pk/zeek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
zeek/auxil/zeekjs/tests/Baseline/zeekjs.new-event/.stdout
Patrick Kelley 8fd444092b initial
2025-05-07 15:35:15 -04:00

4607 lines
107 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
zeek_init []
new_connection [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 55767,
"resp_h": "172.20.10.1",
"resp_p": 53,
"proto": 17
},
"orig": {
"size": 42,
"state": 1,
"num_pkts": 0,
"num_bytes_ip": 0,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 0,
"num_pkts": 0,
"num_bytes_ip": 0,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.951343,
"duration": 0,
"service": [],
"history": "D",
"uid": "CHhAvVGS1DHFjwGM9",
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false
}
}
]
dns_message [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 55767,
"resp_h": "172.20.10.1",
"resp_p": 53,
"proto": 17
},
"orig": {
"size": 42,
"state": 1,
"num_pkts": 0,
"num_bytes_ip": 0,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 0,
"num_pkts": 0,
"num_bytes_ip": 0,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.951343,
"duration": 0,
"service": [],
"history": "D",
"uid": "CHhAvVGS1DHFjwGM9",
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false
}
},
{
"name": "is_orig",
"value": true
},
{
"name": "msg",
"value": {
"id": 43556,
"opcode": 0,
"rcode": 0,
"QR": false,
"AA": false,
"TC": false,
"RD": true,
"RA": false,
"Z": 0,
"AD": false,
"CD": false,
"num_queries": 1,
"num_answers": 0,
"num_auth": 0,
"num_addl": 1
}
},
{
"name": "len",
"value": 42
}
]
dns_request [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 55767,
"resp_h": "172.20.10.1",
"resp_p": 53,
"proto": 17
},
"orig": {
"size": 42,
"state": 1,
"num_pkts": 0,
"num_bytes_ip": 0,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 0,
"num_pkts": 0,
"num_bytes_ip": 0,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.951343,
"duration": 0,
"service": [],
"history": "D",
"uid": "CHhAvVGS1DHFjwGM9",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"dns": {
"ts": 1630238733.951343,
"uid": "CHhAvVGS1DHFjwGM9",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 55767,
"resp_h": "172.20.10.1",
"resp_p": 53,
"proto": 17
},
"proto": "udp",
"trans_id": 43556,
"AA": false,
"TC": false,
"RD": false,
"RA": false,
"Z": 0,
"rejected": false,
"saw_query": false,
"saw_reply": false
},
"dns_state": {
"pending_query": {
"ts": 1630238733.951343,
"uid": "CHhAvVGS1DHFjwGM9",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 55767,
"resp_h": "172.20.10.1",
"resp_p": 53,
"proto": 17
},
"proto": "udp",
"trans_id": 43556,
"AA": false,
"TC": false,
"RD": false,
"RA": false,
"Z": 0,
"rejected": false,
"saw_query": false,
"saw_reply": false
}
},
"ftp_data_reuse": false
}
},
{
"name": "msg",
"value": {
"id": 43556,
"opcode": 0,
"rcode": 0,
"QR": false,
"AA": false,
"TC": false,
"RD": true,
"RA": false,
"Z": 0,
"AD": false,
"CD": false,
"num_queries": 1,
"num_answers": 0,
"num_auth": 0,
"num_addl": 1
}
},
{
"name": "query",
"value": "corelight.com"
},
{
"name": "qtype",
"value": 1
},
{
"name": "qclass",
"value": 1
},
{
"name": "original_query",
"value": "corelight.com"
}
]
dns_message [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 55767,
"resp_h": "172.20.10.1",
"resp_p": 53,
"proto": 17
},
"orig": {
"size": 42,
"state": 1,
"num_pkts": 1,
"num_bytes_ip": 70,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 74,
"state": 1,
"num_pkts": 0,
"num_bytes_ip": 0,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.951343,
"duration": 0.03791093826293945,
"service": [
"DNS"
],
"history": "Dd",
"uid": "CHhAvVGS1DHFjwGM9",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"dns": {
"ts": 1630238733.951343,
"uid": "CHhAvVGS1DHFjwGM9",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 55767,
"resp_h": "172.20.10.1",
"resp_p": 53,
"proto": 17
},
"proto": "udp",
"trans_id": 43556,
"query": "corelight.com",
"qclass": 1,
"qclass_name": "C_INTERNET",
"qtype": 1,
"qtype_name": "A",
"AA": false,
"TC": false,
"RD": true,
"RA": false,
"Z": 0,
"rejected": false,
"saw_query": true,
"saw_reply": false
},
"dns_state": {
"pending_query": {
"ts": 1630238733.951343,
"uid": "CHhAvVGS1DHFjwGM9",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 55767,
"resp_h": "172.20.10.1",
"resp_p": 53,
"proto": 17
},
"proto": "udp",
"trans_id": 43556,
"query": "corelight.com",
"qclass": 1,
"qclass_name": "C_INTERNET",
"qtype": 1,
"qtype_name": "A",
"AA": false,
"TC": false,
"RD": true,
"RA": false,
"Z": 0,
"rejected": false,
"saw_query": true,
"saw_reply": false
}
},
"ftp_data_reuse": false
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "msg",
"value": {
"id": 43556,
"opcode": 0,
"rcode": 0,
"QR": true,
"AA": false,
"TC": false,
"RD": true,
"RA": true,
"Z": 0,
"AD": false,
"CD": false,
"num_queries": 1,
"num_answers": 2,
"num_auth": 0,
"num_addl": 1
}
},
{
"name": "len",
"value": 74
}
]
new_connection [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 0,
"state": 0,
"num_pkts": 0,
"num_bytes_ip": 0,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 0,
"num_pkts": 0,
"num_bytes_ip": 0,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0,
"service": [],
"history": "",
"uid": "ClEkJM2Vm5giqnMf4h",
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false
}
}
]
http_request [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.01784205436706543,
"service": [
"HTTP"
],
"history": "ShAD",
"uid": "ClEkJM2Vm5giqnMf4h",
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false
}
},
{
"name": "method",
"value": "GET"
},
{
"name": "original_URI",
"value": "/"
},
{
"name": "unescaped_URI",
"value": "/"
},
{
"name": "version",
"value": "1.1"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.01784205436706543,
"service": [
"HTTP"
],
"history": "ShAD",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"uri": "/",
"request_body_len": 0,
"response_body_len": 0,
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 0
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"uri": "/",
"request_body_len": 0,
"response_body_len": 0,
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 0
}
},
"current_request": 1,
"current_response": 0,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": true
},
{
"name": "original_name",
"value": "Host"
},
{
"name": "name",
"value": "HOST"
},
{
"name": "value",
"value": "corelight.com"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.01784205436706543,
"service": [
"HTTP"
],
"history": "ShAD",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"request_body_len": 0,
"response_body_len": 0,
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 0
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"request_body_len": 0,
"response_body_len": 0,
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 0
}
},
"current_request": 1,
"current_response": 0,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": true
},
{
"name": "original_name",
"value": "User-Agent"
},
{
"name": "name",
"value": "USER-AGENT"
},
{
"name": "value",
"value": "curl/7.76.1"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.01784205436706543,
"service": [
"HTTP"
],
"history": "ShAD",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 0
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 0
}
},
"current_request": 1,
"current_response": 0,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": true
},
{
"name": "original_name",
"value": "Accept"
},
{
"name": "name",
"value": "ACCEPT"
},
{
"name": "value",
"value": "*/*"
}
]
get_file_handle [
{
"name": "tag",
"value": "Analyzer::ANALYZER_HTTP"
},
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.01784205436706543,
"service": [
"HTTP"
],
"history": "ShAD",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"tags": [],
"capture_password": false,
"range_request": false,
"orig_mime_depth": 1,
"resp_mime_depth": 0
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"tags": [],
"capture_password": false,
"range_request": false,
"orig_mime_depth": 1,
"resp_mime_depth": 0
}
},
"current_request": 1,
"current_response": 0,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": true
}
]
http_message_done [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.01784205436706543,
"service": [
"HTTP"
],
"history": "ShAD",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"tags": [],
"capture_password": false,
"range_request": false,
"orig_mime_depth": 1,
"resp_mime_depth": 0
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"tags": [],
"capture_password": false,
"range_request": false,
"orig_mime_depth": 1,
"resp_mime_depth": 0
}
},
"current_request": 1,
"current_response": 0,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": true
},
{
"name": "stat",
"value": {
"start": 1630238734.007674,
"interrupted": false,
"finish_msg": "message ends normally",
"body_length": 0,
"content_gap_length": 0,
"header_length": 67
}
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "Date"
},
{
"name": "name",
"value": "DATE"
},
{
"name": "value",
"value": "Sun, 29 Aug 2021 12:05:34 GMT"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "Connection"
},
{
"name": "name",
"value": "CONNECTION"
},
{
"name": "value",
"value": "keep-alive"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "Location"
},
{
"name": "name",
"value": "LOCATION"
},
{
"name": "value",
"value": "https://corelight.com/"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "Cache-Control"
},
{
"name": "name",
"value": "CACHE-CONTROL"
},
{
"name": "value",
"value": "s-maxage=3600,max-age=120"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "Strict-Transport-Security"
},
{
"name": "name",
"value": "STRICT-TRANSPORT-SECURITY"
},
{
"name": "value",
"value": "max-age=31536000"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "X-Hs-Https-Only"
},
{
"name": "name",
"value": "X-HS-HTTPS-ONLY"
},
{
"name": "value",
"value": "worker"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "Report-To"
},
{
"name": "name",
"value": "REPORT-TO"
},
{
"name": "value",
"value": "{\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=xFhmAO%2F27odapXRIIu6Su0tyQnb7xRRnaW4KarFIktiowjABTmgW%2FQfTTT%2F9YAG%2F7Dn2wkvLMtwjRuXtOEKKvqF50TsGcxNxTI8WRQUUhv9YC%2BVdfCg6FfRKn%2FkCCz4%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "NEL"
},
{
"name": "name",
"value": "NEL"
},
{
"name": "value",
"value": "{\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "Set-Cookie"
},
{
"name": "name",
"value": "SET-COOKIE"
},
{
"name": "value",
"value": "__cfruid=e02ce062c7627d878b3dcf8f2ef9382980b7aa05-1630238734; path=/; domain=.corelight.com; HttpOnly"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "Server"
},
{
"name": "name",
"value": "SERVER"
},
{
"name": "value",
"value": "cloudflare"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "CF-RAY"
},
{
"name": "name",
"value": "CF-RAY"
},
{
"name": "value",
"value": "6865a5f7af83874d-DUS"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "alt-svc"
},
{
"name": "name",
"value": "ALT-SVC"
},
{
"name": "value",
"value": "h3-27=\":443\"; ma=86400, h3-28=\":443\"; ma=86400, h3-29=\":443\"; ma=86400, h3=\":443\"; ma=86400"
}
]
http_header [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"current_entity": {},
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "original_name",
"value": "Content-Length"
},
{
"name": "name",
"value": "CONTENT-LENGTH"
},
{
"name": "value",
"value": "0"
}
]
get_file_handle [
{
"name": "tag",
"value": "Analyzer::ANALYZER_HTTP"
},
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
}
]
http_message_done [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 241,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.1940610408782959,
"service": [
"HTTP"
],
"history": "ShADad",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {
"1": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"orig_mime_depth": 1,
"resp_mime_depth": 1
}
},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": false
},
{
"name": "stat",
"value": {
"start": 1630238734.183893,
"interrupted": false,
"finish_msg": "message ends normally",
"body_length": 0,
"content_gap_length": 0,
"header_length": 824
}
}
]
new_connection [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 0,
"state": 0,
"num_pkts": 0,
"num_bytes_ip": 0,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 0,
"num_pkts": 0,
"num_bytes_ip": 0,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0,
"service": [],
"history": "",
"uid": "C4J4Th3PJpwUYZZ6gc",
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false
}
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 0
},
{
"name": "val",
"value": "\u0000\u0010\u0000\u0000\rcorelight.com"
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 11
},
{
"name": "val",
"value": "\u0003\u0000\u0001\u0002"
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 10
},
{
"name": "val",
"value": "\u0000\n\u0000\u001d\u0000\u0017\u0000\u001e\u0000\u0019\u0000\u0018"
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 13172
},
{
"name": "val",
"value": ""
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 16
},
{
"name": "val",
"value": "\u0000\f\u0002h2\bhttp/1.1"
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 22
},
{
"name": "val",
"value": ""
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 23
},
{
"name": "val",
"value": ""
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 49
},
{
"name": "val",
"value": ""
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 13
},
{
"name": "val",
"value": "\u0000 \u0004\u0003\u0005\u0003\u0006\u0003\b\u0007\b\b\b\t\b\n\b\u000b\b\u0004\b\u0005\b\u0006\u0004\u0001\u0005\u0001\u0006\u0001\u0003\u0003\u0003\u0001"
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 43
},
{
"name": "val",
"value": "\u0004\u0003\u0004\u0003\u0003"
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 45
},
{
"name": "val",
"value": "\u0001\u0001"
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 51
},
{
"name": "val",
"value": "\u0000$\u0000\u001d\u0000 ²^6Ì‡Ì88eRIa\u001b2w»3ým›nãeë56½JP\r"
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "code",
"value": 21
},
{
"name": "val",
"value": "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000"
}
]
ssl_plaintext_data [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 2,
"num_bytes_ip": 112,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 0,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.024854183197021484,
"service": [
"SSL"
],
"history": "ShAD",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"server_name": "corelight.com",
"session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"analyzer_id": 13,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "C",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "record_version",
"value": 769
},
{
"name": "content_type",
"value": 22
},
{
"name": "length",
"value": 512
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 681,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 1388,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.06890416145324707,
"service": [
"SSL"
],
"history": "ShADd",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"curve": "x25519",
"server_name": "corelight.com",
"session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"analyzer_id": 13,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "C",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": false
},
{
"name": "code",
"value": 51
},
{
"name": "val",
"value": "\u0000\u001d\u0000 ϱÝxsí²'…ëï齯=°W^\u0019E„óËãK\u001f×\u0001H\u0007 "
}
]
ssl_extension [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 681,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 1388,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.06890416145324707,
"service": [
"SSL"
],
"history": "ShADd",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"version_num": 772,
"version": "TLSv13",
"curve": "x25519",
"server_name": "corelight.com",
"session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"analyzer_id": 13,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "C",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": false
},
{
"name": "code",
"value": 43
},
{
"name": "val",
"value": "\u0003\u0004"
}
]
ssl_plaintext_data [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 681,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 1388,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.06890416145324707,
"service": [
"SSL"
],
"history": "ShADd",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"version_num": 772,
"version": "TLSv13",
"cipher": "TLS_AES_256_GCM_SHA384",
"curve": "x25519",
"server_name": "corelight.com",
"session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"analyzer_id": 13,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "Cs",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": false
},
{
"name": "record_version",
"value": 771
},
{
"name": "content_type",
"value": 22
},
{
"name": "length",
"value": 122
}
]
ssl_plaintext_data [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 517,
"state": 4,
"num_pkts": 3,
"num_bytes_ip": 681,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 1388,
"state": 4,
"num_pkts": 1,
"num_bytes_ip": 60,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.06890416145324707,
"service": [
"SSL"
],
"history": "ShADd",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"version_num": 772,
"version": "TLSv13",
"cipher": "TLS_AES_256_GCM_SHA384",
"curve": "x25519",
"server_name": "corelight.com",
"session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"analyzer_id": 13,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "Csi",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": false
},
{
"name": "record_version",
"value": 771
},
{
"name": "content_type",
"value": 20
},
{
"name": "length",
"value": 1
}
]
ssl_plaintext_data [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 597,
"state": 4,
"num_pkts": 6,
"num_bytes_ip": 837,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 2592,
"state": 4,
"num_pkts": 4,
"num_bytes_ip": 2808,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.06974601745605469,
"service": [
"SSL"
],
"history": "ShADd",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"version_num": 772,
"version": "TLSv13",
"cipher": "TLS_AES_256_GCM_SHA384",
"curve": "x25519",
"server_name": "corelight.com",
"session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"analyzer_id": 13,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "CsiI",
"server_depth": 0,
"client_depth": 0
}
}
},
{
"name": "is_client",
"value": true
},
{
"name": "record_version",
"value": 771
},
{
"name": "content_type",
"value": 20
},
{
"name": "length",
"value": 1
}
]
ssl_established [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 597,
"state": 4,
"num_pkts": 6,
"num_bytes_ip": 837,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 2592,
"state": 4,
"num_pkts": 4,
"num_bytes_ip": 2808,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.06974601745605469,
"service": [
"SSL"
],
"history": "ShADd",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"version_num": 772,
"version": "TLSv13",
"cipher": "TLS_AES_256_GCM_SHA384",
"curve": "x25519",
"server_name": "corelight.com",
"session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"analyzer_id": 13,
"established": false,
"logged": false,
"hrr_seen": false,
"ssl_history": "CsiI",
"server_depth": 0,
"client_depth": 0
}
}
}
]
connection_state_remove [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 55767,
"resp_h": "172.20.10.1",
"resp_p": 53,
"proto": 17
},
"orig": {
"size": 42,
"state": 1,
"num_pkts": 1,
"num_bytes_ip": 70,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 74,
"state": 1,
"num_pkts": 1,
"num_bytes_ip": 102,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.951343,
"duration": 0.03791093826293945,
"service": [
"DNS"
],
"history": "Dd",
"uid": "CHhAvVGS1DHFjwGM9",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"dns_state": {},
"ftp_data_reuse": false
}
}
]
connection_state_remove [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"orig": {
"size": 842,
"state": 5,
"num_pkts": 112,
"num_bytes_ip": 6674,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 96230,
"state": 5,
"num_pkts": 137,
"num_bytes_ip": 103374,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238734.184846,
"duration": 0.4085841178894043,
"service": [
"SSL"
],
"history": "ShADdaFf",
"uid": "C4J4Th3PJpwUYZZ6gc",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"ssl": {
"ts": 1630238734.2097,
"uid": "C4J4Th3PJpwUYZZ6gc",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 45208,
"resp_h": "199.60.103.106",
"resp_p": 443,
"proto": 6
},
"version_num": 772,
"version": "TLSv13",
"cipher": "TLS_AES_256_GCM_SHA384",
"curve": "x25519",
"server_name": "corelight.com",
"session_id": "05628f4ff03bc85cef6bd6b1a01b9419063cf7fc3c5f10fc7b18cfc4b8190e09",
"resumed": false,
"client_ticket_empty_session_seen": false,
"client_key_exchange_seen": false,
"client_psk_seen": false,
"established": true,
"logged": true,
"hrr_seen": false,
"ssl_history": "CsiI",
"server_depth": 0,
"client_depth": 0
}
}
}
]
get_file_handle [
{
"name": "tag",
"value": "Analyzer::ANALYZER_HTTP"
},
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 5,
"num_pkts": 6,
"num_bytes_ip": 397,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 5,
"num_pkts": 4,
"num_bytes_ip": 1070,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.5914499759674072,
"service": [
"HTTP"
],
"history": "ShADadFf",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
},
{
"name": "is_orig",
"value": true
}
]
connection_state_remove [
{
"name": "c",
"value": {
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"orig": {
"size": 77,
"state": 5,
"num_pkts": 6,
"num_bytes_ip": 397,
"flow_label": 0,
"l2_addr": "36:42:62:dd:97:73"
},
"resp": {
"size": 854,
"state": 5,
"num_pkts": 4,
"num_bytes_ip": 1070,
"flow_label": 0,
"l2_addr": "36:42:62:dd:0a:64"
},
"start_time": 1630238733.989832,
"duration": 0.5914499759674072,
"service": [
"HTTP"
],
"history": "ShADadFf",
"uid": "ClEkJM2Vm5giqnMf4h",
"removal_hooks": null,
"service_violation": [],
"extract_orig": false,
"extract_resp": false,
"ftp_data_reuse": false,
"http": {
"ts": 1630238734.007674,
"uid": "ClEkJM2Vm5giqnMf4h",
"id": {
"orig_h": "172.20.10.3",
"orig_p": 59588,
"resp_h": "199.60.103.106",
"resp_p": 80,
"proto": 6
},
"trans_depth": 1,
"method": "GET",
"host": "corelight.com",
"uri": "/",
"version": "1.1",
"user_agent": "curl/7.76.1",
"request_body_len": 0,
"response_body_len": 0,
"status_code": 301,
"status_msg": "Moved Permanently",
"tags": [],
"capture_password": false,
"range_request": false,
"orig_mime_depth": 1,
"resp_mime_depth": 1
},
"http_state": {
"pending": {},
"current_request": 1,
"current_response": 1,
"trans_depth": 1
}
}
}
]
zeek_done []
Reference in New Issue View Git Blame Copy Permalink