062 TCP Reset-I", "kind": "event", @@ -523,7 +523,7 @@ "event": { "severity": 6, "duration": 68000000000, - "ingested": "2021-01-28T23:44:36.968678400Z", + "ingested": "2021-02-15T11:59:08.260939993Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11742 for outside:100.66.160.197/80 to inside:172.31.98.44/1752 duration 0:01:08 bytes 5738 TCP Reset-I", "kind": "event", @@ -602,7 +602,7 @@ "event": { "severity": 6, "duration": 68000000000, - "ingested": "2021-01-28T23:44:36.968686100Z", + "ingested": "2021-02-15T11:59:08.260942503Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11738 for outside:100.66.205.14/80 to inside:172.31.98.44/1749 duration 0:01:08 bytes 4176 TCP Reset-I", "kind": "event", @@ -681,7 +681,7 @@ "event": { "severity": 6, "duration": 68000000000, - "ingested": "2021-01-28T23:44:36.968693800Z", + "ingested": "2021-02-15T11:59:08.260944743Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11739 for outside:100.66.124.33/80 to inside:172.31.98.44/1750 duration 0:01:08 bytes 1715 TCP Reset-I", "kind": "event", @@ -760,7 +760,7 @@ "event": { "severity": 6, "duration": 69000000000, - "ingested": "2021-01-28T23:44:36.968701600Z", + "ingested": "2021-02-15T11:59:08.260946868Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11731 for outside:100.66.35.9/80 to inside:172.31.98.44/1747 duration 0:01:09 bytes 45595 TCP Reset-I", "kind": "event", @@ -839,7 +839,7 @@ "event": { "severity": 6, "duration": 69000000000, - "ingested": "2021-01-28T23:44:36.968709400Z", + "ingested": "2021-02-15T11:59:08.260948780Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11723 for outside:100.66.211.242/80 to inside:172.31.98.44/1742 duration 0:01:09 bytes 27359 TCP Reset-I", "kind": "event", @@ -918,7 +918,7 @@ "event": { "severity": 6, "duration": 69000000000, - "ingested": "2021-01-28T23:44:36.968714900Z", + "ingested": "2021-02-15T11:59:08.260950984Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11715 for outside:100.66.218.21/80 to inside:172.31.98.44/1741 duration 0:01:09 bytes 4457 TCP Reset-I", "kind": "event", @@ -997,7 +997,7 @@ "event": { "severity": 6, "duration": 69000000000, - "ingested": "2021-01-28T23:44:36.968721300Z", + "ingested": "2021-02-15T11:59:08.260952937Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11711 for outside:100.66.198.27/80 to inside:172.31.98.44/1739 duration 0:01:09 bytes 26709 TCP Reset-I", "kind": "event", @@ -1076,7 +1076,7 @@ "event": { "severity": 6, "duration": 69000000000, - "ingested": "2021-01-28T23:44:36.968728Z", + "ingested": "2021-02-15T11:59:08.260954804Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11712 for outside:100.66.198.27/80 to inside:172.31.98.44/1740 duration 0:01:09 bytes 22097 TCP Reset-I", "kind": "event", @@ -1155,7 +1155,7 @@ "event": { "severity": 6, "duration": 70000000000, - "ingested": "2021-01-28T23:44:36.968734200Z", + "ingested": "2021-02-15T11:59:08.260956733Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11708 for outside:100.66.202.211/80 to inside:172.31.98.44/1738 duration 0:01:10 bytes 2209 TCP Reset-I", "kind": "event", @@ -1234,7 +1234,7 @@ "event": { "severity": 6, "duration": 67000000000, - "ingested": "2021-01-28T23:44:36.968739600Z", + "ingested": "2021-02-15T11:59:08.260958722Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11746 for outside:100.66.124.15/80 to inside:172.31.98.44/1756 duration 0:01:07 bytes 10404 TCP Reset-I", "kind": "event", @@ -1313,7 +1313,7 @@ "event": { "severity": 6, "duration": 70000000000, - "ingested": "2021-01-28T23:44:36.968745900Z", + "ingested": "2021-02-15T11:59:08.260962424Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11706 for outside:100.66.124.15/80 to inside:172.31.98.44/1737 duration 0:01:10 bytes 123694 TCP Reset-I", "kind": "event", @@ -1392,7 +1392,7 @@ "event": { "severity": 6, "duration": 71000000000, - "ingested": "2021-01-28T23:44:36.968753800Z", + "ingested": "2021-02-15T11:59:08.260964407Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11702 for outside:100.66.209.247/80 to inside:172.31.98.44/1736 duration 0:01:11 bytes 35835 TCP Reset-I", "kind": "event", @@ -1471,7 +1471,7 @@ "event": { "severity": 6, "duration": 30000000000, - "ingested": "2021-01-28T23:44:36.968759200Z", + "ingested": "2021-02-15T11:59:08.260966374Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11753 for outside:100.66.35.162/80 to inside:172.31.98.44/1765 duration 0:00:30 bytes 0 SYN Timeout", "kind": "event", @@ -1548,7 +1548,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968764600Z", + "ingested": "2021-02-15T11:59:08.260968782Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1188", "kind": "event", @@ -1622,7 +1622,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968769300Z", + "ingested": "2021-02-15T11:59:08.261003402Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11758 for outside:100.66.80.32/53 (100.66.80.32/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -1702,7 +1702,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.968775500Z", + "ingested": "2021-02-15T11:59:08.261007642Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11758 for outside:100.66.80.32/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 148", "kind": "event", @@ -1780,7 +1780,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968780700Z", + "ingested": "2021-02-15T11:59:08.261010591Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11759 for outside:100.66.252.6/53 (100.66.252.6/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -1860,7 +1860,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.968787100Z", + "ingested": "2021-02-15T11:59:08.261013389Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11759 for outside:100.66.252.6/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 164", "kind": "event", @@ -1937,7 +1937,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968794900Z", + "ingested": "2021-02-15T11:59:08.261015484Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1773 to outside:100.66.98.44/8257", "kind": "event", @@ -2011,7 +2011,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968802700Z", + "ingested": "2021-02-15T11:59:08.261017454Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11760 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1773 (172.31.98.44/1773)", "kind": "event", @@ -2089,7 +2089,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968810500Z", + "ingested": "2021-02-15T11:59:08.261019402Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1774 to outside:100.66.98.44/8258", "kind": "event", @@ -2163,7 +2163,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968818400Z", + "ingested": "2021-02-15T11:59:08.261021379Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11761 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1774 (172.31.98.44/1774)", "kind": "event", @@ -2242,7 +2242,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968826100Z", + "ingested": "2021-02-15T11:59:08.261023342Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11762 for outside:100.66.238.126/53 (100.66.238.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -2321,7 +2321,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968833800Z", + "ingested": "2021-02-15T11:59:08.261025286Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11763 for outside:100.66.93.51/53 (100.66.93.51/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -2401,7 +2401,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.968841600Z", + "ingested": "2021-02-15T11:59:08.261027267Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11762 for outside:100.66.238.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 111", "kind": "event", @@ -2480,7 +2480,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.968849300Z", + "ingested": "2021-02-15T11:59:08.261029203Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11763 for outside:100.66.93.51/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 237", "kind": "event", @@ -2557,7 +2557,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968857Z", + "ingested": "2021-02-15T11:59:08.261031114Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1775 to outside:100.66.98.44/8259", "kind": "event", @@ -2631,7 +2631,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968973500Z", + "ingested": "2021-02-15T11:59:08.261034555Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11764 for outside:100.66.225.103/443 (100.66.225.103/443) to inside:172.31.98.44/1775 (172.31.98.44/1775)", "kind": "event", @@ -2709,7 +2709,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968982400Z", + "ingested": "2021-02-15T11:59:08.261036835Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1189", "kind": "event", @@ -2783,7 +2783,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968987600Z", + "ingested": "2021-02-15T11:59:08.261038765Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11772 for outside:100.66.240.126/53 (100.66.240.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -2862,7 +2862,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.968993Z", + "ingested": "2021-02-15T11:59:08.261040718Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11773 for outside:100.66.44.45/53 (100.66.44.45/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -2942,7 +2942,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.968997900Z", + "ingested": "2021-02-15T11:59:08.261042655Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11772 for outside:100.66.240.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 87", "kind": "event", @@ -3021,7 +3021,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969004Z", + "ingested": "2021-02-15T11:59:08.261044585Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11773 for outside:100.66.44.45/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 221", "kind": "event", @@ -3098,7 +3098,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969011800Z", + "ingested": "2021-02-15T11:59:08.261046529Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1452 to outside:100.66.98.44/8265", "kind": "event", @@ -3172,7 +3172,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969019600Z", + "ingested": "2021-02-15T11:59:08.261048471Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11774 for outside:100.66.179.219/80 (100.66.179.219/80) to inside:172.31.98.44/1452 (172.31.98.44/1452)", "kind": "event", @@ -3251,7 +3251,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969027300Z", + "ingested": "2021-02-15T11:59:08.261050356Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11775 for outside:100.66.157.232/53 (100.66.157.232/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -3330,7 +3330,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969035Z", + "ingested": "2021-02-15T11:59:08.261052252Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11776 for outside:100.66.178.133/53 (100.66.178.133/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -3410,7 +3410,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969042700Z", + "ingested": "2021-02-15T11:59:08.261054555Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11775 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 101", "kind": "event", @@ -3489,7 +3489,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969050300Z", + "ingested": "2021-02-15T11:59:08.261056540Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11776 for outside:100.66.178.133/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 126", "kind": "event", @@ -3566,7 +3566,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969058100Z", + "ingested": "2021-02-15T11:59:08.261058780Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1453 to outside:100.66.98.44/8266", "kind": "event", @@ -3640,7 +3640,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969065900Z", + "ingested": "2021-02-15T11:59:08.261060766Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11777 for outside:100.66.133.112/80 (100.66.133.112/80) to inside:172.31.98.44/1453 (172.31.98.44/1453)", "kind": "event", @@ -3720,7 +3720,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969073600Z", + "ingested": "2021-02-15T11:59:08.261063469Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11777 for outside:100.66.133.112/80 to inside:172.31.98.44/1453 duration 0:00:00 bytes 862 TCP FINs", "kind": "event", @@ -3798,7 +3798,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969081400Z", + "ingested": "2021-02-15T11:59:08.261065447Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11779 for outside:100.66.204.197/53 (100.66.204.197/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -3878,7 +3878,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969089200Z", + "ingested": "2021-02-15T11:59:08.261067425Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11778 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "kind": "event", @@ -3957,7 +3957,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969097Z", + "ingested": "2021-02-15T11:59:08.261069502Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11779 for outside:100.66.204.197/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 176", "kind": "event", @@ -4034,7 +4034,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969102600Z", + "ingested": "2021-02-15T11:59:08.261071429Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267", "kind": "event", @@ -4108,7 +4108,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969108900Z", + "ingested": "2021-02-15T11:59:08.261073341Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11780 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1454 (172.31.98.44/1454)", "kind": "event", @@ -4186,7 +4186,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969115600Z", + "ingested": "2021-02-15T11:59:08.261075254Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268", "kind": "event", @@ -4260,7 +4260,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969121900Z", + "ingested": "2021-02-15T11:59:08.261077152Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11781 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1455 (172.31.98.44/1455)", "kind": "event", @@ -4338,7 +4338,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969127300Z", + "ingested": "2021-02-15T11:59:08.261079038Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269", "kind": "event", @@ -4412,7 +4412,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969133600Z", + "ingested": "2021-02-15T11:59:08.261080940Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11782 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1456 (172.31.98.44/1456)", "kind": "event", @@ -4491,7 +4491,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969141300Z", + "ingested": "2021-02-15T11:59:08.261116016Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11783 for outside:100.66.100.4/53 (100.66.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -4571,7 +4571,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969146700Z", + "ingested": "2021-02-15T11:59:08.261120687Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11783 for outside:100.66.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "kind": "event", @@ -4648,7 +4648,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969152Z", + "ingested": "2021-02-15T11:59:08.261123579Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270", "kind": "event", @@ -4722,7 +4722,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969156800Z", + "ingested": "2021-02-15T11:59:08.261126015Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11784 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1457 (172.31.98.44/1457)", "kind": "event", @@ -4800,7 +4800,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969163100Z", + "ingested": "2021-02-15T11:59:08.261127883Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271", "kind": "event", @@ -4874,7 +4874,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969168200Z", + "ingested": "2021-02-15T11:59:08.261129783Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11785 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1458 (172.31.98.44/1458)", "kind": "event", @@ -4953,7 +4953,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969174600Z", + "ingested": "2021-02-15T11:59:08.261131599Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11786 for outside:100.66.1.107/53 (100.66.1.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -5033,7 +5033,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969182900Z", + "ingested": "2021-02-15T11:59:08.261133564Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11784 for outside:100.66.198.40/80 to inside:172.31.98.44/1457 duration 0:00:00 bytes 593 TCP FINs", "kind": "event", @@ -5110,7 +5110,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969191Z", + "ingested": "2021-02-15T11:59:08.261135440Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272", "kind": "event", @@ -5184,7 +5184,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969198700Z", + "ingested": "2021-02-15T11:59:08.261137265Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11787 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1459 (172.31.98.44/1459)", "kind": "event", @@ -5264,7 +5264,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969206500Z", + "ingested": "2021-02-15T11:59:08.261139098Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11786 for outside:100.66.1.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 375", "kind": "event", @@ -5341,7 +5341,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969214300Z", + "ingested": "2021-02-15T11:59:08.261140904Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273", "kind": "event", @@ -5415,7 +5415,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969222Z", + "ingested": "2021-02-15T11:59:08.261142740Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11788 for outside:100.66.192.44/80 (100.66.192.44/80) to inside:172.31.98.44/1460 (172.31.98.44/1460)", "kind": "event", @@ -5465,7 +5465,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969229700Z", + "ingested": "2021-02-15T11:59:08.261144533Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267 duration 0:00:30", "kind": "event", @@ -5536,7 +5536,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969237400Z", + "ingested": "2021-02-15T11:59:08.261146346Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1385 to outside:100.66.98.44/8277", "kind": "event", @@ -5610,7 +5610,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969245300Z", + "ingested": "2021-02-15T11:59:08.261150726Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11797 for outside:100.66.19.254/80 (100.66.19.254/80) to inside:172.31.156.80/1385 (172.31.156.80/1385)", "kind": "event", @@ -5660,7 +5660,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969253Z", + "ingested": "2021-02-15T11:59:08.261152979Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268 duration 0:00:30", "kind": "event", @@ -5703,7 +5703,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969260900Z", + "ingested": "2021-02-15T11:59:08.261154944Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269 duration 0:00:30", "kind": "event", @@ -5746,7 +5746,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969268700Z", + "ingested": "2021-02-15T11:59:08.261156729Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270 duration 0:00:30", "kind": "event", @@ -5789,7 +5789,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969307Z", + "ingested": "2021-02-15T11:59:08.261158542Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271 duration 0:00:30", "kind": "event", @@ -5832,7 +5832,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969314100Z", + "ingested": "2021-02-15T11:59:08.261160345Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272 duration 0:00:30", "kind": "event", @@ -5875,7 +5875,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969321600Z", + "ingested": "2021-02-15T11:59:08.261162139Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273 duration 0:00:30", "kind": "event", @@ -5948,7 +5948,7 @@ "event": { "severity": 6, "duration": 325000000000, - "ingested": "2021-01-28T23:44:36.969328500Z", + "ingested": "2021-02-15T11:59:08.261163965Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11564 for outside:100.66.115.46/80 to inside:172.31.156.80/1382 duration 0:05:25 bytes 575 TCP FINs", "kind": "event", @@ -6027,7 +6027,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969347700Z", + "ingested": "2021-02-15T11:59:08.261165735Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11797 for outside:100.66.19.254/80 to inside:172.31.156.80/1385 duration 0:00:00 bytes 5391 TCP Reset-I", "kind": "event", @@ -6104,7 +6104,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969354Z", + "ingested": "2021-02-15T11:59:08.261167535Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1386 to outside:100.66.98.44/8278", "kind": "event", @@ -6178,7 +6178,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969361800Z", + "ingested": "2021-02-15T11:59:08.261169336Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11798 for outside:100.66.115.46/80 (100.66.115.46/80) to inside:172.31.156.80/1386 (172.31.156.80/1386)", "kind": "event", @@ -6256,7 +6256,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969367200Z", + "ingested": "2021-02-15T11:59:08.261171107Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6332,7 +6332,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969372700Z", + "ingested": "2021-02-15T11:59:08.261172887Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6408,7 +6408,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969377400Z", + "ingested": "2021-02-15T11:59:08.261174670Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6484,7 +6484,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969383500Z", + "ingested": "2021-02-15T11:59:08.261176464Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6560,7 +6560,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969388900Z", + "ingested": "2021-02-15T11:59:08.261178273Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6636,7 +6636,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969395200Z", + "ingested": "2021-02-15T11:59:08.261180026Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6712,7 +6712,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969403100Z", + "ingested": "2021-02-15T11:59:08.261181836Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6788,7 +6788,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969410900Z", + "ingested": "2021-02-15T11:59:08.261183609Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6864,7 +6864,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969418700Z", + "ingested": "2021-02-15T11:59:08.261217418Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6940,7 +6940,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969426500Z", + "ingested": "2021-02-15T11:59:08.261224889Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -7016,7 +7016,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969434200Z", + "ingested": "2021-02-15T11:59:08.261228175Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -7092,7 +7092,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969441900Z", + "ingested": "2021-02-15T11:59:08.261230873Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -7168,7 +7168,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.969449700Z", + "ingested": "2021-02-15T11:59:08.261232998Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -7244,7 +7244,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969457400Z", + "ingested": "2021-02-15T11:59:08.261236859Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1275 to outside:100.66.98.44/8279", "kind": "event", @@ -7318,7 +7318,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969465200Z", + "ingested": "2021-02-15T11:59:08.261238778Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11799 for outside:100.66.205.99/80 (100.66.205.99/80) to inside:172.31.98.44/1275 (172.31.98.44/1275)", "kind": "event", @@ -7396,7 +7396,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969472800Z", + "ingested": "2021-02-15T11:59:08.261240547Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1190", "kind": "event", @@ -7470,7 +7470,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969478300Z", + "ingested": "2021-02-15T11:59:08.261242341Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11800 for outside:100.66.14.30/53 (100.66.14.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -7550,7 +7550,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969483200Z", + "ingested": "2021-02-15T11:59:08.261244080Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11800 for outside:100.66.14.30/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 373", "kind": "event", @@ -7628,7 +7628,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969489300Z", + "ingested": "2021-02-15T11:59:08.261245829Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11801 for outside:100.66.252.210/53 (100.66.252.210/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -7708,7 +7708,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969496Z", + "ingested": "2021-02-15T11:59:08.261247702Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11801 for outside:100.66.252.210/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 207", "kind": "event", @@ -7785,7 +7785,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969502200Z", + "ingested": "2021-02-15T11:59:08.261249454Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1276 to outside:100.66.98.44/8280", "kind": "event", @@ -7859,7 +7859,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969507600Z", + "ingested": "2021-02-15T11:59:08.261251188Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11802 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1276 (172.31.98.44/1276)", "kind": "event", @@ -7937,7 +7937,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969513900Z", + "ingested": "2021-02-15T11:59:08.261252964Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1277 to outside:100.66.98.44/8281", "kind": "event", @@ -8011,7 +8011,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969521600Z", + "ingested": "2021-02-15T11:59:08.261254711Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11803 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1277 (172.31.98.44/1277)", "kind": "event", @@ -8091,7 +8091,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969527Z", + "ingested": "2021-02-15T11:59:08.261256507Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11802 for outside:100.66.98.165/80 to inside:172.31.98.44/1276 duration 0:00:00 bytes 12853 TCP FINs", "kind": "event", @@ -8168,7 +8168,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969532400Z", + "ingested": "2021-02-15T11:59:08.261258302Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1278 to outside:100.66.98.44/8282", "kind": "event", @@ -8242,7 +8242,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969537300Z", + "ingested": "2021-02-15T11:59:08.261260145Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11804 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1278 (172.31.98.44/1278)", "kind": "event", @@ -8322,7 +8322,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969543600Z", + "ingested": "2021-02-15T11:59:08.261262205Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11803 for outside:100.66.98.165/80 to inside:172.31.98.44/1277 duration 0:00:00 bytes 5291 TCP FINs", "kind": "event", @@ -8399,7 +8399,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969548800Z", + "ingested": "2021-02-15T11:59:08.261263971Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1279 to outside:100.66.98.44/8283", "kind": "event", @@ -8473,7 +8473,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969555100Z", + "ingested": "2021-02-15T11:59:08.261265722Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11805 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1279 (172.31.98.44/1279)", "kind": "event", @@ -8553,7 +8553,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969563400Z", + "ingested": "2021-02-15T11:59:08.261267497Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11804 for outside:100.66.98.165/80 to inside:172.31.98.44/1278 duration 0:00:00 bytes 965 TCP FINs", "kind": "event", @@ -8632,7 +8632,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969571500Z", + "ingested": "2021-02-15T11:59:08.261269225Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11805 for outside:100.66.98.165/80 to inside:172.31.98.44/1279 duration 0:00:00 bytes 8605 TCP FINs", "kind": "event", @@ -8709,7 +8709,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969579200Z", + "ingested": "2021-02-15T11:59:08.261271004Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1280 to outside:100.66.98.44/8284", "kind": "event", @@ -8783,7 +8783,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969586900Z", + "ingested": "2021-02-15T11:59:08.261272808Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11806 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1280 (172.31.98.44/1280)", "kind": "event", @@ -8863,7 +8863,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969594600Z", + "ingested": "2021-02-15T11:59:08.261274593Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11806 for outside:100.66.98.165/80 to inside:172.31.98.44/1280 duration 0:00:00 bytes 3428 TCP FINs", "kind": "event", @@ -8940,7 +8940,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969602300Z", + "ingested": "2021-02-15T11:59:08.261276315Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1281 to outside:100.66.98.44/8285", "kind": "event", @@ -9014,7 +9014,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969610Z", + "ingested": "2021-02-15T11:59:08.261278084Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11807 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1281 (172.31.98.44/1281)", "kind": "event", @@ -9092,7 +9092,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969617700Z", + "ingested": "2021-02-15T11:59:08.261279864Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1282 to outside:100.66.98.44/8286", "kind": "event", @@ -9166,7 +9166,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969625400Z", + "ingested": "2021-02-15T11:59:08.261281634Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11808 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1282 (172.31.98.44/1282)", "kind": "event", @@ -9244,7 +9244,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969634700Z", + "ingested": "2021-02-15T11:59:08.261283377Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1283 to outside:100.66.98.44/8287", "kind": "event", @@ -9318,7 +9318,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969640300Z", + "ingested": "2021-02-15T11:59:08.261285190Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11809 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1283 (172.31.98.44/1283)", "kind": "event", @@ -9396,7 +9396,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969714Z", + "ingested": "2021-02-15T11:59:08.261286948Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1284 to outside:100.66.98.44/8288", "kind": "event", @@ -9470,7 +9470,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969722300Z", + "ingested": "2021-02-15T11:59:08.261288697Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11810 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1284 (172.31.98.44/1284)", "kind": "event", @@ -9550,7 +9550,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969727300Z", + "ingested": "2021-02-15T11:59:08.261290444Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11807 for outside:100.66.98.165/80 to inside:172.31.98.44/1281 duration 0:00:00 bytes 2028 TCP FINs", "kind": "event", @@ -9629,7 +9629,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969733600Z", + "ingested": "2021-02-15T11:59:08.261292234Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11808 for outside:100.66.98.165/80 to inside:172.31.98.44/1282 duration 0:00:00 bytes 1085 TCP FINs", "kind": "event", @@ -9708,7 +9708,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969738900Z", + "ingested": "2021-02-15T11:59:08.261293988Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11809 for outside:100.66.98.165/80 to inside:172.31.98.44/1283 duration 0:00:00 bytes 868 TCP FINs", "kind": "event", @@ -9785,7 +9785,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969745100Z", + "ingested": "2021-02-15T11:59:08.261295764Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1285 to outside:100.66.98.44/8289", "kind": "event", @@ -9859,7 +9859,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969753Z", + "ingested": "2021-02-15T11:59:08.261297513Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11811 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1285 (172.31.98.44/1285)", "kind": "event", @@ -9937,7 +9937,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969760800Z", + "ingested": "2021-02-15T11:59:08.261299405Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1286 to outside:100.66.98.44/8290", "kind": "event", @@ -10011,7 +10011,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969768600Z", + "ingested": "2021-02-15T11:59:08.261301180Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11812 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1286 (172.31.98.44/1286)", "kind": "event", @@ -10091,7 +10091,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969776300Z", + "ingested": "2021-02-15T11:59:08.261302975Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11810 for outside:100.66.98.165/80 to inside:172.31.98.44/1284 duration 0:00:00 bytes 4439 TCP FINs", "kind": "event", @@ -10168,7 +10168,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969781800Z", + "ingested": "2021-02-15T11:59:08.261334904Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1287 to outside:100.66.98.44/8291", "kind": "event", @@ -10242,7 +10242,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969788100Z", + "ingested": "2021-02-15T11:59:08.261339535Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11813 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1287 (172.31.98.44/1287)", "kind": "event", @@ -10322,7 +10322,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969796Z", + "ingested": "2021-02-15T11:59:08.261342555Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11811 for outside:100.66.98.165/80 to inside:172.31.98.44/1285 duration 0:00:00 bytes 914 TCP FINs", "kind": "event", @@ -10401,7 +10401,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969801100Z", + "ingested": "2021-02-15T11:59:08.261345165Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11812 for outside:100.66.98.165/80 to inside:172.31.98.44/1286 duration 0:00:00 bytes 871 TCP FINs", "kind": "event", @@ -10479,7 +10479,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969807400Z", + "ingested": "2021-02-15T11:59:08.261347067Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11814 for outside:100.66.100.107/53 (100.66.100.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -10557,7 +10557,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969813500Z", + "ingested": "2021-02-15T11:59:08.261348851Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1288 to outside:100.66.98.44/8292", "kind": "event", @@ -10631,7 +10631,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969819900Z", + "ingested": "2021-02-15T11:59:08.261350649Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11815 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1288 (172.31.98.44/1288)", "kind": "event", @@ -10711,7 +10711,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969825Z", + "ingested": "2021-02-15T11:59:08.261352554Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11814 for outside:100.66.100.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 384", "kind": "event", @@ -10789,7 +10789,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969831200Z", + "ingested": "2021-02-15T11:59:08.261354360Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11816 for outside:100.66.104.8/53 (100.66.104.8/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -10869,7 +10869,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969838700Z", + "ingested": "2021-02-15T11:59:08.261356078Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11816 for outside:100.66.104.8/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 94", "kind": "event", @@ -10946,7 +10946,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969843900Z", + "ingested": "2021-02-15T11:59:08.261357813Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1289 to outside:100.66.98.44/8293", "kind": "event", @@ -11020,7 +11020,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969849Z", + "ingested": "2021-02-15T11:59:08.261359518Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11817 for outside:100.66.123.191/80 (100.66.123.191/80) to inside:172.31.98.44/1289 (172.31.98.44/1289)", "kind": "event", @@ -11100,7 +11100,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969855200Z", + "ingested": "2021-02-15T11:59:08.261361338Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11815 for outside:100.66.98.165/80 to inside:172.31.98.44/1288 duration 0:00:00 bytes 945 TCP FINs", "kind": "event", @@ -11179,7 +11179,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969860900Z", + "ingested": "2021-02-15T11:59:08.261363090Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11813 for outside:100.66.98.165/80 to inside:172.31.98.44/1287 duration 0:00:00 bytes 13284 TCP FINs", "kind": "event", @@ -11257,7 +11257,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969867200Z", + "ingested": "2021-02-15T11:59:08.261364823Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11818 for outside:100.66.100.4/53 (100.66.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -11337,7 +11337,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.969958700Z", + "ingested": "2021-02-15T11:59:08.261366531Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11818 for outside:100.66.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "kind": "event", @@ -11414,7 +11414,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969983200Z", + "ingested": "2021-02-15T11:59:08.261368278Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1290 to outside:100.66.98.44/8294", "kind": "event", @@ -11488,7 +11488,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.969989700Z", + "ingested": "2021-02-15T11:59:08.261369971Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11819 for outside:100.66.198.25/80 (100.66.198.25/80) to inside:172.31.98.44/1290 (172.31.98.44/1290)", "kind": "event", @@ -11568,7 +11568,7 @@ "event": { "severity": 6, "duration": 3526000000000, - "ingested": "2021-01-28T23:44:36.970019100Z", + "ingested": "2021-02-15T11:59:08.261371692Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 9828 for outside:100.66.48.1/67 to NP Identity Ifc:255.255.255.255/68 duration 0:58:46 bytes 58512", "kind": "event", @@ -11617,7 +11617,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970040600Z", + "ingested": "2021-02-15T11:59:08.261373435Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1272 to outside:100.66.98.44/8276 duration 0:00:30", "kind": "event", @@ -11689,7 +11689,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970046300Z", + "ingested": "2021-02-15T11:59:08.261375181Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11820 for outside:100.66.3.39/53 (100.66.3.39/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -11768,7 +11768,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970066500Z", + "ingested": "2021-02-15T11:59:08.261376948Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11821 for outside:100.66.162.30/53 (100.66.162.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -11848,7 +11848,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970072400Z", + "ingested": "2021-02-15T11:59:08.261378660Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11820 for outside:100.66.3.39/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 168", "kind": "event", @@ -11926,7 +11926,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970077700Z", + "ingested": "2021-02-15T11:59:08.261380337Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11822 for outside:100.66.3.39/53 (100.66.3.39/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -12006,7 +12006,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970083100Z", + "ingested": "2021-02-15T11:59:08.261382066Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11821 for outside:100.66.162.30/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 198", "kind": "event", @@ -12085,7 +12085,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970087800Z", + "ingested": "2021-02-15T11:59:08.261383748Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11822 for outside:100.66.3.39/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 150", "kind": "event", @@ -12163,7 +12163,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970094Z", + "ingested": "2021-02-15T11:59:08.261385476Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11823 for outside:100.66.48.186/53 (100.66.48.186/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -12243,7 +12243,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970101400Z", + "ingested": "2021-02-15T11:59:08.261406802Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11823 for outside:100.66.48.186/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 84", "kind": "event", @@ -12320,7 +12320,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970107700Z", + "ingested": "2021-02-15T11:59:08.261411024Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1291 to outside:100.66.98.44/8295", "kind": "event", @@ -12394,7 +12394,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970115400Z", + "ingested": "2021-02-15T11:59:08.261413995Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11824 for outside:100.66.54.190/80 (100.66.54.190/80) to inside:172.31.98.44/1291 (172.31.98.44/1291)", "kind": "event", @@ -12473,7 +12473,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970123400Z", + "ingested": "2021-02-15T11:59:08.261445031Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11825 for outside:100.66.254.94/53 (100.66.254.94/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -12553,7 +12553,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970131200Z", + "ingested": "2021-02-15T11:59:08.261448947Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11825 for outside:100.66.254.94/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 188", "kind": "event", @@ -12630,7 +12630,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970139Z", + "ingested": "2021-02-15T11:59:08.261451091Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1292 to outside:100.66.98.44/8296", "kind": "event", @@ -12704,7 +12704,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970146700Z", + "ingested": "2021-02-15T11:59:08.261453005Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11826 for outside:100.66.54.190/80 (100.66.54.190/80) to inside:172.31.98.44/1292 (172.31.98.44/1292)", "kind": "event", @@ -12782,7 +12782,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970154500Z", + "ingested": "2021-02-15T11:59:08.261454814Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1293 to outside:100.66.98.44/8297", "kind": "event", @@ -12856,7 +12856,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970162300Z", + "ingested": "2021-02-15T11:59:08.261456581Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11827 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1293 (172.31.98.44/1293)", "kind": "event", @@ -12934,7 +12934,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970170Z", + "ingested": "2021-02-15T11:59:08.261458319Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1294 to outside:100.66.98.44/8298", "kind": "event", @@ -13008,7 +13008,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970177800Z", + "ingested": "2021-02-15T11:59:08.261462662Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11828 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1294 (172.31.98.44/1294)", "kind": "event", @@ -13088,7 +13088,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970182900Z", + "ingested": "2021-02-15T11:59:08.261464629Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11827 for outside:100.66.98.165/80 to inside:172.31.98.44/1293 duration 0:00:00 bytes 5964 TCP FINs", "kind": "event", @@ -13165,7 +13165,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970189200Z", + "ingested": "2021-02-15T11:59:08.261466741Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1295 to outside:100.66.98.44/8299", "kind": "event", @@ -13239,7 +13239,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970195600Z", + "ingested": "2021-02-15T11:59:08.261468551Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11829 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1295 (172.31.98.44/1295)", "kind": "event", @@ -13317,7 +13317,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970201800Z", + "ingested": "2021-02-15T11:59:08.261471102Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1296 to outside:100.66.98.44/8300", "kind": "event", @@ -13391,7 +13391,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970207Z", + "ingested": "2021-02-15T11:59:08.261472868Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11830 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1296 (172.31.98.44/1296)", "kind": "event", @@ -13471,7 +13471,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970213400Z", + "ingested": "2021-02-15T11:59:08.261474620Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11828 for outside:100.66.98.165/80 to inside:172.31.98.44/1294 duration 0:00:00 bytes 6694 TCP FINs", "kind": "event", @@ -13550,7 +13550,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970220400Z", + "ingested": "2021-02-15T11:59:08.261476357Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11829 for outside:100.66.98.165/80 to inside:172.31.98.44/1295 duration 0:00:00 bytes 1493 TCP FINs", "kind": "event", @@ -13629,7 +13629,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970225400Z", + "ingested": "2021-02-15T11:59:08.261478078Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11830 for outside:100.66.98.165/80 to inside:172.31.98.44/1296 duration 0:00:00 bytes 893 TCP FINs", "kind": "event", @@ -13706,7 +13706,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970230400Z", + "ingested": "2021-02-15T11:59:08.261479803Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1297 to outside:100.66.98.44/8301", "kind": "event", @@ -13780,7 +13780,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970235200Z", + "ingested": "2021-02-15T11:59:08.261481561Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11831 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1297 (172.31.98.44/1297)", "kind": "event", @@ -13858,7 +13858,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970241300Z", + "ingested": "2021-02-15T11:59:08.261483341Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1298 to outside:100.66.98.44/8302", "kind": "event", @@ -13932,7 +13932,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970246200Z", + "ingested": "2021-02-15T11:59:08.261485112Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11832 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1298 (172.31.98.44/1298)", "kind": "event", @@ -14011,7 +14011,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970252500Z", + "ingested": "2021-02-15T11:59:08.261486842Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11833 for outside:100.66.179.9/53 (100.66.179.9/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -14091,7 +14091,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970261Z", + "ingested": "2021-02-15T11:59:08.261488605Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11833 for outside:100.66.179.9/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 150", "kind": "event", @@ -14170,7 +14170,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970268900Z", + "ingested": "2021-02-15T11:59:08.261490310Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11831 for outside:100.66.98.165/80 to inside:172.31.98.44/1297 duration 0:00:00 bytes 2750 TCP FINs", "kind": "event", @@ -14247,7 +14247,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970276700Z", + "ingested": "2021-02-15T11:59:08.261492046Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1299 to outside:100.66.98.44/8303", "kind": "event", @@ -14321,7 +14321,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970284500Z", + "ingested": "2021-02-15T11:59:08.261493762Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11834 for outside:100.66.247.99/80 (100.66.247.99/80) to inside:172.31.98.44/1299 (172.31.98.44/1299)", "kind": "event", @@ -14399,7 +14399,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970292200Z", + "ingested": "2021-02-15T11:59:08.261495495Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1300 to outside:100.66.98.44/8304", "kind": "event", @@ -14473,7 +14473,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970299900Z", + "ingested": "2021-02-15T11:59:08.261497275Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11835 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1300 (172.31.98.44/1300)", "kind": "event", @@ -14553,7 +14553,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970307500Z", + "ingested": "2021-02-15T11:59:08.261499004Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11832 for outside:100.66.98.165/80 to inside:172.31.98.44/1298 duration 0:00:00 bytes 881 TCP FINs", "kind": "event", @@ -14632,7 +14632,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970315300Z", + "ingested": "2021-02-15T11:59:08.261500733Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11835 for outside:100.66.98.165/80 to inside:172.31.98.44/1300 duration 0:00:00 bytes 2202 TCP FINs", "kind": "event", @@ -14709,7 +14709,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970323Z", + "ingested": "2021-02-15T11:59:08.261502469Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1301 to outside:100.66.98.44/8305", "kind": "event", @@ -14783,7 +14783,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970330700Z", + "ingested": "2021-02-15T11:59:08.261504200Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11836 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1301 (172.31.98.44/1301)", "kind": "event", @@ -14861,7 +14861,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970337100Z", + "ingested": "2021-02-15T11:59:08.261505976Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1302 to outside:100.66.98.44/8306", "kind": "event", @@ -14935,7 +14935,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970341900Z", + "ingested": "2021-02-15T11:59:08.261507722Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11837 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1302 (172.31.98.44/1302)", "kind": "event", @@ -14985,7 +14985,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970348100Z", + "ingested": "2021-02-15T11:59:08.261509474Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1276 to outside:100.66.98.44/8280 duration 0:00:30", "kind": "event", @@ -15028,7 +15028,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970354700Z", + "ingested": "2021-02-15T11:59:08.261511271Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1277 to outside:100.66.98.44/8281 duration 0:00:30", "kind": "event", @@ -15071,7 +15071,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970361Z", + "ingested": "2021-02-15T11:59:08.261513008Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1278 to outside:100.66.98.44/8282 duration 0:00:30", "kind": "event", @@ -15114,7 +15114,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970366400Z", + "ingested": "2021-02-15T11:59:08.261514735Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1279 to outside:100.66.98.44/8283 duration 0:00:30", "kind": "event", @@ -15157,7 +15157,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970372600Z", + "ingested": "2021-02-15T11:59:08.261516490Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1280 to outside:100.66.98.44/8284 duration 0:00:30", "kind": "event", @@ -15200,7 +15200,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970380400Z", + "ingested": "2021-02-15T11:59:08.261518246Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1281 to outside:100.66.98.44/8285 duration 0:00:30", "kind": "event", @@ -15243,7 +15243,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970385900Z", + "ingested": "2021-02-15T11:59:08.261519970Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1282 to outside:100.66.98.44/8286 duration 0:00:30", "kind": "event", @@ -15286,7 +15286,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970391300Z", + "ingested": "2021-02-15T11:59:08.261521761Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1283 to outside:100.66.98.44/8287 duration 0:00:30", "kind": "event", @@ -15329,7 +15329,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970396200Z", + "ingested": "2021-02-15T11:59:08.261523556Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1284 to outside:100.66.98.44/8288 duration 0:00:30", "kind": "event", @@ -15372,7 +15372,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970402300Z", + "ingested": "2021-02-15T11:59:08.261553155Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1285 to outside:100.66.98.44/8289 duration 0:00:30", "kind": "event", @@ -15415,7 +15415,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970407600Z", + "ingested": "2021-02-15T11:59:08.261559667Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1286 to outside:100.66.98.44/8290 duration 0:00:30", "kind": "event", @@ -15458,7 +15458,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970414Z", + "ingested": "2021-02-15T11:59:08.261563026Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1287 to outside:100.66.98.44/8291 duration 0:00:30", "kind": "event", @@ -15501,7 +15501,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970421800Z", + "ingested": "2021-02-15T11:59:08.261565404Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1288 to outside:100.66.98.44/8292 duration 0:00:30", "kind": "event", @@ -15544,7 +15544,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970429600Z", + "ingested": "2021-02-15T11:59:08.261574571Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1293 to outside:100.66.98.44/8297 duration 0:00:30", "kind": "event", @@ -15587,7 +15587,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970437300Z", + "ingested": "2021-02-15T11:59:08.261576488Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1294 to outside:100.66.98.44/8298 duration 0:00:30", "kind": "event", @@ -15658,7 +15658,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970445100Z", + "ingested": "2021-02-15T11:59:08.261578235Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1304 to outside:100.66.98.44/8308", "kind": "event", @@ -15732,7 +15732,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970452800Z", + "ingested": "2021-02-15T11:59:08.261580031Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11840 for outside:100.66.205.99/80 (100.66.205.99/80) to inside:172.31.98.44/1304 (172.31.98.44/1304)", "kind": "event", @@ -15782,7 +15782,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970460500Z", + "ingested": "2021-02-15T11:59:08.261581755Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1295 to outside:100.66.98.44/8299 duration 0:00:30", "kind": "event", @@ -15825,7 +15825,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970468200Z", + "ingested": "2021-02-15T11:59:08.261583495Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1296 to outside:100.66.98.44/8300 duration 0:00:30", "kind": "event", @@ -15897,7 +15897,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970475900Z", + "ingested": "2021-02-15T11:59:08.261585225Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11841 for outside:100.66.0.124/53 (100.66.0.124/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -15976,7 +15976,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970483700Z", + "ingested": "2021-02-15T11:59:08.261586965Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11842 for outside:100.66.160.2/53 (100.66.160.2/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -16056,7 +16056,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970493Z", + "ingested": "2021-02-15T11:59:08.261588691Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11841 for outside:100.66.0.124/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 318", "kind": "event", @@ -16135,7 +16135,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:36.970498600Z", + "ingested": "2021-02-15T11:59:08.261590440Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11842 for outside:100.66.160.2/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "kind": "event", @@ -16212,7 +16212,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970504900Z", + "ingested": "2021-02-15T11:59:08.261592243Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1305 to outside:100.66.98.44/8309", "kind": "event", @@ -16286,7 +16286,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970511700Z", + "ingested": "2021-02-15T11:59:08.261594008Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11843 for outside:100.66.124.24/80 (100.66.124.24/80) to inside:172.31.98.44/1305 (172.31.98.44/1305)", "kind": "event", @@ -16336,7 +16336,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970518Z", + "ingested": "2021-02-15T11:59:08.261595749Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1297 to outside:100.66.98.44/8301 duration 0:00:30", "kind": "event", @@ -16379,7 +16379,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970523400Z", + "ingested": "2021-02-15T11:59:08.261597494Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1298 to outside:100.66.98.44/8302 duration 0:00:30", "kind": "event", @@ -16422,7 +16422,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970529600Z", + "ingested": "2021-02-15T11:59:08.261599213Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1299 to outside:100.66.98.44/8303 duration 0:00:30", "kind": "event", @@ -16465,7 +16465,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970537300Z", + "ingested": "2021-02-15T11:59:08.261600966Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1300 to outside:100.66.98.44/8304 duration 0:00:30", "kind": "event", @@ -16508,7 +16508,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970542700Z", + "ingested": "2021-02-15T11:59:08.261602718Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1301 to outside:100.66.98.44/8305 duration 0:00:30", "kind": "event", @@ -16551,7 +16551,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970548100Z", + "ingested": "2021-02-15T11:59:08.261604458Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1302 to outside:100.66.98.44/8306 duration 0:00:30", "kind": "event", @@ -16594,7 +16594,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970552900Z", + "ingested": "2021-02-15T11:59:08.261606274Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1303 to outside:100.66.98.44/8307 duration 0:00:30", "kind": "event", @@ -16667,7 +16667,7 @@ "event": { "severity": 6, "duration": 4000000000, - "ingested": "2021-01-28T23:44:36.970559Z", + "ingested": "2021-02-15T11:59:08.261607994Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11843 for outside:100.66.124.24/80 to inside:172.31.98.44/1305 duration 0:00:04 bytes 410333 TCP Reset-I", "kind": "event", @@ -16744,7 +16744,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970566500Z", + "ingested": "2021-02-15T11:59:08.261609758Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -16820,7 +16820,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970572800Z", + "ingested": "2021-02-15T11:59:08.261611524Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -16896,7 +16896,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970581100Z", + "ingested": "2021-02-15T11:59:08.261613234Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -16972,7 +16972,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970589100Z", + "ingested": "2021-02-15T11:59:08.261614943Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1306 to outside:100.66.98.44/8310", "kind": "event", @@ -17046,7 +17046,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:36.970596800Z", + "ingested": "2021-02-15T11:59:08.261616679Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11844 for outside:100.66.124.24/80 (100.66.124.24/80) to inside:172.31.98.44/1306 (172.31.98.44/1306)", "kind": "event", @@ -17124,7 +17124,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970604600Z", + "ingested": "2021-02-15T11:59:08.261618405Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17200,7 +17200,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970616400Z", + "ingested": "2021-02-15T11:59:08.261620220Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17276,7 +17276,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970624200Z", + "ingested": "2021-02-15T11:59:08.261621960Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17352,7 +17352,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970631900Z", + "ingested": "2021-02-15T11:59:08.261623691Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17428,7 +17428,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970639600Z", + "ingested": "2021-02-15T11:59:08.261625409Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17504,7 +17504,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970647400Z", + "ingested": "2021-02-15T11:59:08.261627152Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17580,7 +17580,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970652600Z", + "ingested": "2021-02-15T11:59:08.261628867Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17656,7 +17656,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970658800Z", + "ingested": "2021-02-15T11:59:08.261630564Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17732,7 +17732,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970665400Z", + "ingested": "2021-02-15T11:59:08.261632290Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17808,7 +17808,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970671600Z", + "ingested": "2021-02-15T11:59:08.261634065Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17884,7 +17884,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970676900Z", + "ingested": "2021-02-15T11:59:08.261664711Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17960,7 +17960,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970683Z", + "ingested": "2021-02-15T11:59:08.261670472Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18036,7 +18036,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970690700Z", + "ingested": "2021-02-15T11:59:08.261673940Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18112,7 +18112,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970696100Z", + "ingested": "2021-02-15T11:59:08.261676797Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18188,7 +18188,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970701300Z", + "ingested": "2021-02-15T11:59:08.261678707Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18264,7 +18264,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970706100Z", + "ingested": "2021-02-15T11:59:08.261680422Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18340,7 +18340,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970712100Z", + "ingested": "2021-02-15T11:59:08.261682158Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18416,7 +18416,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970717200Z", + "ingested": "2021-02-15T11:59:08.261683857Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18492,7 +18492,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970723500Z", + "ingested": "2021-02-15T11:59:08.261685575Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18568,7 +18568,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970731300Z", + "ingested": "2021-02-15T11:59:08.261687249Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18644,7 +18644,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970739100Z", + "ingested": "2021-02-15T11:59:08.261688960Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18720,7 +18720,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970767200Z", + "ingested": "2021-02-15T11:59:08.261690677Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18796,7 +18796,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970776400Z", + "ingested": "2021-02-15T11:59:08.261692415Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18872,7 +18872,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970784400Z", + "ingested": "2021-02-15T11:59:08.261694117Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18948,7 +18948,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970809Z", + "ingested": "2021-02-15T11:59:08.261695836Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19024,7 +19024,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970815Z", + "ingested": "2021-02-15T11:59:08.261697536Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19100,7 +19100,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970819700Z", + "ingested": "2021-02-15T11:59:08.261699259Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19176,7 +19176,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970825800Z", + "ingested": "2021-02-15T11:59:08.261700960Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19252,7 +19252,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970832200Z", + "ingested": "2021-02-15T11:59:08.261702674Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19328,7 +19328,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970838400Z", + "ingested": "2021-02-15T11:59:08.261704828Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19404,7 +19404,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970843700Z", + "ingested": "2021-02-15T11:59:08.261706550Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19480,7 +19480,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970849900Z", + "ingested": "2021-02-15T11:59:08.261708249Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19556,7 +19556,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:36.970857800Z", + "ingested": "2021-02-15T11:59:08.261709970Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", diff --git a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-dap-records.log-expected.json b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-dap-records.log-expected.json index 7fbea955884..6ef40d08c95 100644 --- a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-dap-records.log-expected.json +++ b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-dap-records.log-expected.json @@ -33,7 +33,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.304402400Z", + "ingested": "2021-02-15T11:59:18.049277322Z", "code": "734001", "original": "%ASA-6-734001: DAP: User firsname.lastname@domain.net, Addr 1.2.3.4, Connection AnyConnect: The following DAP records were selected for this connection: dap_1, dap_2", "kind": "event", diff --git a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-filtered.log-expected.json index 15776e6c6e9..5694389ada8 100644 --- a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-filtered.log-expected.json @@ -25,7 +25,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:44:48.342668800Z", + "ingested": "2021-02-15T11:59:18.083212966Z", "code": "999999", "original": "%ASA-7-999999: This message is not filtered.", "kind": "event", @@ -66,7 +66,7 @@ }, "event": { "severity": 8, - "ingested": "2021-01-28T23:44:48.342680100Z", + "ingested": "2021-02-15T11:59:18.083220662Z", "code": "999999", "original": "%ASA-8-999999: This phony message is dropped due to log level.", "kind": "event", @@ -133,7 +133,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.342686800Z", + "ingested": "2021-02-15T11:59:18.083222599Z", "code": "106001", "original": "%ASA-2-106001: Inbound TCP connection denied from 10.13.12.11/45321 to 192.168.33.12/443 flags URG+SYN+RST on interface eth0", "kind": "event", diff --git a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-hostnames.log-expected.json b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-hostnames.log-expected.json index 952f3f8fa6e..2a155b8e520 100644 --- a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-hostnames.log-expected.json +++ b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-hostnames.log-expected.json @@ -36,7 +36,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.434333700Z", + "ingested": "2021-02-15T11:59:18.160655555Z", "code": "302021", "original": "%ASA-6-302021: Teardown ICMP connection for faddr target.destination.hostname.local/10005 gaddr 10.0.55.66/0 laddr Prod-host.name.addr/0", "kind": "event", @@ -93,7 +93,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.434345500Z", + "ingested": "2021-02-15T11:59:18.160661533Z", "code": "302021", "original": "%ASA-6-302021: Teardown ICMP connection for faddr 192.0.2.15/0 gaddr 192.0.2.134/57808 laddr 192.0.2.134/57808 type 8 code 0", "kind": "event", diff --git a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-not-ip.log-expected.json index 06ea0ff0a30..0a666fa9c37 100644 --- a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-not-ip.log-expected.json @@ -45,7 +45,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.496540700Z", + "ingested": "2021-02-15T11:59:18.220568296Z", "code": "106100", "original": "%ASA-5-106100: access-list AL-DMZ-LB-IN denied tcp LB-DMZ/WHAT-IS-THIS-A-HOSTNAME-192.0.2.244(27218) -\u003e OUTSIDE/203.0.113.42(53) hit-cnt 1 first hit [0x16847359, 0x00000000]", "kind": "event", @@ -109,7 +109,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.496551300Z", + "ingested": "2021-02-15T11:59:18.220577800Z", "code": "302021", "original": "%ASA-6-302021: Teardown ICMP connection for faddr 172.24.177.29/0 gaddr mydomain.example.net/17233 laddr 192.168.132.46/17233", "kind": "event", @@ -186,7 +186,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.496558300Z", + "ingested": "2021-02-15T11:59:18.220579829Z", "code": "338204", "original": "%ASA-4-338204: Dynamic filter dropped greylisted TCP traffic from eth0:10.10.10.1/1234 (source.example.net/11234) to wan:172.24.177.3/80 (www.example.org/80), destination malicious address resolved from dynamic list: example.org, threat-level: high, category: malware", "kind": "event", diff --git a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-sample.log-expected.json index 7d00a6a1aa6..ba5e377aa0b 100644 --- a/packages/cisco/data_stream/asa/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco/data_stream/asa/_dev/test/pipeline/test-sample.log-expected.json @@ -38,7 +38,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.618477900Z", + "ingested": "2021-02-15T11:59:18.333599079Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 by access-group \"acl_dmz\" [0xe3aab522, 0x0]", "kind": "event", @@ -103,7 +103,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.618510200Z", + "ingested": "2021-02-15T11:59:18.333607301Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 type 3, code 0, by access-group \"acl_dmz\" [0xe3aab522, 0x0]", "kind": "event", @@ -168,7 +168,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.618517800Z", + "ingested": "2021-02-15T11:59:18.333609323Z", "code": "106100", "original": "%ASA-session-5-106100: access-list acl_in permitted tcp inside/10.1.2.16(2241) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -245,7 +245,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.618542800Z", + "ingested": "2021-02-15T11:59:18.333610966Z", "code": "106100", "original": "%ASA-6-106100: access-list inside denied udp inside/172.29.2.101(1039) -\u003e outside/192.0.2.10(53) hit-cnt 1 first hit [0xd820e56a, 0x0]", "kind": "event", @@ -317,7 +317,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.618561Z", + "ingested": "2021-02-15T11:59:18.333612675Z", "code": "106100", "original": "%ASA-6-106100: access-list inside permitted udp inside/172.29.2.3(1065) -\u003e outside/192.0.2.57(53) hit-cnt 144 300-second interval [0xe982c7a4, 0x0]", "kind": "event", @@ -378,7 +378,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.618566200Z", + "ingested": "2021-02-15T11:59:18.333614258Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4952 to outside:192.0.2.130/12834", "kind": "event", @@ -443,7 +443,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.618602500Z", + "ingested": "2021-02-15T11:59:18.333615831Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 89743274 for outside:192.0.2.43/443 (192.0.2.43/443) to outside:10.123.3.42/4952 (10.123.3.42.130/12834)", "kind": "event", @@ -511,7 +511,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.618608400Z", + "ingested": "2021-02-15T11:59:18.333617394Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic UDP translation from outside:10.123.1.35/52925 to outside:192.0.2.130/25882", "kind": "event", @@ -579,7 +579,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.618614400Z", + "ingested": "2021-02-15T11:59:18.333618949Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 89743275 for outside:192.0.2.222/53 (192.0.2.43/53) to outside:10.123.1.35/52925 (10.123.1.35/25882)", "kind": "event", @@ -647,7 +647,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.618620Z", + "ingested": "2021-02-15T11:59:18.333620556Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4953 to outside:192.0.2.130/45392", "kind": "event", @@ -713,7 +713,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.618626100Z", + "ingested": "2021-02-15T11:59:18.333622141Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 89743276 for outside:192.0.2.1/80 (192.0.2.1/80) to outside:10.123.3.42/4953 (10.123.3.130/45392)", "kind": "event", @@ -782,7 +782,7 @@ "event": { "severity": 6, "duration": 5025000000000, - "ingested": "2021-01-28T23:44:48.618652Z", + "ingested": "2021-02-15T11:59:18.333623997Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 89743275 for outside:192.0.2.222/53 to inside:10.123.1.35/52925 duration 1:23:45 bytes 140", "kind": "event", @@ -850,7 +850,7 @@ "event": { "severity": 6, "duration": 36000000000000, - "ingested": "2021-01-28T23:44:48.618687300Z", + "ingested": "2021-02-15T11:59:18.333625581Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 666 for outside:192.0.2.222/53 user1 to inside:10.123.1.35/52925 user2 duration 10:00:00 bytes 9999999", "kind": "event", @@ -918,7 +918,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.618695Z", + "ingested": "2021-02-15T11:59:18.333627151Z", "code": "302021", "original": "%ASA-6-302021: Teardown ICMP connection for faddr 172.24.177.29/0 gaddr 192.168.132.46/17233 laddr 192.168.132.46/17233", "kind": "event", @@ -976,7 +976,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.618702200Z", + "ingested": "2021-02-15T11:59:18.333628731Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:192.168.3.42/4954 to outside:192.0.0.130/10879", "kind": "event", @@ -1042,7 +1042,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.618708600Z", + "ingested": "2021-02-15T11:59:18.333630286Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 89743277 for outside:192.0.0.17/80 (192.0.0.17/80) to inside:192.168.3.42/4954 (10.0.0.130/10879)", "kind": "event", @@ -1100,7 +1100,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.618715800Z", + "ingested": "2021-02-15T11:59:18.333631955Z", "code": "106007", "original": "%ASA-2-106007: Deny inbound UDP from 192.0.0.66/12981 to 10.1.2.60/53 due to DNS Query", "kind": "event", @@ -1164,7 +1164,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.618741300Z", + "ingested": "2021-02-15T11:59:18.333633543Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2006) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1229,7 +1229,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.618773Z", + "ingested": "2021-02-15T11:59:18.333635107Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49734) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1294,7 +1294,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.618778900Z", + "ingested": "2021-02-15T11:59:18.333636673Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49735) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1359,7 +1359,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.618785300Z", + "ingested": "2021-02-15T11:59:18.333638223Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49736) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1424,7 +1424,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.618792700Z", + "ingested": "2021-02-15T11:59:18.333639826Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49737) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1489,7 +1489,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.618798900Z", + "ingested": "2021-02-15T11:59:18.333641392Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49738) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1554,7 +1554,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.618823400Z", + "ingested": "2021-02-15T11:59:18.333643071Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49746) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1619,7 +1619,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.618829200Z", + "ingested": "2021-02-15T11:59:18.333694158Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2007) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1684,7 +1684,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.618859Z", + "ingested": "2021-02-15T11:59:18.333700721Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.13(43013) -\u003e dmz/192.168.33.31(25) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1749,7 +1749,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.618884400Z", + "ingested": "2021-02-15T11:59:18.333708394Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2008) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1809,7 +1809,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.618908500Z", + "ingested": "2021-02-15T11:59:18.333710571Z", "code": "106006", "original": "%ASA-2-106006: Deny inbound UDP from 192.0.2.66/137 to 10.1.2.42/137 on interface inside", "kind": "event", @@ -1863,7 +1863,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.618996400Z", + "ingested": "2021-02-15T11:59:18.333728686Z", "code": "106007", "original": "%ASA-2-106007: Deny inbound UDP from 192.0.2.66/12981 to 10.1.5.60/53 due to DNS Query", "kind": "event", @@ -1927,7 +1927,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.619007800Z", + "ingested": "2021-02-15T11:59:18.333730409Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2009) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1992,7 +1992,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.619031200Z", + "ingested": "2021-02-15T11:59:18.333731971Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49776) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2057,7 +2057,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.619036800Z", + "ingested": "2021-02-15T11:59:18.333733570Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2010) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2122,7 +2122,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.619042100Z", + "ingested": "2021-02-15T11:59:18.333735142Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2011) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2187,7 +2187,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.619048100Z", + "ingested": "2021-02-15T11:59:18.333736729Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2012) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2252,7 +2252,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.619054Z", + "ingested": "2021-02-15T11:59:18.333738522Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group \"acl_out\" [0x71761f18, 0x0]", "kind": "event", @@ -2317,7 +2317,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.619059400Z", + "ingested": "2021-02-15T11:59:18.333740177Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group \"acl_out\" [0x71761f18, 0x0]", "kind": "event", @@ -2382,7 +2382,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.619065500Z", + "ingested": "2021-02-15T11:59:18.333741741Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.46(49840) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2447,7 +2447,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.619072700Z", + "ingested": "2021-02-15T11:59:18.333743336Z", "code": "106100", "original": "%ASA-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.16(2013) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2512,7 +2512,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.619079500Z", + "ingested": "2021-02-15T11:59:18.333744902Z", "code": "106100", "original": "%ASA-session-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2241) -\u003e outside/192.0.0.99(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2586,7 +2586,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.619085500Z", + "ingested": "2021-02-15T11:59:18.333746472Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 447235 for outside:192.168.77.12/11180 (192.168.77.12/11180) to identity:10.0.13.13/80 (10.0.13.13/80)", "kind": "event", @@ -2656,7 +2656,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.619109800Z", + "ingested": "2021-02-15T11:59:18.333748042Z", "code": "106023", "original": "%ASA-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group \"dmz\" [0x123a465e, 0x4c7bf613]", "kind": "event", @@ -2724,7 +2724,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.619116400Z", + "ingested": "2021-02-15T11:59:18.333749607Z", "code": "106023", "original": "%ASA-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group \"dmz\" [0x123a465e, 0x4c7bf613]", "kind": "event", @@ -2795,7 +2795,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.619123Z", + "ingested": "2021-02-15T11:59:18.333751205Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678)", "kind": "event", @@ -2868,7 +2868,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.619129600Z", + "ingested": "2021-02-15T11:59:18.333752775Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678)", "kind": "event", @@ -2940,7 +2940,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:44:48.619136200Z", + "ingested": "2021-02-15T11:59:18.333754329Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 447236 for outside:192.0.2.222/1234 to dmz:192.168.1.34/5678 duration 0:00:00 bytes 14804 TCP FINs", "kind": "event", @@ -3011,7 +3011,7 @@ "event": { "severity": 6, "duration": 68000000000, - "ingested": "2021-01-28T23:44:48.619143300Z", + "ingested": "2021-02-15T11:59:18.333755888Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", "kind": "event", @@ -3082,7 +3082,7 @@ "event": { "severity": 6, "duration": 68000000000, - "ingested": "2021-01-28T23:44:48.619148100Z", + "ingested": "2021-02-15T11:59:18.333757458Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", "kind": "event", @@ -3145,7 +3145,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.619153600Z", + "ingested": "2021-02-15T11:59:18.333759031Z", "code": "106015", "original": "%ASA-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside", "kind": "event", @@ -3204,7 +3204,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.619160100Z", + "ingested": "2021-02-15T11:59:18.333760611Z", "code": "106015", "original": "%ASA-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside", "kind": "event", @@ -3269,7 +3269,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.619166600Z", + "ingested": "2021-02-15T11:59:18.333762196Z", "code": "106023", "original": "%ASA-4-106023: Deny udp src dmz:192.168.1.34/5679 dst outside:192.0.0.12/5000 by access-group \"dmz\" [0x123a465e, 0x8c20f21]", "kind": "event", @@ -3338,7 +3338,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.619171900Z", + "ingested": "2021-02-15T11:59:18.333763965Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000)", "kind": "event", @@ -3409,7 +3409,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:44:48.619177300Z", + "ingested": "2021-02-15T11:59:18.333765532Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000)", "kind": "event", @@ -3481,7 +3481,7 @@ "event": { "severity": 6, "duration": 86399000000000, - "ingested": "2021-01-28T23:44:48.619183800Z", + "ingested": "2021-02-15T11:59:18.333767089Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 447237 for outside:192.0.2.222/1234 to dmz:10.10.10.10/1235 duration 23:59:59 bytes 11420 TCP FINs", "kind": "event", @@ -3544,7 +3544,7 @@ "event": { "severity": 6, "duration": 122000000000, - "ingested": "2021-01-28T23:44:48.619212Z", + "ingested": "2021-02-15T11:59:18.333768657Z", "code": "302016", "original": "%ASA-6-302016 Teardown UDP connection 40 for outside:10.44.4.4/500 to inside:10.44.2.2/500 duration 0:02:02 bytes 1416", "kind": "event", @@ -3611,7 +3611,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.619217400Z", + "ingested": "2021-02-15T11:59:18.333770266Z", "code": "106016", "original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", "kind": "event", @@ -3670,7 +3670,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.619222600Z", + "ingested": "2021-02-15T11:59:18.333771837Z", "code": "106016", "original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", "kind": "event", @@ -3729,7 +3729,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.619228400Z", + "ingested": "2021-02-15T11:59:18.333773401Z", "code": "106016", "original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", "kind": "event", @@ -3788,7 +3788,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.619252400Z", + "ingested": "2021-02-15T11:59:18.333774979Z", "code": "106016", "original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", "kind": "event", @@ -3847,7 +3847,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.619257600Z", + "ingested": "2021-02-15T11:59:18.333776620Z", "code": "106016", "original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", "kind": "event", @@ -3906,7 +3906,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.619263Z", + "ingested": "2021-02-15T11:59:18.333778190Z", "code": "106016", "original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", "kind": "event", @@ -3965,7 +3965,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.619269Z", + "ingested": "2021-02-15T11:59:18.333779783Z", "code": "106016", "original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic", "kind": "event", @@ -4024,7 +4024,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:44:48.619274800Z", + "ingested": "2021-02-15T11:59:18.333781385Z", "code": "106016", "original": "%ASA-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic", "kind": "event", @@ -4094,7 +4094,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.619281300Z", + "ingested": "2021-02-15T11:59:18.333782956Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:192.0.2.95/24069 dst inside:10.32.112.125/25 by access-group \"PERMIT_IN\" [0x0, 0x0]\"", "kind": "event", @@ -4150,7 +4150,7 @@ }, "event": { "severity": 3, - "ingested": "2021-01-28T23:44:48.619287800Z", + "ingested": "2021-02-15T11:59:18.333784523Z", "code": "313001", "original": "%ASA-3-313001: Denied ICMP type=3, code=3 from 10.2.3.5 on interface Outside", "kind": "event", @@ -4208,7 +4208,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.619294300Z", + "ingested": "2021-02-15T11:59:18.333786089Z", "code": "313004", "original": "%ASA-4-313004: Denied ICMP type=0, from laddr 172.16.30.2 on interface inside to 172.16.1.10: no matching session", "kind": "event", @@ -4287,7 +4287,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.619300800Z", + "ingested": "2021-02-15T11:59:18.333787661Z", "code": "338002", "original": "%ASA-4-338002: Dynamic Filter permitted black listed TCP traffic from inside:10.1.1.45/6798 (192.88.99.1/7890) to outside:192.88.99.129/80 (192.88.99.129/80), destination 192.88.99.129 resolved from dynamic list: bad.example.com", "kind": "event", @@ -4355,7 +4355,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.619307300Z", + "ingested": "2021-02-15T11:59:18.333789263Z", "code": "338004", "original": "%ASA-4-338004: Dynamic Filter monitored blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.223/80), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware", "kind": "event", @@ -4428,7 +4428,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:44:48.619312500Z", + "ingested": "2021-02-15T11:59:18.333790852Z", "code": "338008", "original": "%ASA-4-338008: Dynamic Filter dropped blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.223/80), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware", "kind": "event", @@ -4487,7 +4487,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.619317300Z", + "ingested": "2021-02-15T11:59:18.333792446Z", "code": "304001", "original": "%ASA-5-304001: 10.30.30.30 Accessed URL 192.0.2.1:/app", "kind": "event", @@ -4536,7 +4536,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.619322500Z", + "ingested": "2021-02-15T11:59:18.333794014Z", "code": "304001", "original": "%ASA-5-304001: 10.5.111.32 Accessed URL 192.0.2.32:http://example.com", "kind": "event", @@ -4590,7 +4590,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:44:48.619328600Z", + "ingested": "2021-02-15T11:59:18.333795578Z", "code": "304002", "original": "%ASA-5-304002: Access denied URL http://www.example.net/images/favicon.ico SRC 10.69.6.39 DEST 192.0.0.19 on interface inside", "kind": "event", diff --git a/packages/cisco/data_stream/asa/agent/stream/stream.yml.hbs b/packages/cisco/data_stream/asa/agent/stream/stream.yml.hbs index aab902841e6..5851b0bdecc 100644 --- a/packages/cisco/data_stream/asa/agent/stream/stream.yml.hbs +++ b/packages/cisco/data_stream/asa/agent/stream/stream.yml.hbs @@ -6,3 +6,7 @@ exclude_files: [".gz$"] tags: {{tags}} processors: - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.8.0 diff --git a/packages/cisco/data_stream/asa/agent/stream/udp.yml.hbs b/packages/cisco/data_stream/asa/agent/stream/udp.yml.hbs index 5a5f57955af..c5668a4d486 100644 --- a/packages/cisco/data_stream/asa/agent/stream/udp.yml.hbs +++ b/packages/cisco/data_stream/asa/agent/stream/udp.yml.hbs @@ -3,3 +3,7 @@ host: "{{udp_host}}:{{udp_port}}" tags: {{tags}} processors: - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.8.0 diff --git a/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml index 20325815fef..7b11c25d952 100644 --- a/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml @@ -1553,18 +1553,32 @@ processors: field: related.ip value: "{{source.ip}}" if: "ctx?.source?.ip != null" + allow_duplicates: false - append: field: related.ip value: "{{destination.ip}}" if: "ctx?.destination?.ip != null" + allow_duplicates: false - append: field: related.user value: "{{user.name}}" - if: "ctx?.user?.name != null" + if: ctx?.user?.name != null && ctx?.user?.name != '' + allow_duplicates: false + - append: + field: related.user + value: "{{host.user.name}}" + if: ctx?.host?.user?.name != null && ctx?.host?.user?.name != '' + allow_duplicates: false + - append: + field: related.user + value: "{{source.user.name}}" + if: ctx?.source?.user?.name != null && ctx?.source?.user?.name != '' + allow_duplicates: false - append: field: related.hash value: "{{file.hash.sha256}}" if: "ctx?.file?.hash?.sha256 != null" + allow_duplicates: false - append: field: related.hosts value: "{{host.hostname}}" diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-asa-fix.log-expected.json index d72d5179df9..4c06da11e07 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -51,7 +51,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.606030800Z", + "ingested": "2021-02-15T11:59:20.883266146Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 110577675 for Outside:10.123.123.123/53723(LOCAL\\Elastic) to Inside:10.233.123.123/53 duration 0:00:00 bytes 148 (zzzzzz)", "kind": "event", @@ -114,7 +114,6 @@ "SNL-ASA-VPN-A01" ], "ip": [ - "10.123.123.123", "10.123.123.123" ] }, @@ -123,7 +122,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.606054400Z", + "ingested": "2021-02-15T11:59:20.883279453Z", "code": "106023", "original": "%ASA-4-106023: Deny icmp src Inside:10.123.123.123 dst Outside:10.123.123.123 (type 11, code 0) by access-group \"Inside_access_in\" [0x0, 0x0]", "kind": "event", @@ -165,7 +164,6 @@ "@timestamp": "2013-04-15T09:36:50.000Z", "related": { "ip": [ - "10.123.123.123", "10.123.123.123" ] }, @@ -184,7 +182,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.606081600Z", + "ingested": "2021-02-15T11:59:20.883281271Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src dmz:10.123.123.123/6316 dst outside:10.123.123.123/53 type 3, code 0, by access-group \"acl_dmz\" [0xe3afb522, 0x0]", "kind": "event", @@ -251,7 +249,6 @@ "SNL-ASA-VPN-A01" ], "ip": [ - "10.123.123.123", "10.123.123.123" ] }, @@ -260,7 +257,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.606089200Z", + "ingested": "2021-02-15T11:59:20.883282771Z", "code": "106023", "original": "%ASA-4-106023: Deny udp src Inside:10.123.123.123/57621(LOCAL\\Elastic) dst Outside:10.123.123.123/57621 by access-group \"Inside_access_in\" [0x0, 0x0]", "kind": "event", @@ -297,7 +294,6 @@ "SNL-ASA-VPN-A01" ], "ip": [ - "10.123.123.123", "10.123.123.123" ] }, @@ -317,7 +313,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:20.606097900Z", + "ingested": "2021-02-15T11:59:20.883284219Z", "code": "106017", "original": "%ASA-2-106017: Deny IP due to Land Attack from 10.123.123.123 to 10.123.123.123", "kind": "event", diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-asa.log-expected.json index 69c26e00296..87ab63bc9f0 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-asa.log-expected.json @@ -53,7 +53,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825444400Z", + "ingested": "2021-02-15T11:59:21.080295938Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:100.66.98.44/8256", "kind": "event", @@ -127,7 +127,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825454Z", + "ingested": "2021-02-15T11:59:21.080302732Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11757 for outside:100.66.205.104/80 (100.66.205.104/80) to inside:172.31.98.44/1772 (172.31.98.44/1772)", "kind": "event", @@ -207,7 +207,7 @@ "event": { "severity": 6, "duration": 67000000000, - "ingested": "2021-01-28T23:42:20.825460Z", + "ingested": "2021-02-15T11:59:21.080304129Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11749 for outside:100.66.211.242/80 to inside:172.31.98.44/1758 duration 0:01:07 bytes 38110 TCP Reset-I", "kind": "event", @@ -286,7 +286,7 @@ "event": { "severity": 6, "duration": 67000000000, - "ingested": "2021-01-28T23:42:20.825464700Z", + "ingested": "2021-02-15T11:59:21.080305401Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11748 for outside:100.66.211.242/80 to inside:172.31.98.44/1757 duration 0:01:07 bytes 44010 TCP Reset-I", "kind": "event", @@ -365,7 +365,7 @@ "event": { "severity": 6, "duration": 67000000000, - "ingested": "2021-01-28T23:42:20.825470700Z", + "ingested": "2021-02-15T11:59:21.080306629Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11745 for outside:100.66.185.90/80 to inside:172.31.98.44/1755 duration 0:01:07 bytes 7652 TCP Reset-I", "kind": "event", @@ -444,7 +444,7 @@ "event": { "severity": 6, "duration": 67000000000, - "ingested": "2021-01-28T23:42:20.825476600Z", + "ingested": "2021-02-15T11:59:21.080307863Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11744 for outside:100.66.185.90/80 to inside:172.31.98.44/1754 duration 0:01:07 bytes 7062 TCP Reset-I", "kind": "event", @@ -523,7 +523,7 @@ "event": { "severity": 6, "duration": 68000000000, - "ingested": "2021-01-28T23:42:20.825482800Z", + "ingested": "2021-02-15T11:59:21.080309078Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11742 for outside:100.66.160.197/80 to inside:172.31.98.44/1752 duration 0:01:08 bytes 5738 TCP Reset-I", "kind": "event", @@ -602,7 +602,7 @@ "event": { "severity": 6, "duration": 68000000000, - "ingested": "2021-01-28T23:42:20.825488400Z", + "ingested": "2021-02-15T11:59:21.080311962Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11738 for outside:100.66.205.14/80 to inside:172.31.98.44/1749 duration 0:01:08 bytes 4176 TCP Reset-I", "kind": "event", @@ -681,7 +681,7 @@ "event": { "severity": 6, "duration": 68000000000, - "ingested": "2021-01-28T23:42:20.825494700Z", + "ingested": "2021-02-15T11:59:21.080313204Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11739 for outside:100.66.124.33/80 to inside:172.31.98.44/1750 duration 0:01:08 bytes 1715 TCP Reset-I", "kind": "event", @@ -760,7 +760,7 @@ "event": { "severity": 6, "duration": 69000000000, - "ingested": "2021-01-28T23:42:20.825499800Z", + "ingested": "2021-02-15T11:59:21.080314409Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11731 for outside:100.66.35.9/80 to inside:172.31.98.44/1747 duration 0:01:09 bytes 45595 TCP Reset-I", "kind": "event", @@ -839,7 +839,7 @@ "event": { "severity": 6, "duration": 69000000000, - "ingested": "2021-01-28T23:42:20.825505Z", + "ingested": "2021-02-15T11:59:21.080315675Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11723 for outside:100.66.211.242/80 to inside:172.31.98.44/1742 duration 0:01:09 bytes 27359 TCP Reset-I", "kind": "event", @@ -918,7 +918,7 @@ "event": { "severity": 6, "duration": 69000000000, - "ingested": "2021-01-28T23:42:20.825511200Z", + "ingested": "2021-02-15T11:59:21.080317151Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11715 for outside:100.66.218.21/80 to inside:172.31.98.44/1741 duration 0:01:09 bytes 4457 TCP Reset-I", "kind": "event", @@ -997,7 +997,7 @@ "event": { "severity": 6, "duration": 69000000000, - "ingested": "2021-01-28T23:42:20.825518900Z", + "ingested": "2021-02-15T11:59:21.080318388Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11711 for outside:100.66.198.27/80 to inside:172.31.98.44/1739 duration 0:01:09 bytes 26709 TCP Reset-I", "kind": "event", @@ -1076,7 +1076,7 @@ "event": { "severity": 6, "duration": 69000000000, - "ingested": "2021-01-28T23:42:20.825526600Z", + "ingested": "2021-02-15T11:59:21.080319600Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11712 for outside:100.66.198.27/80 to inside:172.31.98.44/1740 duration 0:01:09 bytes 22097 TCP Reset-I", "kind": "event", @@ -1155,7 +1155,7 @@ "event": { "severity": 6, "duration": 70000000000, - "ingested": "2021-01-28T23:42:20.825534300Z", + "ingested": "2021-02-15T11:59:21.080320832Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11708 for outside:100.66.202.211/80 to inside:172.31.98.44/1738 duration 0:01:10 bytes 2209 TCP Reset-I", "kind": "event", @@ -1234,7 +1234,7 @@ "event": { "severity": 6, "duration": 67000000000, - "ingested": "2021-01-28T23:42:20.825541900Z", + "ingested": "2021-02-15T11:59:21.080322054Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11746 for outside:100.66.124.15/80 to inside:172.31.98.44/1756 duration 0:01:07 bytes 10404 TCP Reset-I", "kind": "event", @@ -1313,7 +1313,7 @@ "event": { "severity": 6, "duration": 70000000000, - "ingested": "2021-01-28T23:42:20.825549700Z", + "ingested": "2021-02-15T11:59:21.080323398Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11706 for outside:100.66.124.15/80 to inside:172.31.98.44/1737 duration 0:01:10 bytes 123694 TCP Reset-I", "kind": "event", @@ -1392,7 +1392,7 @@ "event": { "severity": 6, "duration": 71000000000, - "ingested": "2021-01-28T23:42:20.825557400Z", + "ingested": "2021-02-15T11:59:21.080324617Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11702 for outside:100.66.209.247/80 to inside:172.31.98.44/1736 duration 0:01:11 bytes 35835 TCP Reset-I", "kind": "event", @@ -1471,7 +1471,7 @@ "event": { "severity": 6, "duration": 30000000000, - "ingested": "2021-01-28T23:42:20.825565100Z", + "ingested": "2021-02-15T11:59:21.080325872Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11753 for outside:100.66.35.162/80 to inside:172.31.98.44/1765 duration 0:00:30 bytes 0 SYN Timeout", "kind": "event", @@ -1548,7 +1548,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825570100Z", + "ingested": "2021-02-15T11:59:21.080327084Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1188", "kind": "event", @@ -1622,7 +1622,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825576300Z", + "ingested": "2021-02-15T11:59:21.080328306Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11758 for outside:100.66.80.32/53 (100.66.80.32/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -1702,7 +1702,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825582600Z", + "ingested": "2021-02-15T11:59:21.080329523Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11758 for outside:100.66.80.32/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 148", "kind": "event", @@ -1780,7 +1780,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825588700Z", + "ingested": "2021-02-15T11:59:21.080330761Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11759 for outside:100.66.252.6/53 (100.66.252.6/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -1860,7 +1860,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825593800Z", + "ingested": "2021-02-15T11:59:21.080332090Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11759 for outside:100.66.252.6/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 164", "kind": "event", @@ -1937,7 +1937,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825600Z", + "ingested": "2021-02-15T11:59:21.080333320Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1773 to outside:100.66.98.44/8257", "kind": "event", @@ -2011,7 +2011,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825607500Z", + "ingested": "2021-02-15T11:59:21.080350972Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11760 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1773 (172.31.98.44/1773)", "kind": "event", @@ -2089,7 +2089,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825612700Z", + "ingested": "2021-02-15T11:59:21.080352166Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1774 to outside:100.66.98.44/8258", "kind": "event", @@ -2163,7 +2163,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825617800Z", + "ingested": "2021-02-15T11:59:21.080353315Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11761 for outside:100.66.252.226/80 (100.66.252.226/80) to inside:172.31.98.44/1774 (172.31.98.44/1774)", "kind": "event", @@ -2242,7 +2242,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825622700Z", + "ingested": "2021-02-15T11:59:21.080354468Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11762 for outside:100.66.238.126/53 (100.66.238.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -2321,7 +2321,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825628800Z", + "ingested": "2021-02-15T11:59:21.080355648Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11763 for outside:100.66.93.51/53 (100.66.93.51/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -2401,7 +2401,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825636400Z", + "ingested": "2021-02-15T11:59:21.080356805Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11762 for outside:100.66.238.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 111", "kind": "event", @@ -2480,7 +2480,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825641400Z", + "ingested": "2021-02-15T11:59:21.080357979Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11763 for outside:100.66.93.51/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 237", "kind": "event", @@ -2557,7 +2557,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825646200Z", + "ingested": "2021-02-15T11:59:21.080359187Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1775 to outside:100.66.98.44/8259", "kind": "event", @@ -2631,7 +2631,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825652300Z", + "ingested": "2021-02-15T11:59:21.080383490Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11764 for outside:100.66.225.103/443 (100.66.225.103/443) to inside:172.31.98.44/1775 (172.31.98.44/1775)", "kind": "event", @@ -2709,7 +2709,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825661600Z", + "ingested": "2021-02-15T11:59:21.080384824Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1189", "kind": "event", @@ -2783,7 +2783,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825669400Z", + "ingested": "2021-02-15T11:59:21.080386061Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11772 for outside:100.66.240.126/53 (100.66.240.126/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -2862,7 +2862,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825677Z", + "ingested": "2021-02-15T11:59:21.080387273Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11773 for outside:100.66.44.45/53 (100.66.44.45/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -2942,7 +2942,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825684700Z", + "ingested": "2021-02-15T11:59:21.080388477Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11772 for outside:100.66.240.126/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 87", "kind": "event", @@ -3021,7 +3021,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825692400Z", + "ingested": "2021-02-15T11:59:21.080389684Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11773 for outside:100.66.44.45/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 221", "kind": "event", @@ -3098,7 +3098,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825700Z", + "ingested": "2021-02-15T11:59:21.080390882Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1452 to outside:100.66.98.44/8265", "kind": "event", @@ -3172,7 +3172,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825707600Z", + "ingested": "2021-02-15T11:59:21.080392087Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11774 for outside:100.66.179.219/80 (100.66.179.219/80) to inside:172.31.98.44/1452 (172.31.98.44/1452)", "kind": "event", @@ -3251,7 +3251,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825715200Z", + "ingested": "2021-02-15T11:59:21.080393299Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11775 for outside:100.66.157.232/53 (100.66.157.232/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -3330,7 +3330,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825720100Z", + "ingested": "2021-02-15T11:59:21.080394510Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11776 for outside:100.66.178.133/53 (100.66.178.133/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -3410,7 +3410,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825724800Z", + "ingested": "2021-02-15T11:59:21.080395722Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11775 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 101", "kind": "event", @@ -3489,7 +3489,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825730800Z", + "ingested": "2021-02-15T11:59:21.080396930Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11776 for outside:100.66.178.133/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 126", "kind": "event", @@ -3566,7 +3566,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825736700Z", + "ingested": "2021-02-15T11:59:21.080398139Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1453 to outside:100.66.98.44/8266", "kind": "event", @@ -3640,7 +3640,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825742900Z", + "ingested": "2021-02-15T11:59:21.080399352Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11777 for outside:100.66.133.112/80 (100.66.133.112/80) to inside:172.31.98.44/1453 (172.31.98.44/1453)", "kind": "event", @@ -3720,7 +3720,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825748500Z", + "ingested": "2021-02-15T11:59:21.080400549Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11777 for outside:100.66.133.112/80 to inside:172.31.98.44/1453 duration 0:00:00 bytes 862 TCP FINs", "kind": "event", @@ -3798,7 +3798,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825754800Z", + "ingested": "2021-02-15T11:59:21.080401749Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11779 for outside:100.66.204.197/53 (100.66.204.197/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -3878,7 +3878,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825759900Z", + "ingested": "2021-02-15T11:59:21.080402963Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11778 for outside:100.66.157.232/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "kind": "event", @@ -3957,7 +3957,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825765200Z", + "ingested": "2021-02-15T11:59:21.080404277Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11779 for outside:100.66.204.197/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 176", "kind": "event", @@ -4034,7 +4034,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825771200Z", + "ingested": "2021-02-15T11:59:21.080405492Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267", "kind": "event", @@ -4108,7 +4108,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825778900Z", + "ingested": "2021-02-15T11:59:21.080406706Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11780 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1454 (172.31.98.44/1454)", "kind": "event", @@ -4186,7 +4186,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825786500Z", + "ingested": "2021-02-15T11:59:21.080407917Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268", "kind": "event", @@ -4260,7 +4260,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825794200Z", + "ingested": "2021-02-15T11:59:21.080409124Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11781 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1455 (172.31.98.44/1455)", "kind": "event", @@ -4338,7 +4338,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825801900Z", + "ingested": "2021-02-15T11:59:21.080410324Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269", "kind": "event", @@ -4412,7 +4412,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825809600Z", + "ingested": "2021-02-15T11:59:21.080411524Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11782 for outside:100.66.128.3/80 (100.66.128.3/80) to inside:172.31.98.44/1456 (172.31.98.44/1456)", "kind": "event", @@ -4491,7 +4491,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825817400Z", + "ingested": "2021-02-15T11:59:21.080412760Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11783 for outside:100.66.100.4/53 (100.66.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -4571,7 +4571,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825825700Z", + "ingested": "2021-02-15T11:59:21.080413965Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11783 for outside:100.66.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "kind": "event", @@ -4648,7 +4648,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825830900Z", + "ingested": "2021-02-15T11:59:21.080415173Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270", "kind": "event", @@ -4722,7 +4722,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825837200Z", + "ingested": "2021-02-15T11:59:21.080416377Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11784 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1457 (172.31.98.44/1457)", "kind": "event", @@ -4800,7 +4800,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825844400Z", + "ingested": "2021-02-15T11:59:21.080417589Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271", "kind": "event", @@ -4874,7 +4874,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825872200Z", + "ingested": "2021-02-15T11:59:21.080418811Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11785 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1458 (172.31.98.44/1458)", "kind": "event", @@ -4953,7 +4953,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825877900Z", + "ingested": "2021-02-15T11:59:21.080420012Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11786 for outside:100.66.1.107/53 (100.66.1.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -5033,7 +5033,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825898300Z", + "ingested": "2021-02-15T11:59:21.080421223Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11784 for outside:100.66.198.40/80 to inside:172.31.98.44/1457 duration 0:00:00 bytes 593 TCP FINs", "kind": "event", @@ -5110,7 +5110,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825917900Z", + "ingested": "2021-02-15T11:59:21.080422426Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272", "kind": "event", @@ -5184,7 +5184,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825923200Z", + "ingested": "2021-02-15T11:59:21.080423641Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11787 for outside:100.66.198.40/80 (100.66.198.40/80) to inside:172.31.98.44/1459 (172.31.98.44/1459)", "kind": "event", @@ -5264,7 +5264,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.825928500Z", + "ingested": "2021-02-15T11:59:21.080424852Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11786 for outside:100.66.1.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 375", "kind": "event", @@ -5341,7 +5341,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825933300Z", + "ingested": "2021-02-15T11:59:21.080426062Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273", "kind": "event", @@ -5415,7 +5415,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825939500Z", + "ingested": "2021-02-15T11:59:21.080427272Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11788 for outside:100.66.192.44/80 (100.66.192.44/80) to inside:172.31.98.44/1460 (172.31.98.44/1460)", "kind": "event", @@ -5465,7 +5465,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825947100Z", + "ingested": "2021-02-15T11:59:21.080428484Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1454 to outside:100.66.98.44/8267 duration 0:00:30", "kind": "event", @@ -5536,7 +5536,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825972Z", + "ingested": "2021-02-15T11:59:21.080429695Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1385 to outside:100.66.98.44/8277", "kind": "event", @@ -5610,7 +5610,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825977200Z", + "ingested": "2021-02-15T11:59:21.080430906Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11797 for outside:100.66.19.254/80 (100.66.19.254/80) to inside:172.31.156.80/1385 (172.31.156.80/1385)", "kind": "event", @@ -5660,7 +5660,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825983400Z", + "ingested": "2021-02-15T11:59:21.080432122Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1455 to outside:100.66.98.44/8268 duration 0:00:30", "kind": "event", @@ -5703,7 +5703,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825991500Z", + "ingested": "2021-02-15T11:59:21.080433424Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1456 to outside:100.66.98.44/8269 duration 0:00:30", "kind": "event", @@ -5746,7 +5746,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.825999300Z", + "ingested": "2021-02-15T11:59:21.080434672Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1457 to outside:100.66.98.44/8270 duration 0:00:30", "kind": "event", @@ -5789,7 +5789,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826021800Z", + "ingested": "2021-02-15T11:59:21.080435892Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1458 to outside:100.66.98.44/8271 duration 0:00:30", "kind": "event", @@ -5832,7 +5832,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826030200Z", + "ingested": "2021-02-15T11:59:21.080437104Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1459 to outside:100.66.98.44/8272 duration 0:00:30", "kind": "event", @@ -5875,7 +5875,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826036Z", + "ingested": "2021-02-15T11:59:21.080438318Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1460 to outside:100.66.98.44/8273 duration 0:00:30", "kind": "event", @@ -5948,7 +5948,7 @@ "event": { "severity": 6, "duration": 325000000000, - "ingested": "2021-01-28T23:42:20.826042900Z", + "ingested": "2021-02-15T11:59:21.080439532Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11564 for outside:100.66.115.46/80 to inside:172.31.156.80/1382 duration 0:05:25 bytes 575 TCP FINs", "kind": "event", @@ -6027,7 +6027,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826050Z", + "ingested": "2021-02-15T11:59:21.080440735Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11797 for outside:100.66.19.254/80 to inside:172.31.156.80/1385 duration 0:00:00 bytes 5391 TCP Reset-I", "kind": "event", @@ -6104,7 +6104,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826056900Z", + "ingested": "2021-02-15T11:59:21.080441944Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.156.80/1386 to outside:100.66.98.44/8278", "kind": "event", @@ -6178,7 +6178,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826062700Z", + "ingested": "2021-02-15T11:59:21.080443159Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11798 for outside:100.66.115.46/80 (100.66.115.46/80) to inside:172.31.156.80/1386 (172.31.156.80/1386)", "kind": "event", @@ -6256,7 +6256,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826069400Z", + "ingested": "2021-02-15T11:59:21.080444400Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6332,7 +6332,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826077900Z", + "ingested": "2021-02-15T11:59:21.080445611Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6408,7 +6408,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826083800Z", + "ingested": "2021-02-15T11:59:21.080446820Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6484,7 +6484,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826089600Z", + "ingested": "2021-02-15T11:59:21.080448027Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6560,7 +6560,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826096300Z", + "ingested": "2021-02-15T11:59:21.080449232Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6636,7 +6636,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826102700Z", + "ingested": "2021-02-15T11:59:21.080450438Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6712,7 +6712,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826109500Z", + "ingested": "2021-02-15T11:59:21.080451652Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6788,7 +6788,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826118100Z", + "ingested": "2021-02-15T11:59:21.080452864Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6864,7 +6864,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826126500Z", + "ingested": "2021-02-15T11:59:21.080454076Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -6940,7 +6940,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826134800Z", + "ingested": "2021-02-15T11:59:21.080456441Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -7016,7 +7016,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826158Z", + "ingested": "2021-02-15T11:59:21.080457667Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -7092,7 +7092,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826232800Z", + "ingested": "2021-02-15T11:59:21.080458917Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -7168,7 +7168,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.826238200Z", + "ingested": "2021-02-15T11:59:21.080460182Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.19.254/80 dst inside:172.31.98.44/8277 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -7244,7 +7244,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826244400Z", + "ingested": "2021-02-15T11:59:21.080461387Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1275 to outside:100.66.98.44/8279", "kind": "event", @@ -7318,7 +7318,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826250500Z", + "ingested": "2021-02-15T11:59:21.080462642Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11799 for outside:100.66.205.99/80 (100.66.205.99/80) to inside:172.31.98.44/1275 (172.31.98.44/1275)", "kind": "event", @@ -7396,7 +7396,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826255900Z", + "ingested": "2021-02-15T11:59:21.080463979Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic UDP translation from inside:172.31.98.44/56132 to outside:100.66.98.44/1190", "kind": "event", @@ -7470,7 +7470,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826260800Z", + "ingested": "2021-02-15T11:59:21.080465178Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11800 for outside:100.66.14.30/53 (100.66.14.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -7550,7 +7550,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826266Z", + "ingested": "2021-02-15T11:59:21.080466384Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11800 for outside:100.66.14.30/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 373", "kind": "event", @@ -7628,7 +7628,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826272300Z", + "ingested": "2021-02-15T11:59:21.080467592Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11801 for outside:100.66.252.210/53 (100.66.252.210/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -7708,7 +7708,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826277800Z", + "ingested": "2021-02-15T11:59:21.080485757Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11801 for outside:100.66.252.210/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 207", "kind": "event", @@ -7785,7 +7785,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826283100Z", + "ingested": "2021-02-15T11:59:21.080487096Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1276 to outside:100.66.98.44/8280", "kind": "event", @@ -7859,7 +7859,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826302600Z", + "ingested": "2021-02-15T11:59:21.080488275Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11802 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1276 (172.31.98.44/1276)", "kind": "event", @@ -7937,7 +7937,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826308700Z", + "ingested": "2021-02-15T11:59:21.080489439Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1277 to outside:100.66.98.44/8281", "kind": "event", @@ -8011,7 +8011,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826315700Z", + "ingested": "2021-02-15T11:59:21.080490663Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11803 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1277 (172.31.98.44/1277)", "kind": "event", @@ -8091,7 +8091,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826323200Z", + "ingested": "2021-02-15T11:59:21.080491825Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11802 for outside:100.66.98.165/80 to inside:172.31.98.44/1276 duration 0:00:00 bytes 12853 TCP FINs", "kind": "event", @@ -8168,7 +8168,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826344900Z", + "ingested": "2021-02-15T11:59:21.080514507Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1278 to outside:100.66.98.44/8282", "kind": "event", @@ -8242,7 +8242,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826350300Z", + "ingested": "2021-02-15T11:59:21.080515743Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11804 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1278 (172.31.98.44/1278)", "kind": "event", @@ -8322,7 +8322,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826372200Z", + "ingested": "2021-02-15T11:59:21.080517096Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11803 for outside:100.66.98.165/80 to inside:172.31.98.44/1277 duration 0:00:00 bytes 5291 TCP FINs", "kind": "event", @@ -8399,7 +8399,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826380700Z", + "ingested": "2021-02-15T11:59:21.080518328Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1279 to outside:100.66.98.44/8283", "kind": "event", @@ -8473,7 +8473,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826404300Z", + "ingested": "2021-02-15T11:59:21.080519538Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11805 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1279 (172.31.98.44/1279)", "kind": "event", @@ -8553,7 +8553,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826428200Z", + "ingested": "2021-02-15T11:59:21.080520740Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11804 for outside:100.66.98.165/80 to inside:172.31.98.44/1278 duration 0:00:00 bytes 965 TCP FINs", "kind": "event", @@ -8632,7 +8632,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826433800Z", + "ingested": "2021-02-15T11:59:21.080521947Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11805 for outside:100.66.98.165/80 to inside:172.31.98.44/1279 duration 0:00:00 bytes 8605 TCP FINs", "kind": "event", @@ -8709,7 +8709,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826441400Z", + "ingested": "2021-02-15T11:59:21.080523174Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1280 to outside:100.66.98.44/8284", "kind": "event", @@ -8783,7 +8783,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826473300Z", + "ingested": "2021-02-15T11:59:21.080524392Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11806 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1280 (172.31.98.44/1280)", "kind": "event", @@ -8863,7 +8863,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826493900Z", + "ingested": "2021-02-15T11:59:21.080525596Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11806 for outside:100.66.98.165/80 to inside:172.31.98.44/1280 duration 0:00:00 bytes 3428 TCP FINs", "kind": "event", @@ -8940,7 +8940,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826499400Z", + "ingested": "2021-02-15T11:59:21.080526806Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1281 to outside:100.66.98.44/8285", "kind": "event", @@ -9014,7 +9014,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826506300Z", + "ingested": "2021-02-15T11:59:21.080528007Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11807 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1281 (172.31.98.44/1281)", "kind": "event", @@ -9092,7 +9092,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826528700Z", + "ingested": "2021-02-15T11:59:21.080529234Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1282 to outside:100.66.98.44/8286", "kind": "event", @@ -9166,7 +9166,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826533800Z", + "ingested": "2021-02-15T11:59:21.080530445Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11808 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1282 (172.31.98.44/1282)", "kind": "event", @@ -9244,7 +9244,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826556400Z", + "ingested": "2021-02-15T11:59:21.080531656Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1283 to outside:100.66.98.44/8287", "kind": "event", @@ -9318,7 +9318,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826565300Z", + "ingested": "2021-02-15T11:59:21.080532867Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11809 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1283 (172.31.98.44/1283)", "kind": "event", @@ -9396,7 +9396,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826570800Z", + "ingested": "2021-02-15T11:59:21.080534080Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1284 to outside:100.66.98.44/8288", "kind": "event", @@ -9470,7 +9470,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826576100Z", + "ingested": "2021-02-15T11:59:21.080535292Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11810 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1284 (172.31.98.44/1284)", "kind": "event", @@ -9550,7 +9550,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826582400Z", + "ingested": "2021-02-15T11:59:21.080536507Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11807 for outside:100.66.98.165/80 to inside:172.31.98.44/1281 duration 0:00:00 bytes 2028 TCP FINs", "kind": "event", @@ -9629,7 +9629,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826589200Z", + "ingested": "2021-02-15T11:59:21.080537705Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11808 for outside:100.66.98.165/80 to inside:172.31.98.44/1282 duration 0:00:00 bytes 1085 TCP FINs", "kind": "event", @@ -9708,7 +9708,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826602200Z", + "ingested": "2021-02-15T11:59:21.080538916Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11809 for outside:100.66.98.165/80 to inside:172.31.98.44/1283 duration 0:00:00 bytes 868 TCP FINs", "kind": "event", @@ -9785,7 +9785,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826609700Z", + "ingested": "2021-02-15T11:59:21.080540125Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1285 to outside:100.66.98.44/8289", "kind": "event", @@ -9859,7 +9859,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826617600Z", + "ingested": "2021-02-15T11:59:21.080541327Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11811 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1285 (172.31.98.44/1285)", "kind": "event", @@ -9937,7 +9937,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826623400Z", + "ingested": "2021-02-15T11:59:21.080542526Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1286 to outside:100.66.98.44/8290", "kind": "event", @@ -10011,7 +10011,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826630500Z", + "ingested": "2021-02-15T11:59:21.080543735Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11812 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1286 (172.31.98.44/1286)", "kind": "event", @@ -10091,7 +10091,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826639Z", + "ingested": "2021-02-15T11:59:21.080544954Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11810 for outside:100.66.98.165/80 to inside:172.31.98.44/1284 duration 0:00:00 bytes 4439 TCP FINs", "kind": "event", @@ -10168,7 +10168,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826647500Z", + "ingested": "2021-02-15T11:59:21.080546162Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1287 to outside:100.66.98.44/8291", "kind": "event", @@ -10242,7 +10242,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826656Z", + "ingested": "2021-02-15T11:59:21.080547377Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11813 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1287 (172.31.98.44/1287)", "kind": "event", @@ -10322,7 +10322,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826679200Z", + "ingested": "2021-02-15T11:59:21.080548604Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11811 for outside:100.66.98.165/80 to inside:172.31.98.44/1285 duration 0:00:00 bytes 914 TCP FINs", "kind": "event", @@ -10401,7 +10401,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826701800Z", + "ingested": "2021-02-15T11:59:21.080549855Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11812 for outside:100.66.98.165/80 to inside:172.31.98.44/1286 duration 0:00:00 bytes 871 TCP FINs", "kind": "event", @@ -10479,7 +10479,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826727800Z", + "ingested": "2021-02-15T11:59:21.080551065Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11814 for outside:100.66.100.107/53 (100.66.100.107/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -10557,7 +10557,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826734600Z", + "ingested": "2021-02-15T11:59:21.080552266Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1288 to outside:100.66.98.44/8292", "kind": "event", @@ -10631,7 +10631,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826742700Z", + "ingested": "2021-02-15T11:59:21.080553476Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11815 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1288 (172.31.98.44/1288)", "kind": "event", @@ -10711,7 +10711,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826763300Z", + "ingested": "2021-02-15T11:59:21.080554702Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11814 for outside:100.66.100.107/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 384", "kind": "event", @@ -10789,7 +10789,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826768400Z", + "ingested": "2021-02-15T11:59:21.080555916Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11816 for outside:100.66.104.8/53 (100.66.104.8/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -10869,7 +10869,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826789300Z", + "ingested": "2021-02-15T11:59:21.080557135Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11816 for outside:100.66.104.8/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 94", "kind": "event", @@ -10946,7 +10946,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826797100Z", + "ingested": "2021-02-15T11:59:21.080558349Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1289 to outside:100.66.98.44/8293", "kind": "event", @@ -11020,7 +11020,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826804800Z", + "ingested": "2021-02-15T11:59:21.080559582Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11817 for outside:100.66.123.191/80 (100.66.123.191/80) to inside:172.31.98.44/1289 (172.31.98.44/1289)", "kind": "event", @@ -11100,7 +11100,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826809900Z", + "ingested": "2021-02-15T11:59:21.080560817Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11815 for outside:100.66.98.165/80 to inside:172.31.98.44/1288 duration 0:00:00 bytes 945 TCP FINs", "kind": "event", @@ -11179,7 +11179,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826816100Z", + "ingested": "2021-02-15T11:59:21.080562030Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11813 for outside:100.66.98.165/80 to inside:172.31.98.44/1287 duration 0:00:00 bytes 13284 TCP FINs", "kind": "event", @@ -11257,7 +11257,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826821100Z", + "ingested": "2021-02-15T11:59:21.080563247Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11818 for outside:100.66.100.4/53 (100.66.100.4/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -11337,7 +11337,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826827Z", + "ingested": "2021-02-15T11:59:21.080564455Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11818 for outside:100.66.100.4/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "kind": "event", @@ -11414,7 +11414,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826833Z", + "ingested": "2021-02-15T11:59:21.080565678Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1290 to outside:100.66.98.44/8294", "kind": "event", @@ -11488,7 +11488,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826840700Z", + "ingested": "2021-02-15T11:59:21.080566942Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11819 for outside:100.66.198.25/80 (100.66.198.25/80) to inside:172.31.98.44/1290 (172.31.98.44/1290)", "kind": "event", @@ -11568,7 +11568,7 @@ "event": { "severity": 6, "duration": 3526000000000, - "ingested": "2021-01-28T23:42:20.826848400Z", + "ingested": "2021-02-15T11:59:21.080568155Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 9828 for outside:100.66.48.1/67 to NP Identity Ifc:255.255.255.255/68 duration 0:58:46 bytes 58512", "kind": "event", @@ -11617,7 +11617,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826856300Z", + "ingested": "2021-02-15T11:59:21.080569397Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1272 to outside:100.66.98.44/8276 duration 0:00:30", "kind": "event", @@ -11689,7 +11689,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826864200Z", + "ingested": "2021-02-15T11:59:21.080570622Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11820 for outside:100.66.3.39/53 (100.66.3.39/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -11768,7 +11768,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826869800Z", + "ingested": "2021-02-15T11:59:21.080571828Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11821 for outside:100.66.162.30/53 (100.66.162.30/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -11848,7 +11848,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826875Z", + "ingested": "2021-02-15T11:59:21.080573052Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11820 for outside:100.66.3.39/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 168", "kind": "event", @@ -11926,7 +11926,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826881Z", + "ingested": "2021-02-15T11:59:21.080574271Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11822 for outside:100.66.3.39/53 (100.66.3.39/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -12006,7 +12006,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826886900Z", + "ingested": "2021-02-15T11:59:21.080575507Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11821 for outside:100.66.162.30/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 198", "kind": "event", @@ -12085,7 +12085,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826893100Z", + "ingested": "2021-02-15T11:59:21.080576727Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11822 for outside:100.66.3.39/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 150", "kind": "event", @@ -12163,7 +12163,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826900800Z", + "ingested": "2021-02-15T11:59:21.080577937Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11823 for outside:100.66.48.186/53 (100.66.48.186/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -12243,7 +12243,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826905900Z", + "ingested": "2021-02-15T11:59:21.080579155Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11823 for outside:100.66.48.186/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 84", "kind": "event", @@ -12320,7 +12320,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826932400Z", + "ingested": "2021-02-15T11:59:21.080580372Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1291 to outside:100.66.98.44/8295", "kind": "event", @@ -12394,7 +12394,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826939800Z", + "ingested": "2021-02-15T11:59:21.080581588Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11824 for outside:100.66.54.190/80 (100.66.54.190/80) to inside:172.31.98.44/1291 (172.31.98.44/1291)", "kind": "event", @@ -12473,7 +12473,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826946700Z", + "ingested": "2021-02-15T11:59:21.080582932Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11825 for outside:100.66.254.94/53 (100.66.254.94/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -12553,7 +12553,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.826966700Z", + "ingested": "2021-02-15T11:59:21.080585186Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11825 for outside:100.66.254.94/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 188", "kind": "event", @@ -12630,7 +12630,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826973100Z", + "ingested": "2021-02-15T11:59:21.080586438Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1292 to outside:100.66.98.44/8296", "kind": "event", @@ -12704,7 +12704,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.826996500Z", + "ingested": "2021-02-15T11:59:21.080587648Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11826 for outside:100.66.54.190/80 (100.66.54.190/80) to inside:172.31.98.44/1292 (172.31.98.44/1292)", "kind": "event", @@ -12782,7 +12782,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827004300Z", + "ingested": "2021-02-15T11:59:21.080588849Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1293 to outside:100.66.98.44/8297", "kind": "event", @@ -12856,7 +12856,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827009800Z", + "ingested": "2021-02-15T11:59:21.080590056Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11827 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1293 (172.31.98.44/1293)", "kind": "event", @@ -12934,7 +12934,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827015100Z", + "ingested": "2021-02-15T11:59:21.080591260Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1294 to outside:100.66.98.44/8298", "kind": "event", @@ -13008,7 +13008,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827020300Z", + "ingested": "2021-02-15T11:59:21.080592473Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11828 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1294 (172.31.98.44/1294)", "kind": "event", @@ -13088,7 +13088,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.827025200Z", + "ingested": "2021-02-15T11:59:21.080593703Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11827 for outside:100.66.98.165/80 to inside:172.31.98.44/1293 duration 0:00:00 bytes 5964 TCP FINs", "kind": "event", @@ -13165,7 +13165,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827031200Z", + "ingested": "2021-02-15T11:59:21.080594920Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1295 to outside:100.66.98.44/8299", "kind": "event", @@ -13239,7 +13239,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827037Z", + "ingested": "2021-02-15T11:59:21.080596135Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11829 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1295 (172.31.98.44/1295)", "kind": "event", @@ -13317,7 +13317,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827043200Z", + "ingested": "2021-02-15T11:59:21.080597343Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1296 to outside:100.66.98.44/8300", "kind": "event", @@ -13391,7 +13391,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827050800Z", + "ingested": "2021-02-15T11:59:21.080598543Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11830 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1296 (172.31.98.44/1296)", "kind": "event", @@ -13471,7 +13471,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.827058500Z", + "ingested": "2021-02-15T11:59:21.080615402Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11828 for outside:100.66.98.165/80 to inside:172.31.98.44/1294 duration 0:00:00 bytes 6694 TCP FINs", "kind": "event", @@ -13550,7 +13550,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.827066100Z", + "ingested": "2021-02-15T11:59:21.080616662Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11829 for outside:100.66.98.165/80 to inside:172.31.98.44/1295 duration 0:00:00 bytes 1493 TCP FINs", "kind": "event", @@ -13629,7 +13629,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.827073800Z", + "ingested": "2021-02-15T11:59:21.080617807Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11830 for outside:100.66.98.165/80 to inside:172.31.98.44/1296 duration 0:00:00 bytes 893 TCP FINs", "kind": "event", @@ -13706,7 +13706,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827081500Z", + "ingested": "2021-02-15T11:59:21.080618964Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1297 to outside:100.66.98.44/8301", "kind": "event", @@ -13780,7 +13780,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827089Z", + "ingested": "2021-02-15T11:59:21.080620122Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11831 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1297 (172.31.98.44/1297)", "kind": "event", @@ -13858,7 +13858,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827096700Z", + "ingested": "2021-02-15T11:59:21.080621275Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1298 to outside:100.66.98.44/8302", "kind": "event", @@ -13932,7 +13932,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827104300Z", + "ingested": "2021-02-15T11:59:21.080622433Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11832 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1298 (172.31.98.44/1298)", "kind": "event", @@ -14011,7 +14011,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827112100Z", + "ingested": "2021-02-15T11:59:21.080623643Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11833 for outside:100.66.179.9/53 (100.66.179.9/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -14091,7 +14091,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.827119700Z", + "ingested": "2021-02-15T11:59:21.080624794Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11833 for outside:100.66.179.9/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 150", "kind": "event", @@ -14170,7 +14170,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.827127300Z", + "ingested": "2021-02-15T11:59:21.080625951Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11831 for outside:100.66.98.165/80 to inside:172.31.98.44/1297 duration 0:00:00 bytes 2750 TCP FINs", "kind": "event", @@ -14247,7 +14247,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827134900Z", + "ingested": "2021-02-15T11:59:21.080650077Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1299 to outside:100.66.98.44/8303", "kind": "event", @@ -14321,7 +14321,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827142600Z", + "ingested": "2021-02-15T11:59:21.080651317Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11834 for outside:100.66.247.99/80 (100.66.247.99/80) to inside:172.31.98.44/1299 (172.31.98.44/1299)", "kind": "event", @@ -14399,7 +14399,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827150300Z", + "ingested": "2021-02-15T11:59:21.080652533Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1300 to outside:100.66.98.44/8304", "kind": "event", @@ -14473,7 +14473,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827157900Z", + "ingested": "2021-02-15T11:59:21.080653747Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11835 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1300 (172.31.98.44/1300)", "kind": "event", @@ -14553,7 +14553,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.827165600Z", + "ingested": "2021-02-15T11:59:21.080654957Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11832 for outside:100.66.98.165/80 to inside:172.31.98.44/1298 duration 0:00:00 bytes 881 TCP FINs", "kind": "event", @@ -14632,7 +14632,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.827173200Z", + "ingested": "2021-02-15T11:59:21.080656157Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11835 for outside:100.66.98.165/80 to inside:172.31.98.44/1300 duration 0:00:00 bytes 2202 TCP FINs", "kind": "event", @@ -14709,7 +14709,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827180900Z", + "ingested": "2021-02-15T11:59:21.080657360Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1301 to outside:100.66.98.44/8305", "kind": "event", @@ -14783,7 +14783,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827278500Z", + "ingested": "2021-02-15T11:59:21.080658579Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11836 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1301 (172.31.98.44/1301)", "kind": "event", @@ -14861,7 +14861,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827288300Z", + "ingested": "2021-02-15T11:59:21.080659781Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1302 to outside:100.66.98.44/8306", "kind": "event", @@ -14935,7 +14935,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827310200Z", + "ingested": "2021-02-15T11:59:21.080727813Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11837 for outside:100.66.98.165/80 (100.66.98.165/80) to inside:172.31.98.44/1302 (172.31.98.44/1302)", "kind": "event", @@ -14985,7 +14985,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827335400Z", + "ingested": "2021-02-15T11:59:21.080729686Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1276 to outside:100.66.98.44/8280 duration 0:00:30", "kind": "event", @@ -15028,7 +15028,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827343800Z", + "ingested": "2021-02-15T11:59:21.080747267Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1277 to outside:100.66.98.44/8281 duration 0:00:30", "kind": "event", @@ -15071,7 +15071,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827352500Z", + "ingested": "2021-02-15T11:59:21.080748517Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1278 to outside:100.66.98.44/8282 duration 0:00:30", "kind": "event", @@ -15114,7 +15114,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827374500Z", + "ingested": "2021-02-15T11:59:21.080749699Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1279 to outside:100.66.98.44/8283 duration 0:00:30", "kind": "event", @@ -15157,7 +15157,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827382400Z", + "ingested": "2021-02-15T11:59:21.080750891Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1280 to outside:100.66.98.44/8284 duration 0:00:30", "kind": "event", @@ -15200,7 +15200,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827390200Z", + "ingested": "2021-02-15T11:59:21.080752078Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1281 to outside:100.66.98.44/8285 duration 0:00:30", "kind": "event", @@ -15243,7 +15243,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827398Z", + "ingested": "2021-02-15T11:59:21.080753257Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1282 to outside:100.66.98.44/8286 duration 0:00:30", "kind": "event", @@ -15286,7 +15286,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827405900Z", + "ingested": "2021-02-15T11:59:21.080754433Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1283 to outside:100.66.98.44/8287 duration 0:00:30", "kind": "event", @@ -15329,7 +15329,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827413600Z", + "ingested": "2021-02-15T11:59:21.080778933Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1284 to outside:100.66.98.44/8288 duration 0:00:30", "kind": "event", @@ -15372,7 +15372,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827421400Z", + "ingested": "2021-02-15T11:59:21.080780261Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1285 to outside:100.66.98.44/8289 duration 0:00:30", "kind": "event", @@ -15415,7 +15415,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827449200Z", + "ingested": "2021-02-15T11:59:21.080781568Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1286 to outside:100.66.98.44/8290 duration 0:00:30", "kind": "event", @@ -15458,7 +15458,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827472Z", + "ingested": "2021-02-15T11:59:21.080782906Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1287 to outside:100.66.98.44/8291 duration 0:00:30", "kind": "event", @@ -15501,7 +15501,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827493800Z", + "ingested": "2021-02-15T11:59:21.080784220Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1288 to outside:100.66.98.44/8292 duration 0:00:30", "kind": "event", @@ -15544,7 +15544,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827501500Z", + "ingested": "2021-02-15T11:59:21.080785504Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1293 to outside:100.66.98.44/8297 duration 0:00:30", "kind": "event", @@ -15587,7 +15587,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827509100Z", + "ingested": "2021-02-15T11:59:21.080786800Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1294 to outside:100.66.98.44/8298 duration 0:00:30", "kind": "event", @@ -15658,7 +15658,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827518100Z", + "ingested": "2021-02-15T11:59:21.080788087Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1304 to outside:100.66.98.44/8308", "kind": "event", @@ -15732,7 +15732,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827540900Z", + "ingested": "2021-02-15T11:59:21.080789380Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11840 for outside:100.66.205.99/80 (100.66.205.99/80) to inside:172.31.98.44/1304 (172.31.98.44/1304)", "kind": "event", @@ -15782,7 +15782,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827562900Z", + "ingested": "2021-02-15T11:59:21.080790691Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1295 to outside:100.66.98.44/8299 duration 0:00:30", "kind": "event", @@ -15825,7 +15825,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827570700Z", + "ingested": "2021-02-15T11:59:21.080791977Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1296 to outside:100.66.98.44/8300 duration 0:00:30", "kind": "event", @@ -15897,7 +15897,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827578300Z", + "ingested": "2021-02-15T11:59:21.080793281Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11841 for outside:100.66.0.124/53 (100.66.0.124/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -15976,7 +15976,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827586100Z", + "ingested": "2021-02-15T11:59:21.080794562Z", "code": "302015", "original": "%ASA-6-302015: Built outbound UDP connection 11842 for outside:100.66.160.2/53 (100.66.160.2/53) to inside:172.31.98.44/56132 (172.31.98.44/56132)", "kind": "event", @@ -16056,7 +16056,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.827593700Z", + "ingested": "2021-02-15T11:59:21.080795854Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11841 for outside:100.66.0.124/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 318", "kind": "event", @@ -16135,7 +16135,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:20.827601300Z", + "ingested": "2021-02-15T11:59:21.080797162Z", "code": "302016", "original": "%ASA-6-302016: Teardown UDP connection 11842 for outside:100.66.160.2/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 104", "kind": "event", @@ -16212,7 +16212,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827608900Z", + "ingested": "2021-02-15T11:59:21.080798451Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1305 to outside:100.66.98.44/8309", "kind": "event", @@ -16286,7 +16286,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827616500Z", + "ingested": "2021-02-15T11:59:21.080799741Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11843 for outside:100.66.124.24/80 (100.66.124.24/80) to inside:172.31.98.44/1305 (172.31.98.44/1305)", "kind": "event", @@ -16336,7 +16336,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827624200Z", + "ingested": "2021-02-15T11:59:21.080801105Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1297 to outside:100.66.98.44/8301 duration 0:00:30", "kind": "event", @@ -16379,7 +16379,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827631700Z", + "ingested": "2021-02-15T11:59:21.080819742Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1298 to outside:100.66.98.44/8302 duration 0:00:30", "kind": "event", @@ -16422,7 +16422,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827639300Z", + "ingested": "2021-02-15T11:59:21.080821082Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1299 to outside:100.66.98.44/8303 duration 0:00:30", "kind": "event", @@ -16465,7 +16465,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827646800Z", + "ingested": "2021-02-15T11:59:21.080822306Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1300 to outside:100.66.98.44/8304 duration 0:00:30", "kind": "event", @@ -16508,7 +16508,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827654400Z", + "ingested": "2021-02-15T11:59:21.080823513Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1301 to outside:100.66.98.44/8305 duration 0:00:30", "kind": "event", @@ -16551,7 +16551,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827662300Z", + "ingested": "2021-02-15T11:59:21.080824717Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1302 to outside:100.66.98.44/8306 duration 0:00:30", "kind": "event", @@ -16594,7 +16594,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827669800Z", + "ingested": "2021-02-15T11:59:21.080825956Z", "code": "305012", "original": "%ASA-6-305012: Teardown dynamic TCP translation from inside:172.31.98.44/1303 to outside:100.66.98.44/8307 duration 0:00:30", "kind": "event", @@ -16667,7 +16667,7 @@ "event": { "severity": 6, "duration": 4000000000, - "ingested": "2021-01-28T23:42:20.827677300Z", + "ingested": "2021-02-15T11:59:21.080827156Z", "code": "302014", "original": "%ASA-6-302014: Teardown TCP connection 11843 for outside:100.66.124.24/80 to inside:172.31.98.44/1305 duration 0:00:04 bytes 410333 TCP Reset-I", "kind": "event", @@ -16744,7 +16744,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827684900Z", + "ingested": "2021-02-15T11:59:21.080828367Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -16820,7 +16820,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827692500Z", + "ingested": "2021-02-15T11:59:21.080845307Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -16896,7 +16896,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827700Z", + "ingested": "2021-02-15T11:59:21.080846479Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -16972,7 +16972,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827707600Z", + "ingested": "2021-02-15T11:59:21.080847633Z", "code": "305011", "original": "%ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1306 to outside:100.66.98.44/8310", "kind": "event", @@ -17046,7 +17046,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:20.827715200Z", + "ingested": "2021-02-15T11:59:21.080848788Z", "code": "302013", "original": "%ASA-6-302013: Built outbound TCP connection 11844 for outside:100.66.124.24/80 (100.66.124.24/80) to inside:172.31.98.44/1306 (172.31.98.44/1306)", "kind": "event", @@ -17124,7 +17124,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827722700Z", + "ingested": "2021-02-15T11:59:21.080849944Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17200,7 +17200,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827730200Z", + "ingested": "2021-02-15T11:59:21.080851113Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17276,7 +17276,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827737900Z", + "ingested": "2021-02-15T11:59:21.080854028Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17352,7 +17352,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827745400Z", + "ingested": "2021-02-15T11:59:21.080855336Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17428,7 +17428,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827753Z", + "ingested": "2021-02-15T11:59:21.080856500Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17504,7 +17504,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827760600Z", + "ingested": "2021-02-15T11:59:21.080857692Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17580,7 +17580,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827768200Z", + "ingested": "2021-02-15T11:59:21.080858927Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17656,7 +17656,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827775800Z", + "ingested": "2021-02-15T11:59:21.080860090Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17732,7 +17732,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827783300Z", + "ingested": "2021-02-15T11:59:21.080861254Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17808,7 +17808,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827790900Z", + "ingested": "2021-02-15T11:59:21.080862439Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17884,7 +17884,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827798700Z", + "ingested": "2021-02-15T11:59:21.080863866Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -17960,7 +17960,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827806300Z", + "ingested": "2021-02-15T11:59:21.080865042Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18036,7 +18036,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827814Z", + "ingested": "2021-02-15T11:59:21.080866199Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18112,7 +18112,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827821600Z", + "ingested": "2021-02-15T11:59:21.080867359Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18188,7 +18188,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827829200Z", + "ingested": "2021-02-15T11:59:21.080868523Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18264,7 +18264,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827836800Z", + "ingested": "2021-02-15T11:59:21.080869677Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18340,7 +18340,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827844400Z", + "ingested": "2021-02-15T11:59:21.080870841Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18416,7 +18416,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827851900Z", + "ingested": "2021-02-15T11:59:21.080872007Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18492,7 +18492,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827859500Z", + "ingested": "2021-02-15T11:59:21.080873178Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18568,7 +18568,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827867100Z", + "ingested": "2021-02-15T11:59:21.080874358Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18644,7 +18644,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827874900Z", + "ingested": "2021-02-15T11:59:21.080875542Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18720,7 +18720,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827883600Z", + "ingested": "2021-02-15T11:59:21.080876704Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18796,7 +18796,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827891300Z", + "ingested": "2021-02-15T11:59:21.080877862Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18872,7 +18872,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827898900Z", + "ingested": "2021-02-15T11:59:21.080879049Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -18948,7 +18948,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827906600Z", + "ingested": "2021-02-15T11:59:21.080880627Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19024,7 +19024,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827914100Z", + "ingested": "2021-02-15T11:59:21.080881807Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19100,7 +19100,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827921600Z", + "ingested": "2021-02-15T11:59:21.080882979Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19176,7 +19176,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827929100Z", + "ingested": "2021-02-15T11:59:21.080884174Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19252,7 +19252,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827936700Z", + "ingested": "2021-02-15T11:59:21.080885339Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19328,7 +19328,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827944300Z", + "ingested": "2021-02-15T11:59:21.080886507Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19404,7 +19404,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827951900Z", + "ingested": "2021-02-15T11:59:21.080887672Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19480,7 +19480,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827959400Z", + "ingested": "2021-02-15T11:59:21.080888837Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", @@ -19556,7 +19556,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:20.827967Z", + "ingested": "2021-02-15T11:59:21.080890135Z", "code": "106023", "original": "%ASA-4-106023: Deny tcp src outside:100.66.124.24/80 dst inside:172.31.98.44/8309 by access-group \"inbound\" [0x0, 0x0]", "kind": "event", diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-dns.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-dns.log-expected.json index 62f5e880493..81dbe977ff6 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-dns.log-expected.json @@ -81,7 +81,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717641200Z", + "ingested": "2021-02-15T11:59:31.340116315Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57379, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 145, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: a host address, DNS_TTL: 70", "kind": "event", @@ -222,7 +222,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717656500Z", + "ingested": "2021-02-15T11:59:31.340132740Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 51389, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 193, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: IP6 Address, DNS_TTL: 299", "kind": "event", @@ -365,7 +365,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717666700Z", + "ingested": "2021-02-15T11:59:31.340136626Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 53033, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 899", "kind": "event", @@ -506,7 +506,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717676400Z", + "ingested": "2021-02-15T11:59:31.340154674Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 55371, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 97, ResponderBytes: 200, NAPPolicy: Balanced Security and Connectivity, DNSQuery: www.elastic.co, DNSRecordType: a host address, DNS_TTL: 12", "kind": "event", @@ -649,7 +649,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717686400Z", + "ingested": "2021-02-15T11:59:31.340155929Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 60441, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 193, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: IP6 Address, DNS_TTL: 299, DNSResponseType: No error", "kind": "event", @@ -791,7 +791,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717693900Z", + "ingested": "2021-02-15T11:59:31.340157245Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 59714, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 658", "kind": "event", @@ -932,7 +932,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717700900Z", + "ingested": "2021-02-15T11:59:31.340158444Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 55105, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 199, NAPPolicy: Balanced Security and Connectivity, DNSResponseType: Non-Existent Domain, DNSQuery: elastic.co, DNSRecordType: mail exchange, DNS_TTL: 299", "kind": "event", @@ -1076,7 +1076,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717707500Z", + "ingested": "2021-02-15T11:59:31.340159698Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57141, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 221, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: an authoritative name server, DNS_TTL: 21599", "kind": "event", @@ -1217,7 +1217,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717795700Z", + "ingested": "2021-02-15T11:59:31.340160904Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 47260, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSResponseType: Server Failure, DNSRecordType: marks the start of a zone of authority, DNS_TTL: 899", "kind": "event", @@ -1359,7 +1359,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717813300Z", + "ingested": "2021-02-15T11:59:31.340162115Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 58082, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 722, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: text strings, DNS_TTL: 299", "kind": "event", @@ -1505,7 +1505,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717819400Z", + "ingested": "2021-02-15T11:59:31.340163317Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 205.251.196.144, SrcPort: 33973, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 98, ResponderBytes: 75, NAPPolicy: Balanced Security and Connectivity, DNSQuery: refusedthis.com, DNSRecordType: a host address, DNSResponseType: Query Refused", "kind": "event", @@ -1642,7 +1642,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717829200Z", + "ingested": "2021-02-15T11:59:31.340164797Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 39541, DstPort: 53, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 6, ResponderPackets: 4, InitiatorBytes: 457, ResponderBytes: 313, NAPPolicy: Balanced Security and Connectivity, DNSResponseType: Server Failure", "kind": "event", @@ -1781,7 +1781,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717838200Z", + "ingested": "2021-02-15T11:59:31.340166010Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 9.9.9.9, SrcPort: 41672, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 107, ResponderBytes: 180, NAPPolicy: Balanced Security and Connectivity, DNSQuery: laskdfjlaksdf.elastic.co, DNSRecordType: a host address, DNSResponseType: Non-Existent Domain, DNS_TTL: 900", "kind": "event", @@ -1923,7 +1923,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717846200Z", + "ingested": "2021-02-15T11:59:31.340167209Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 9.9.9.9, SrcPort: 59577, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 104, ResponderBytes: 108, NAPPolicy: Balanced Security and Connectivity, DNSQuery: ns-1168.awsdns-18.org, DNSRecordType: a host address, DNS_TTL: 31694", "kind": "event", @@ -2064,7 +2064,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717852600Z", + "ingested": "2021-02-15T11:59:31.340168421Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 9.9.9.9, SrcPort: 35998, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 101, ResponderBytes: 162, NAPPolicy: Balanced Security and Connectivity, DNSQuery: _http._tcp.security.ubuntu.com, DNSRecordType: Server Selection, DNSResponseType: Non-Existent Domain, DNS_TTL: 946", "kind": "event", @@ -2206,7 +2206,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717860600Z", + "ingested": "2021-02-15T11:59:31.340169626Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 55105, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 199, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: mail exchange, DNS_TTL: 299", "kind": "event", @@ -2349,7 +2349,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717870600Z", + "ingested": "2021-02-15T11:59:31.340170989Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 47260, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: marks the start of a zone of authority, DNS_TTL: 899", "kind": "event", @@ -2490,7 +2490,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717880Z", + "ingested": "2021-02-15T11:59:31.340172199Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 53033, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 166, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: the canonical name for an alias, DNS_TTL: 899", "kind": "event", @@ -2631,7 +2631,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717886900Z", + "ingested": "2021-02-15T11:59:31.340173461Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57141, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 221, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: an authoritative name server, DNS_TTL: 21599", "kind": "event", @@ -2771,7 +2771,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717893500Z", + "ingested": "2021-02-15T11:59:31.340174685Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 46093, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 131, NAPPolicy: Balanced Security and Connectivity, DNSRecordType: a domain name pointer, DNS_TTL: 59", "kind": "event", @@ -2911,7 +2911,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:33.717899500Z", + "ingested": "2021-02-15T11:59:31.340175908Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, AccessControlRuleReason: Intrusion Monitor, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 58082, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, IPSCount: 1, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 722, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: text strings, DNS_TTL: 299", "kind": "event", diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-filtered.log-expected.json index 157607ec408..c3c197cc068 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-filtered.log-expected.json @@ -25,7 +25,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.163881400Z", + "ingested": "2021-02-15T11:59:32.618276647Z", "code": "999999", "original": "%FTD-7-999999: This message is not filtered.", "kind": "event", @@ -66,7 +66,7 @@ }, "event": { "severity": 8, - "ingested": "2021-01-28T23:42:35.163893100Z", + "ingested": "2021-02-15T11:59:32.618284478Z", "code": "999999", "original": "%FTD-8-999999: This phony message is dropped due to log level.", "kind": "event", diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-firepower-management.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-firepower-management.log-expected.json index c7796516380..9289e4d88e9 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-firepower-management.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-firepower-management.log-expected.json @@ -23,7 +23,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226286200Z", + "ingested": "2021-02-15T11:59:32.671063010Z", "original": "admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /platinum/platformSettingEdit.cgi?type=AuditLog, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -53,7 +53,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226300500Z", + "ingested": "2021-02-15T11:59:32.671071880Z", "original": "admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /platinum/platformSettingEdit.cgi?type=Banner, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -83,7 +83,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226309800Z", + "ingested": "2021-02-15T11:59:32.671073273Z", "original": "admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /platinum/ChangeReconciliation.cgi, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -113,7 +113,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226319Z", + "ingested": "2021-02-15T11:59:32.671074530Z", "original": "admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /platinum/platformSettingEdit.cgi?type=IntrusionPolicyPrefs, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -143,7 +143,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226328200Z", + "ingested": "2021-02-15T11:59:32.671075750Z", "original": "admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /admin/lights_out_mgmt.cgi, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -173,7 +173,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226337200Z", + "ingested": "2021-02-15T11:59:32.671076957Z", "original": "admin@10.0.255.31, Cloud Services, View url filtering settings\u0000x0a\u0000x00" }, "cisco": { @@ -203,7 +203,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226346300Z", + "ingested": "2021-02-15T11:59:32.671078196Z", "original": "admin@10.0.255.31, Cloud Services, View amp settings\u0000x0a\u0000x00" }, "cisco": { @@ -233,7 +233,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226355300Z", + "ingested": "2021-02-15T11:59:32.671079415Z", "original": "admin@10.0.255.31, System \u003e Monitoring \u003e Syslog, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -263,7 +263,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226364300Z", + "ingested": "2021-02-15T11:59:32.671080624Z", "original": "admin@10.0.255.31, Devices \u003e Device Management, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -293,7 +293,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226373400Z", + "ingested": "2021-02-15T11:59:32.671081834Z", "original": "admin@10.0.255.31, Devices \u003e Device Management \u003e NGFW Interfaces, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -323,7 +323,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226382400Z", + "ingested": "2021-02-15T11:59:32.671083038Z", "original": "admin@10.0.255.31, Devices \u003e Device Management \u003e NGFW Device Summary, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -353,7 +353,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226391600Z", + "ingested": "2021-02-15T11:59:32.671084477Z", "original": "admin@10.0.255.31, Devices \u003e Device Management \u003e NGFW Device Summary, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -383,7 +383,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226400800Z", + "ingested": "2021-02-15T11:59:32.671085700Z", "original": "admin@10.0.255.31, Devices \u003e Platform Settings, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -413,7 +413,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226409900Z", + "ingested": "2021-02-15T11:59:32.671086905Z", "original": "admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -443,7 +443,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226419Z", + "ingested": "2021-02-15T11:59:32.671088119Z", "original": "admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Save Policy ftd-policy\u0000x0a\u0000x00" }, "cisco": { @@ -473,7 +473,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226428Z", + "ingested": "2021-02-15T11:59:32.671089327Z", "original": "admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Modified: Syslog\u0000x0a\u0000x00" }, "cisco": { @@ -503,7 +503,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226437100Z", + "ingested": "2021-02-15T11:59:32.671090650Z", "original": "admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -533,7 +533,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226446200Z", + "ingested": "2021-02-15T11:59:32.671091859Z", "original": "admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Save Policy ftd-policy\u0000x0a\u0000x00" }, "cisco": { @@ -563,7 +563,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226455200Z", + "ingested": "2021-02-15T11:59:32.671093070Z", "original": "admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Modified: Syslog\u0000x0a\u0000x00" }, "cisco": { @@ -593,7 +593,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226464200Z", + "ingested": "2021-02-15T11:59:32.671094286Z", "original": "admin@10.0.255.31, Devices \u003e Platform Settings \u003e Platform Settings Editor, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -623,7 +623,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226473300Z", + "ingested": "2021-02-15T11:59:32.671095514Z", "original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00" }, "cisco": { @@ -653,7 +653,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226482300Z", + "ingested": "2021-02-15T11:59:32.671097192Z", "original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00" }, "cisco": { @@ -683,7 +683,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226491400Z", + "ingested": "2021-02-15T11:59:32.671098712Z", "original": "admin@localhost, Task Queue, Successful task completion : Pre-deploy Global Configuration Generation\u0000x0a\u0000x00" }, "cisco": { @@ -713,7 +713,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226500700Z", + "ingested": "2021-02-15T11:59:32.671100055Z", "original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00" }, "cisco": { @@ -743,7 +743,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226509800Z", + "ingested": "2021-02-15T11:59:32.671101280Z", "original": "admin@localhost, Task Queue, Successful task completion : Pre-deploy Device Configuration for siem-ftd\u0000x0a\u0000x00" }, "cisco": { @@ -773,7 +773,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226518800Z", + "ingested": "2021-02-15T11:59:32.671130143Z", "original": "admin@10.0.255.31, System \u003e Configuration \u003e Configuration, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -803,7 +803,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226527900Z", + "ingested": "2021-02-15T11:59:32.671134141Z", "original": "admin@localhost, Task Queue, Policy Deployment to siem-ftd - SUCCESS\u0000x0a\u0000x00" }, "cisco": { @@ -833,7 +833,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226537100Z", + "ingested": "2021-02-15T11:59:32.671135585Z", "original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00" }, "cisco": { @@ -863,7 +863,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226546600Z", + "ingested": "2021-02-15T11:59:32.671136804Z", "original": "admin@10.0.255.31, System \u003e Monitoring \u003e Syslog, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -893,7 +893,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226555600Z", + "ingested": "2021-02-15T11:59:32.671138024Z", "original": "admin@10.0.255.31, System \u003e Monitoring \u003e Audit, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -923,7 +923,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226564800Z", + "ingested": "2021-02-15T11:59:32.671139231Z", "original": "admin@10.0.255.31, System \u003e Configuration \u003e Configuration, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -953,7 +953,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226574100Z", + "ingested": "2021-02-15T11:59:32.671140490Z", "original": "admin@10.0.255.31, System \u003e Configuration \u003e Configuration \u003e /platinum/platformSettingEdit.cgi?type=AuditLog, Page View\u0000x0a\u0000x00" }, "cisco": { @@ -983,7 +983,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226583100Z", + "ingested": "2021-02-15T11:59:32.671141745Z", "original": "admin@10.0.255.31, Devices \u003e Platform Settings \u003e Local System Configuration, Save Local System Configuration\u0000x0a\u0000x00" }, "cisco": { @@ -1014,7 +1014,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:35.226592200Z", + "ingested": "2021-02-15T11:59:32.671142943Z", "original": "admin@10.0.255.31, Devices \u003e Platform Settings \u003e Audit Log Settings \u003e Modified: Send Audit Log to Syslog enabled \u003e Disabled" }, "cisco": { diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-intrusion.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-intrusion.log-expected.json index 3bc89a0c24e..bd2892cd2a0 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-intrusion.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-intrusion.log-expected.json @@ -58,7 +58,7 @@ }, "event": { "severity": 0, - "ingested": "2021-01-28T23:42:36.082061200Z", + "ingested": "2021-02-15T11:59:33.318860752Z", "code": "430001", "original": "%FTD-0-430001: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55644, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, Priority: 1, GID: 1, SID: 17279, Revision: 12, Message: SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt, Classification: Attempted User Privilege Gain, User: No Authentication Required, Client: Firefox, ApplicationProtocol: HTTP, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", "kind": "alert", @@ -167,7 +167,7 @@ }, "event": { "severity": 0, - "ingested": "2021-01-28T23:42:36.082071800Z", + "ingested": "2021-02-15T11:59:33.318876417Z", "code": "430001", "original": "%FTD-0-430001: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55868, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, Priority: 1, GID: 1, SID: 17279, Revision: 12, Message: SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt, Classification: Attempted User Privilege Gain, User: No Authentication Required, Client: Firefox, ApplicationProtocol: HTTP, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", "kind": "alert", @@ -274,7 +274,7 @@ }, "event": { "severity": 0, - "ingested": "2021-01-28T23:42:36.082080300Z", + "ingested": "2021-02-15T11:59:33.318877838Z", "code": "430001", "original": "%FTD-0-430001: SrcIP: 10.0.100.30, DstIP: 10.0.1.20, SrcPort: 21, DstPort: 39114, Protocol: tcp, IngressInterface: outside, EgressInterface: inside, IngressZone: output-zone, EgressZone: input-zone, Priority: 3, GID: 1, SID: 13360, Revision: 6, Message: APP-DETECT failed FTP login attempt, Classification: Misc Activity, User: No Authentication Required, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", "kind": "alert", @@ -379,7 +379,7 @@ }, "event": { "severity": 0, - "ingested": "2021-01-28T23:42:36.082088500Z", + "ingested": "2021-02-15T11:59:33.318879043Z", "code": "430001", "original": "%FTD-0-430001: SrcIP: 10.0.100.30, DstIP: 10.0.1.20, SrcPort: 21, DstPort: 40740, Protocol: 6, IngressInterface: outside, EgressInterface: inside, IngressZone: output-zone, EgressZone: input-zone, Priority: 3, GID: 1, SID: 13360, Revision: 6, Message: APP-DETECT failed FTP login attempt, Classification: Misc Activity, User: No Authentication Required, IntrusionPolicy: intrusion-policy, ACPolicy: default, NAPPolicy: Balanced Security and Connectivity", "kind": "alert", diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-no-type-id.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-no-type-id.log-expected.json index 1c20e789ef0..db3c557e1aa 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-no-type-id.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-no-type-id.log-expected.json @@ -42,7 +42,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:36.287014300Z", + "ingested": "2021-02-15T11:59:33.498133855Z", "code": "430001", "original": "ApplicationProtocol: http, Client: webserver, DstIP: 10.8.12.47, SrcIP: 10.1.123.45, Message: Intrusion attempt", "kind": "alert", @@ -98,7 +98,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:36.287024200Z", + "ingested": "2021-02-15T11:59:33.498140617Z", "code": "430001", "original": "HTTPResponse: 404, Message: Some message here (1:36330:2).", "kind": "alert", @@ -151,7 +151,7 @@ }, "event": { "severity": 7, - "ingested": "2021-01-28T23:42:36.287030400Z", + "ingested": "2021-02-15T11:59:33.498142014Z", "code": "430002", "original": "HTTPResponse: 404, Message: Some message here (1:36330:2), Empty: ,FileCount:, IngressZone:", "kind": "event", @@ -222,7 +222,7 @@ }, "event": { "severity": 3, - "ingested": "2021-01-28T23:42:36.287037800Z", + "ingested": "2021-02-15T11:59:33.498143279Z", "code": "430005", "original": "%ASA-3-430005 Message: This one has a type id, HTTPResponse: 404, Message: And two messages, SrcIP: 127.0.0.1, DstIP: 192.168.3.33, SrcPort: 512, DstPort: 64311", "kind": "alert", diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-not-ip.log-expected.json index ace49df5ed0..3b88a1381be 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-not-ip.log-expected.json @@ -45,7 +45,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.428755500Z", + "ingested": "2021-02-15T11:59:33.621608363Z", "code": "106100", "original": "%ASA-5-106100: access-list AL-DMZ-LB-IN denied tcp LB-DMZ/WHAT-IS-THIS-A-HOSTNAME-192.0.2.244(27218) -\u003e OUTSIDE/203.0.113.42(53) hit-cnt 1 first hit [0x16847359, 0x00000000]", "kind": "event", @@ -109,7 +109,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.428767100Z", + "ingested": "2021-02-15T11:59:33.621615820Z", "code": "302021", "original": "%ASA-6-302021: Teardown ICMP connection for faddr 172.24.177.29/0 gaddr mydomain.example.net/17233 laddr 192.168.132.46/17233", "kind": "event", @@ -186,7 +186,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.428776300Z", + "ingested": "2021-02-15T11:59:33.621617188Z", "code": "338204", "original": "%ASA-4-338204: Dynamic filter dropped greylisted TCP traffic from eth0:10.10.10.1/1234 (source.example.net/11234) to wan:172.24.177.3/80 (www.example.org/80), destination malicious address resolved from dynamic list: example.org, threat-level: high, category: malware", "kind": "event", diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-sample.log-expected.json index 52741e1672f..0e21a99e563 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-sample.log-expected.json @@ -38,7 +38,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.567769100Z", + "ingested": "2021-02-15T11:59:33.743532661Z", "code": "106023", "original": "%FTD-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 by access-group \"acl_dmz\" [0xe3aab522, 0x0]", "kind": "event", @@ -103,7 +103,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.567775500Z", + "ingested": "2021-02-15T11:59:33.743538911Z", "code": "106023", "original": "%FTD-4-106023: Deny tcp src dmz:10.1.2.30/63016 dst outside:192.0.0.8/53 type 3, code 0, by access-group \"acl_dmz\" [0xe3aab522, 0x0]", "kind": "event", @@ -168,7 +168,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567782800Z", + "ingested": "2021-02-15T11:59:33.743540216Z", "code": "106100", "original": "%FTD-session-5-106100: access-list acl_in permitted tcp inside/10.1.2.16(2241) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -245,7 +245,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.567790500Z", + "ingested": "2021-02-15T11:59:33.743541373Z", "code": "106100", "original": "%FTD-6-106100: access-list inside denied udp inside/172.29.2.101(1039) -\u003e outside/192.0.2.10(53) hit-cnt 1 first hit [0xd820e56a, 0x0]", "kind": "event", @@ -317,7 +317,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.567797600Z", + "ingested": "2021-02-15T11:59:33.743542520Z", "code": "106100", "original": "%FTD-6-106100: access-list inside permitted udp inside/172.29.2.3(1065) -\u003e outside/192.0.2.57(53) hit-cnt 144 300-second interval [0xe982c7a4, 0x0]", "kind": "event", @@ -378,7 +378,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.567803300Z", + "ingested": "2021-02-15T11:59:33.743543634Z", "code": "305011", "original": "%FTD-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4952 to outside:192.0.2.130/12834", "kind": "event", @@ -443,7 +443,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.567810400Z", + "ingested": "2021-02-15T11:59:33.743544760Z", "code": "302013", "original": "%FTD-6-302013: Built outbound TCP connection 89743274 for outside:192.0.2.43/443 (192.0.2.43/443) to outside:10.123.3.42/4952 (10.123.3.42/12834)", "kind": "event", @@ -511,7 +511,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.567819100Z", + "ingested": "2021-02-15T11:59:33.743545869Z", "code": "305011", "original": "%FTD-6-305011: Built dynamic UDP translation from outside:10.123.1.35/52925 to outside:192.0.2.130/25882", "kind": "event", @@ -579,7 +579,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.567827400Z", + "ingested": "2021-02-15T11:59:33.743546986Z", "code": "302015", "original": "%FTD-6-302015: Built outbound UDP connection 89743275 for outside:192.0.2.222/53 (192.0.2.43/53) to outside:10.123.1.35/52925 (10.123.1.35/25882)", "kind": "event", @@ -647,7 +647,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.567833400Z", + "ingested": "2021-02-15T11:59:33.743548107Z", "code": "305011", "original": "%FTD-6-305011: Built dynamic TCP translation from outside:10.123.3.42/4953 to outside:192.0.2.130/45392", "kind": "event", @@ -713,7 +713,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.567839400Z", + "ingested": "2021-02-15T11:59:33.743549226Z", "code": "302013", "original": "%FTD-6-302013: Built outbound TCP connection 89743276 for outside:192.0.2.1/80 (192.0.2.1/80) to outside:10.123.3.42/4953 (10.123.3.130/45392)", "kind": "event", @@ -782,7 +782,7 @@ "event": { "severity": 6, "duration": 5025000000000, - "ingested": "2021-01-28T23:42:36.567844800Z", + "ingested": "2021-02-15T11:59:33.743550591Z", "code": "302016", "original": "%FTD-6-302016: Teardown UDP connection 89743275 for outside:192.0.2.222/53 to inside:10.123.1.35/52925 duration 1:23:45 bytes 140", "kind": "event", @@ -850,7 +850,7 @@ "event": { "severity": 6, "duration": 36000000000000, - "ingested": "2021-01-28T23:42:36.567851700Z", + "ingested": "2021-02-15T11:59:33.743554474Z", "code": "302016", "original": "%FTD-6-302016: Teardown UDP connection 666 for outside:192.0.2.222/53 user1 to inside:10.123.1.35/52925 user2 duration 10:00:00 bytes 9999999", "kind": "event", @@ -918,7 +918,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.567857800Z", + "ingested": "2021-02-15T11:59:33.743555679Z", "code": "302021", "original": "%FTD-6-302021: Teardown ICMP connection for faddr 172.24.177.29/0 gaddr 192.168.132.46/17233 laddr 192.168.132.46/17233", "kind": "event", @@ -976,7 +976,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.567864900Z", + "ingested": "2021-02-15T11:59:33.743556812Z", "code": "305011", "original": "%FTD-6-305011: Built dynamic TCP translation from inside:192.168.3.42/4954 to outside:192.0.0.130/10879", "kind": "event", @@ -1042,7 +1042,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.567873700Z", + "ingested": "2021-02-15T11:59:33.743557929Z", "code": "302013", "original": "%FTD-6-302013: Built outbound TCP connection 89743277 for outside:192.0.0.17/80 (192.0.0.17/80) to inside:192.168.3.42/4954 (10.0.0.130/10879)", "kind": "event", @@ -1100,7 +1100,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:36.567882400Z", + "ingested": "2021-02-15T11:59:33.743559190Z", "code": "106007", "original": "%FTD-2-106007: Deny inbound UDP from 192.0.0.66/12981 to 10.1.2.60/53 due to DNS Query", "kind": "event", @@ -1164,7 +1164,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567891100Z", + "ingested": "2021-02-15T11:59:33.743560312Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2006) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1229,7 +1229,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567899800Z", + "ingested": "2021-02-15T11:59:33.743561444Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49734) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1294,7 +1294,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567908500Z", + "ingested": "2021-02-15T11:59:33.743562569Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49735) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1359,7 +1359,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567917100Z", + "ingested": "2021-02-15T11:59:33.743563686Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49736) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1424,7 +1424,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567925800Z", + "ingested": "2021-02-15T11:59:33.743564806Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49737) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1489,7 +1489,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567934400Z", + "ingested": "2021-02-15T11:59:33.743565963Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49738) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1554,7 +1554,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567943100Z", + "ingested": "2021-02-15T11:59:33.743567181Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49746) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1619,7 +1619,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567949Z", + "ingested": "2021-02-15T11:59:33.743568302Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2007) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1684,7 +1684,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567956100Z", + "ingested": "2021-02-15T11:59:33.743569429Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.13(43013) -\u003e dmz/192.168.33.31(25) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1749,7 +1749,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567963300Z", + "ingested": "2021-02-15T11:59:33.743570557Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2008) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1809,7 +1809,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:36.567970500Z", + "ingested": "2021-02-15T11:59:33.743571669Z", "code": "106006", "original": "%FTD-2-106006: Deny inbound UDP from 192.0.2.66/137 to 10.1.2.42/137 on interface inside", "kind": "event", @@ -1863,7 +1863,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:36.567976300Z", + "ingested": "2021-02-15T11:59:33.743572791Z", "code": "106007", "original": "%FTD-2-106007: Deny inbound UDP from 192.0.2.66/12981 to 10.1.5.60/53 due to DNS Query", "kind": "event", @@ -1927,7 +1927,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567983300Z", + "ingested": "2021-02-15T11:59:33.743573906Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2009) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -1992,7 +1992,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567992Z", + "ingested": "2021-02-15T11:59:33.743575017Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.46(49776) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2057,7 +2057,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.567999600Z", + "ingested": "2021-02-15T11:59:33.743576136Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2010) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2122,7 +2122,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.568005700Z", + "ingested": "2021-02-15T11:59:33.743577257Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2011) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2187,7 +2187,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.568011700Z", + "ingested": "2021-02-15T11:59:33.743578388Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in denied tcp inside/10.0.0.16(2012) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2252,7 +2252,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.568017100Z", + "ingested": "2021-02-15T11:59:33.743579611Z", "code": "106023", "original": "%FTD-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group \"acl_out\" [0x71761f18, 0x0]", "kind": "event", @@ -2317,7 +2317,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.568024Z", + "ingested": "2021-02-15T11:59:33.743580727Z", "code": "106023", "original": "%FTD-4-106023: Deny tcp src outside:192.0.2.126/53638 dst inside:10.0.0.132/8111 by access-group \"acl_out\" [0x71761f18, 0x0]", "kind": "event", @@ -2382,7 +2382,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.568032100Z", + "ingested": "2021-02-15T11:59:33.743581849Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.46(49840) -\u003e outside/192.0.0.88(40443) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2447,7 +2447,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.568039100Z", + "ingested": "2021-02-15T11:59:33.743582995Z", "code": "106100", "original": "%FTD-5-106100: access-list acl_in est-allowed tcp inside/10.0.0.16(2013) -\u003e outside/192.0.0.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2512,7 +2512,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.568047900Z", + "ingested": "2021-02-15T11:59:33.743584121Z", "code": "106100", "original": "%FTD-session-5-106100: access-list acl_in permitted tcp inside/10.0.0.16(2241) -\u003e outside/192.0.0.99(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]", "kind": "event", @@ -2590,7 +2590,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.568056400Z", + "ingested": "2021-02-15T11:59:33.743585239Z", "code": "302015", "original": "%FTD-6-302015: Built outbound UDP connection 447235 for outside:192.168.77.12/11180 (192.168.77.12/11180) to identity:10.0.13.13/80 (10.0.13.13/80)", "kind": "event", @@ -2664,7 +2664,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.568065Z", + "ingested": "2021-02-15T11:59:33.743586363Z", "code": "106023", "original": "%FTD-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group \"dmz\" [0x123a465e, 0x4c7bf613]", "kind": "event", @@ -2736,7 +2736,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.568073500Z", + "ingested": "2021-02-15T11:59:33.743587487Z", "code": "106023", "original": "%FTD-4-106023: Deny udp src dmz:192.168.1.33/5555 dst outside:192.0.0.12/53 by access-group \"dmz\" [0x123a465e, 0x4c7bf613]", "kind": "event", @@ -2809,7 +2809,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.568082200Z", + "ingested": "2021-02-15T11:59:33.743588606Z", "code": "302013", "original": "%FTD-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678)", "kind": "event", @@ -2884,7 +2884,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.568090900Z", + "ingested": "2021-02-15T11:59:33.743589739Z", "code": "302013", "original": "%FTD-6-302013: Built outbound TCP connection 447236 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:OCSP_Server/5678 (OCSP_Server/5678)", "kind": "event", @@ -2960,7 +2960,7 @@ "event": { "severity": 6, "duration": 0, - "ingested": "2021-01-28T23:42:36.568099600Z", + "ingested": "2021-02-15T11:59:33.743590871Z", "code": "302014", "original": "%FTD-6-302014: Teardown TCP connection 447236 for outside:192.0.2.222/1234 to dmz:192.168.1.34/5678 duration 0:00:00 bytes 14804 TCP FINs", "kind": "event", @@ -3035,7 +3035,7 @@ "event": { "severity": 6, "duration": 68000000000, - "ingested": "2021-01-28T23:42:36.568151700Z", + "ingested": "2021-02-15T11:59:33.743591990Z", "code": "302014", "original": "%FTD-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", "kind": "event", @@ -3110,7 +3110,7 @@ "event": { "severity": 6, "duration": 68000000000, - "ingested": "2021-01-28T23:42:36.568157300Z", + "ingested": "2021-02-15T11:59:33.743593170Z", "code": "302014", "original": "%FTD-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", "kind": "event", @@ -3177,7 +3177,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.568164500Z", + "ingested": "2021-02-15T11:59:33.743594285Z", "code": "106015", "original": "%FTD-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside", "kind": "event", @@ -3240,7 +3240,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.568173200Z", + "ingested": "2021-02-15T11:59:33.743595413Z", "code": "106015", "original": "%FTD-6-106015: Deny TCP (no connection) from 192.0.2.222/1234 to 192.168.1.34/5679 flags RST on interface outside", "kind": "event", @@ -3309,7 +3309,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.568179100Z", + "ingested": "2021-02-15T11:59:33.743596537Z", "code": "106023", "original": "%FTD-4-106023: Deny udp src dmz:192.168.1.34/5679 dst outside:192.0.0.12/5000 by access-group \"dmz\" [0x123a465e, 0x8c20f21]", "kind": "event", @@ -3382,7 +3382,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.568185Z", + "ingested": "2021-02-15T11:59:33.743597753Z", "code": "302013", "original": "%FTD-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000)", "kind": "event", @@ -3457,7 +3457,7 @@ }, "event": { "severity": 6, - "ingested": "2021-01-28T23:42:36.568190500Z", + "ingested": "2021-02-15T11:59:33.743598901Z", "code": "302013", "original": "%FTD-6-302013: Built outbound TCP connection 447237 for outside:192.0.2.222/1234 (192.0.2.222/1234) to dmz:192.168.1.34/65000 (192.168.1.34/65000)", "kind": "event", @@ -3533,7 +3533,7 @@ "event": { "severity": 6, "duration": 86399000000000, - "ingested": "2021-01-28T23:42:36.568197600Z", + "ingested": "2021-02-15T11:59:33.743600036Z", "code": "302014", "original": "%FTD-6-302014: Teardown TCP connection 447237 for outside:192.0.2.222/1234 to dmz:10.10.10.10/1235 duration 23:59:59 bytes 11420 TCP FINs", "kind": "event", @@ -3596,7 +3596,7 @@ "event": { "severity": 6, "duration": 122000000000, - "ingested": "2021-01-28T23:42:36.568206400Z", + "ingested": "2021-02-15T11:59:33.743601162Z", "code": "302016", "original": "%FTD-6-302016: Teardown UDP connection 40 for outside:10.44.4.4/500 to inside:10.44.2.2/500 duration 0:02:02 bytes 1416", "kind": "event", @@ -3663,7 +3663,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:36.568216100Z", + "ingested": "2021-02-15T11:59:33.743602291Z", "code": "106016", "original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", "kind": "event", @@ -3722,7 +3722,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:36.568226400Z", + "ingested": "2021-02-15T11:59:33.743603408Z", "code": "106016", "original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", "kind": "event", @@ -3781,7 +3781,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:36.568235400Z", + "ingested": "2021-02-15T11:59:33.743604532Z", "code": "106016", "original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", "kind": "event", @@ -3840,7 +3840,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:36.568244100Z", + "ingested": "2021-02-15T11:59:33.743605649Z", "code": "106016", "original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.47 on interface Mobile_Traffic", "kind": "event", @@ -3899,7 +3899,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:36.568252700Z", + "ingested": "2021-02-15T11:59:33.743606775Z", "code": "106016", "original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", "kind": "event", @@ -3958,7 +3958,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:36.568261100Z", + "ingested": "2021-02-15T11:59:33.743607891Z", "code": "106016", "original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.88.99.57 on interface Mobile_Traffic", "kind": "event", @@ -4017,7 +4017,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:36.568269700Z", + "ingested": "2021-02-15T11:59:33.743609041Z", "code": "106016", "original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic", "kind": "event", @@ -4076,7 +4076,7 @@ }, "event": { "severity": 2, - "ingested": "2021-01-28T23:42:36.568278200Z", + "ingested": "2021-02-15T11:59:33.743610156Z", "code": "106016", "original": "%FTD-2-106016: Deny IP spoof from (0.0.0.0) to 192.168.1.255 on interface Mobile_Traffic", "kind": "event", @@ -4146,7 +4146,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.568287Z", + "ingested": "2021-02-15T11:59:33.743611279Z", "code": "106023", "original": "%FTD-4-106023: Deny tcp src outside:192.0.2.95/24069 dst inside:10.32.112.125/25 by access-group \"PERMIT_IN\" [0x0, 0x0]\"", "kind": "event", @@ -4202,7 +4202,7 @@ }, "event": { "severity": 3, - "ingested": "2021-01-28T23:42:36.568292900Z", + "ingested": "2021-02-15T11:59:33.743612396Z", "code": "313001", "original": "%FTD-3-313001: Denied ICMP type=3, code=3 from 10.2.3.5 on interface Outside", "kind": "event", @@ -4260,7 +4260,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.568299900Z", + "ingested": "2021-02-15T11:59:33.743613514Z", "code": "313004", "original": "%FTD-4-313004: Denied ICMP type=0, from laddr 172.16.30.2 on interface inside to 172.16.1.10: no matching session", "kind": "event", @@ -4339,7 +4339,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.568307100Z", + "ingested": "2021-02-15T11:59:33.743614634Z", "code": "338002", "original": "%FTD-4-338002: Dynamic Filter permitted black listed TCP traffic from inside:10.1.1.45/6798 (192.88.99.1/7890) to outside:192.88.99.129/80 (192.88.99.129/80), destination 192.88.99.129 resolved from dynamic list: bad.example.com", "kind": "event", @@ -4410,7 +4410,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.568314Z", + "ingested": "2021-02-15T11:59:33.743615754Z", "code": "338004", "original": "%FTD-4-338004: Dynamic Filter monitored blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.225/80), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware", "kind": "event", @@ -4486,7 +4486,7 @@ }, "event": { "severity": 4, - "ingested": "2021-01-28T23:42:36.568319500Z", + "ingested": "2021-02-15T11:59:33.743616880Z", "code": "338008", "original": "%FTD-4-338008: Dynamic Filter dropped blacklisted TCP traffic from inside:10.1.1.1/33340 (10.2.1.1/33340) to outsidet:192.0.2.223/80 (192.0.2.223/8080), destination 192.0.2.223 resolved from dynamic list: 192.0.2.223/255.255.255.255, threat-level: very-high, category: Malware", "kind": "event", @@ -4545,7 +4545,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.568326400Z", + "ingested": "2021-02-15T11:59:33.743618021Z", "code": "304001", "original": "%FTD-5-304001: 10.30.30.30 Accessed URL 192.0.2.1:/app", "kind": "event", @@ -4594,7 +4594,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.568335200Z", + "ingested": "2021-02-15T11:59:33.743619146Z", "code": "304001", "original": "%FTD-5-304001: 10.5.111.32 Accessed URL 192.0.2.32:http://example.com", "kind": "event", @@ -4648,7 +4648,7 @@ }, "event": { "severity": 5, - "ingested": "2021-01-28T23:42:36.568342500Z", + "ingested": "2021-02-15T11:59:33.743620260Z", "code": "304002", "original": "%FTD-5-304002: Access denied URL http://www.example.net/images/favicon.ico SRC 10.69.6.39 DEST 192.0.0.19 on interface inside", "kind": "event", diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-connection.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-connection.log-expected.json index 2fe61904ea7..018819f1cb9 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-connection.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-connection.log-expected.json @@ -56,7 +56,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:39.509963300Z", + "ingested": "2021-02-15T11:59:36.202005259Z", "code": "430002", "original": "%FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: ICMP client, ApplicationProtocol: ICMP, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 98, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity", "kind": "event", @@ -167,7 +167,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:39.509968700Z", + "ingested": "2021-02-15T11:59:36.202012403Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: ICMP client, ApplicationProtocol: ICMP, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 98, ResponderBytes: 98, NAPPolicy: Balanced Security and Connectivity", "kind": "event", @@ -304,7 +304,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:39.509975500Z", + "ingested": "2021-02-15T11:59:36.202013719Z", "code": "430002", "original": "%FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 50074, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 106, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity, DNSQuery: eu-central-1.ec2.archive.ubuntu.com, DNSRecordType: a host address", "kind": "event", @@ -441,7 +441,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:39.509983800Z", + "ingested": "2021-02-15T11:59:36.202014897Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 49264, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 2, ResponderPackets: 2, InitiatorBytes: 164, ResponderBytes: 314, NAPPolicy: Balanced Security and Connectivity, DNSQuery: siem-inside, DNSRecordType: a host address, DNSResponseType: Non-Existent Domain, DNS_TTL: 86395", "kind": "event", @@ -576,7 +576,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:39.509989300Z", + "ingested": "2021-02-15T11:59:36.202016070Z", "code": "430002", "original": "%FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 52.59.244.233, SrcPort: 43228, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 2, ResponderPackets: 1, InitiatorBytes: 140, ResponderBytes: 74, NAPPolicy: Balanced Security and Connectivity", "kind": "event", @@ -717,7 +717,7 @@ "event": { "severity": 1, "duration": 1000000000, - "ingested": "2021-01-28T23:42:39.509994800Z", + "ingested": "2021-02-15T11:59:36.202017250Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 52.59.244.233, SrcPort: 43228, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: Debian APT-HTTP/1.3 (1.6.11), Client: Advanced Packaging Tool, ClientVersion: 1.3, ApplicationProtocol: HTTP, WebApplication: Ubuntu, ConnectionDuration: 1, InitiatorPackets: 1359, ResponderPackets: 29001, InitiatorBytes: 97454, ResponderBytes: 41319018, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: eu-central-1.ec2.archive.ubuntu.com, URL: http://eu-central-1.ec2.archive.ubuntu.com/ubuntu/pool/main/m/manpages/manpages-dev_4.15-1_all.deb", "kind": "event", @@ -857,7 +857,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:39.509999700Z", + "ingested": "2021-02-15T11:59:36.202018400Z", "code": "430002", "original": "%FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46000, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 2, ResponderPackets: 1, InitiatorBytes: 140, ResponderBytes: 74, NAPPolicy: Balanced Security and Connectivity", "kind": "event", @@ -995,7 +995,7 @@ "event": { "severity": 1, "duration": 0, - "ingested": "2021-01-28T23:42:39.510006200Z", + "ingested": "2021-02-15T11:59:36.202019549Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46000, DstPort: 80, Protocol: tcp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: curl/7.58.0, Client: cURL, ClientVersion: 7.58.0, ApplicationProtocol: HTTP, ConnectionDuration: 0, InitiatorPackets: 6, ResponderPackets: 4, InitiatorBytes: 503, ResponderBytes: 690, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: www.eicar.org, URL: http://www.eicar.org/download/eicar_com.zip", "kind": "event", @@ -1114,7 +1114,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:39.510011300Z", + "ingested": "2021-02-15T11:59:36.202020699Z", "code": "430002", "original": "%FTD-1-430002: AccessControlRuleAction: Block, SrcIP: 10.0.100.30, DstIP: 10.0.1.20, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: output, EgressInterface: input, IngressZone: output-zone, EgressZone: input-zone, ACPolicy: default, AccessControlRuleName: Block-inbound-ICMP, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, InitiatorPackets: 0, ResponderPackets: 0, InitiatorBytes: 0, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity", "kind": "event", @@ -1234,7 +1234,7 @@ "event": { "severity": 1, "duration": 1000000000, - "ingested": "2021-01-28T23:42:39.510017800Z", + "ingested": "2021-02-15T11:59:36.202021845Z", "code": "430003", "original": "%FTD-1-430003: AccessControlRuleAction: Block, AccessControlRuleReason: File Block, SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41544, DstPort: 8000, Protocol: tcp, IngressInterface: input, EgressInterface: output, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, UserAgent: curl/7.58.0, Client: cURL, ClientVersion: 7.58.0, ApplicationProtocol: HTTP, ConnectionDuration: 1, FileCount: 1, InitiatorPackets: 4, ResponderPackets: 7, InitiatorBytes: 365, ResponderBytes: 1927, NAPPolicy: Balanced Security and Connectivity, HTTPResponse: 200, ReferencedHost: 10.0.100.30:8000, URL: http://10.0.100.30:8000/eicar_com.zip", "kind": "event", diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-file-malware.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-file-malware.log-expected.json index e1137230f39..805b5787eb2 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-file-malware.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-file-malware.log-expected.json @@ -50,7 +50,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:40.112853200Z", + "ingested": "2021-02-15T11:59:36.745051495Z", "code": "430004", "original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41522, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: exploit.exe, FileType: ELF, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T14:54:24Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/exploit.exe", "kind": "alert", @@ -142,7 +142,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:40.112872Z", + "ingested": "2021-02-15T11:59:36.745058161Z", "code": "430004", "original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41526, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: exploit.exe, FileType: ELF, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T14:55:01Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/exploit.exe", "kind": "alert", @@ -234,7 +234,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:40.112877900Z", + "ingested": "2021-02-15T11:59:36.745059665Z", "code": "430004", "original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41530, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: eicar.com, FileType: EICAR, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:00:27Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar.com", "kind": "alert", @@ -326,7 +326,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:40.112885600Z", + "ingested": "2021-02-15T11:59:36.745060950Z", "code": "430004", "original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41534, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileName: eicar.com.txt, FileType: EICAR, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:01:40Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar.com.txt", "kind": "alert", @@ -425,7 +425,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:40.112895300Z", + "ingested": "2021-02-15T11:59:36.745062238Z", "code": "430004", "original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41540, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, ThreatName: Unknown, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:03:27Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip", "kind": "alert", @@ -528,7 +528,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:40.112901800Z", + "ingested": "2021-02-15T11:59:36.745063481Z", "code": "430004", "original": "%FTD-1-430004: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41542, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Detect, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, ThreatName: Unknown, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:03:31Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip", "kind": "alert", @@ -631,7 +631,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:40.112908200Z", + "ingested": "2021-02-15T11:59:36.745064730Z", "code": "430005", "original": "%FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 41544, DstPort: 8000, Protocol: tcp, FileDirection: Download, FileAction: Malware Block, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, SHA_Disposition: Malware, SperoDisposition: Spero detection not performed on file, ThreatName: Win.Ransomware.Eicar::95.sbx.tg, ThreatScore: 76, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-14T15:09:40Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: File Size Is Too Small, URI: http://10.0.100.30:8000/eicar_com.zip", "kind": "alert", @@ -756,7 +756,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:40.112914100Z", + "ingested": "2021-02-15T11:59:36.745065976Z", "code": "430005", "original": "%FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46004, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, SHA_Disposition: Unavailable, SperoDisposition: Spero detection not performed on file, ThreatName: Win.Ransomware.Eicar::95.sbx.tg, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:39:02Z, FilePolicy: malware-and-file-policy, FileStorageStatus: Not Stored (Disposition Was Pending), FileSandboxStatus: File Size Is Too Small, URI: http://www.eicar.org/download/eicar_com.zip", "kind": "alert", @@ -862,7 +862,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:40.112921600Z", + "ingested": "2021-02-15T11:59:36.745067221Z", "code": "430005", "original": "%FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 10.0.100.30, SrcPort: 55378, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7, SHA_Disposition: Unavailable, SperoDisposition: Spero detection not performed on file, ThreatName: Unknown, FileName: dd3dee576d0cb4abfed00f97f0c71c1d, FileType: PDF, FileSize: 278987, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:40:45Z, FilePolicy: malware-and-file-policy, FileStorageStatus: Not Stored (Disposition Was Pending), FileSandboxStatus: Sent for Analysis, FileStaticAnalysisStatus: Failed to Send, URI: http://10.0.100.30/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d", "kind": "alert", @@ -986,7 +986,7 @@ }, "event": { "severity": 1, - "ingested": "2021-01-28T23:42:40.112927600Z", + "ingested": "2021-02-15T11:59:36.745068464Z", "code": "430005", "original": "%FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 18.197.225.123, SrcPort: 47926, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 9a04a82eb19ad382f9e9dbafa498c6b4291f93cfe98d9e8b2915af99c06ffcd7, SHA_Disposition: Malware, SperoDisposition: Spero detection not performed on file, ThreatName: Pdf.Exploit.Pdfka::100.sbx.tg, ThreatScore: 100, FileName: dd3dee576d0cb4abfed00f97f0c71c1d, FileType: PDF, FileSize: 278987, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:42:06Z, FilePolicy: malware-and-file-policy, FileSandboxStatus: Failed to Send, URI: http://18.197.225.123/public/infected/dd3dee576d0cb4abfed00f97f0c71c1d", "kind": "alert", diff --git a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-malware-site.log-expected.json b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-malware-site.log-expected.json index 6166a38d451..96b5fcb6b37 100644 --- a/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-malware-site.log-expected.json +++ b/packages/cisco/data_stream/ftd/_dev/test/pipeline/test-security-malware-site.log-expected.json @@ -98,7 +98,7 @@ "event": { "severity": 0, "duration": 20000000000, - "ingested": "2021-01-28T23:42:40.593703600Z", + "ingested": "2021-02-15T11:59:37.176505196Z", "code": "430003", "original": "%NGIPS-0-430003: DeviceUUID: 1c8ff662-08f3-11e4-85c0-bc960372972f, AccessControlRuleAction: Allow, AccessControlRuleReason: IP Monitor, SrcIP: 3.3.3.3, DstIP: 2.2.2.2, SrcPort: 65090, DstPort: 80, Protocol: tcp, IngressInterface: s1p1, EgressInterface: s1p2, IngressZone: Inside-DMZ-Interface-Inline, EgressZone: Inside-DMZ-Interface-Inline, ACPolicy: COOL-POLICY-3D, AccessControlRuleName: Inside DMZ-Rule-Inline, Prefilter Policy: Unknown, User: No Authentication Required, UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36, Client: Chrome, ClientVersion: 80.0.3987.87, ApplicationProtocol: HTTP, ConnectionDuration: 20, InitiatorPackets: 4, ResponderPackets: 4, InitiatorBytes: 729, ResponderBytes: 246, NAPPolicy: State-Backbone, SecIntMatchingIP: Destination, IPReputationSICategory: Malware, HTTPReferer: http://eyedropper-color-pick.info/mk?c=1581483445764, ReferencedHost: eyedropper-color-pick.info, URL: http://bad-malwaresite-grr.info/favicon.ico", "kind": "event", diff --git a/packages/cisco/data_stream/ftd/agent/stream/stream.yml.hbs b/packages/cisco/data_stream/ftd/agent/stream/stream.yml.hbs index aab902841e6..5851b0bdecc 100644 --- a/packages/cisco/data_stream/ftd/agent/stream/stream.yml.hbs +++ b/packages/cisco/data_stream/ftd/agent/stream/stream.yml.hbs @@ -6,3 +6,7 @@ exclude_files: [".gz$"] tags: {{tags}} processors: - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.8.0 diff --git a/packages/cisco/data_stream/ftd/agent/stream/udp.yml.hbs b/packages/cisco/data_stream/ftd/agent/stream/udp.yml.hbs index 97e312bde78..871397336bf 100644 --- a/packages/cisco/data_stream/ftd/agent/stream/udp.yml.hbs +++ b/packages/cisco/data_stream/ftd/agent/stream/udp.yml.hbs @@ -2,3 +2,7 @@ host: "{{udp_host}}:{{udp_port}}" tags: {{tags}} processors: - add_locale: ~ + - add_fields: + target: '' + fields: + ecs.version: 1.8.0 diff --git a/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml index 3e36d92cb05..b94e7253f82 100644 --- a/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml @@ -1552,18 +1552,32 @@ processors: field: related.ip value: "{{source.ip}}" if: "ctx?.source?.ip != null" + allow_duplicates: false - append: field: related.ip value: "{{destination.ip}}" if: "ctx?.destination?.ip != null" + allow_duplicates: false - append: field: related.user value: "{{user.name}}" - if: "ctx?.user?.name != null" + if: ctx?.user?.name != null && ctx?.user?.name != '' + allow_duplicates: false + - append: + field: related.user + value: "{{host.user.name}}" + if: ctx?.host?.user?.name != null && ctx?.host?.user?.name != '' + allow_duplicates: false + - append: + field: related.user + value: "{{source.user.name}}" + if: ctx?.source?.user?.name != null && ctx?.source?.user?.name != '' + allow_duplicates: false - append: field: related.hash value: "{{file.hash.sha256}}" if: "ctx?.file?.hash?.sha256 != null" + allow_duplicates: false - append: field: related.hosts value: "{{host.hostname}}" diff --git a/packages/cisco/manifest.yml b/packages/cisco/manifest.yml index f6cb6195bd3..3a8caa00967 100644 --- a/packages/cisco/manifest.yml +++ b/packages/cisco/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco title: Cisco -version: 0.7.7 +version: 0.7.8 license: basic description: Cisco Integration type: integration