python/jc
1
0
Fork 0
mirror of https://github.com/kellyjonbrazil/jc.git synced 2025-12-24 00:31:11 +02:00
Code Issues Releases Activity
Files
b65f37e07538982e4b166360c4d46e1eb5a774fa
jc/tests/fixtures/generic/cef.json
Kelly Brazil f7c6a82e73 add cef tests
2022-08-20 13:38:20 -07:00

2 lines
10 KiB
JSON
Raw Blame History

[{"deviceVendor":"Fortinet","deviceProduct":"FortiDeceptor","deviceVersion":"3.2.0","deviceEventClassId":"1","name":"SYSTEM","agentSeverity":"1","CEFVersion":0,"date":"2020-12-08","time":"16:59:33","logid":"0136000001","type":"event","subtype":"attack","level":"alert","user":"system","ui":"GUI","action":"Incident_Detection","status":"success","reason":"none","EventID":"1845921387423247329","IncidentID":"1845921507147395878","Tagkey":"192.168.100.1:59840:192.168.100.21:1836840592250413230","AttackerIP":"192.168.100.1","AttackerPort":"59840","VictimIP":"192.168.100.21","VictimPort":"445","Operation":"Logon_via_net_share","Service":"SAMBA","Username":"glen","Password":"lovely","Description":"\"SAMBA Login with password: lovely\"\"","agentSeverityString":"Low","agentSeverityNum":1,"deviceEventClassIdNum":1},{"deviceVendor":"Fortinet","deviceProduct":"FortiDeceptor","deviceVersion":"3.2.0","deviceEventClassId":"1","name":"SYSTEM","agentSeverity":"1","CEFVersion":0,"date":"2020-12-08","time":"16:59:33","logid":"0136000001","type":"event","subtype":"attack","level":"alert","user":"system","ui":"GUI","action":"Incident_Detection","status":"success","reason":"none","EventID":"1845921387423247329","IncidentID":"1845921507147395878","Tagkey":"192.168.100.1:59840:192.168.100.21:1836840592250413230","AttackerIP":"192.168.100.1","AttackerPort":"59840","VictimIP":"192.168.100.21","VictimPort":"445","Operation":"Logon_via_net_share","Service":"SAMBA","Username":"glen","Password":"lovely","Description":"\"this is a description\"\"","agentSeverityString":"Low","agentSeverityNum":1,"deviceEventClassIdNum":1},{"deviceVendor":"Trend Micro","deviceProduct":"Deep Security Agent","deviceVersion":"<DSA version>","deviceEventClassId":"4000000","name":"Eicar_test_file","agentSeverity":"6","CEFVersion":0,"dvchost":"hostname","string":"hello \"world\" this is a backslash: \\ and this is a bracket ]!","another":"field","Host_ID":1,"Quarantine":205,"agentSeverityString":"Medium","agentSeverityNum":6,"deviceEventClassIdNum":4000000},{"deviceVendor":"Trend Micro","deviceProduct":"Deep Security Agent","deviceVersion":"<DSA version>","deviceEventClassId":"4000000","name":"Eicar_test_file","agentSeverity":"Medium","CEFVersion":0,"dvchost":"hostname","filePath":"C:\\Users\\trend\\Desktop\\eicar.exe","act":"Delete","result":"Delete","msg":"Realtime","TrendMicroDsMalwareTarget":"N/A","N_TrendMicroDsFileMD5":"44D88612FEA8A8F36DE82E1278ABB02F","TrendMicroDsFileSHA1":"3395856CE81F2B7382DEE72602F798B642F14140","TrendMicroDsFileSHA256":"275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F","TrendMicroDsDetectionConfidence":"95","TrendMicroDsRelevantDetectionNames":"Ransom_CERBER.BZC;Ransom_CERBER.C;Ransom_CRYPNISCA.SM","Host_ID":1,"Quarantine_File_Size":205,"Container":"ContainerImageName | ContainerName | ContainerID","agentSeverityString":"Medium","agentSeverityNum":null,"deviceEventClassIdNum":4000000},{"deviceVendor":"Trend Micro","deviceProduct":"Deep Security Agent","deviceVersion":"<DSA version>","deviceEventClassId":"4000000","name":"Eicar_test_file","agentSeverity":"6","CEFVersion":0,"dvchost":"hostname","string":"hello \"world\" this is a backslash: \\ and this is a bracket ] this is equal =, this is pipe |, this is newline \n and another newline \n the end!","another":"field","Host_ID":1,"Quarantine":205,"agentSeverityString":"Medium","agentSeverityNum":6,"deviceEventClassIdNum":4000000},{"deviceVendor":"Trend Micro","deviceProduct":"Deep Security Agent","deviceVersion":"<DSA version>","deviceEventClassId":"4000000","name":"Eicar_test_file","agentSeverity":"6","CEFVersion":0,"dvchost":"hostname","string":"hello \"world\" this is a backslash: \\ and this is a bracket ]!","another":"field","start":"Nov 08 2020 12:30:00.111 UTC","start_epoch":1604867400,"start_epoch_utc":1604838600,"Host_ID":1,"Quarantine":205,"myDate":"Nov 08 2022 12:30:00.111","myDate_epoch":1667939400,"myDate_epoch_utc":null,"myFloat":3.14,"myTimestampDate":"1660966164045","myTimestampDate_epoch":1660966164,"myTimestampDate_epoch_utc":null,"agentSeverityString":"Medium","agentSeverityNum":6,"deviceEventClassIdNum":4000000},{"deviceVendor":"Incapsula","deviceProduct":"SIEMintegration","deviceVersion":"1","deviceEventClassId":"1","name":"Illegal Resource Access","agentSeverity":"3","CEFVersion":0,"fileid":"3412341160002518171","sourceServiceName":"site123.abcd.info","siteid":"1509732","suid":"50005477","requestClientApplication":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0","deviceFacility":"mia","ccode":"IL","tag":"www.elvis.com","cn1":200,"in":54,"xff":"44.44.44.44","dproc":"Browser","cicode":"Rehovot","Customer":"CEFcustomer123","siteTag":"my-site-tag","start":"1453290121336","request":"site123.abcd.info/","requestmethod":"GET","qstr":"p=%2fetc%2fpasswd","app":"HTTP","act":"REQ_CHALLENGE_CAPTCHA","deviceExternalID":"33411452762204224","cpt":"443","src":"12.12.12.12","ver":"TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256","end":"1566300670892","additionalReqHeaders":"[{\"Accept\":\"*/*\"},{\"x-v\":\"1\"},{\"x-fapi-interaction-id\":\"10.10.10.10\"}]","additionalResHeaders":"[{\"Content-Type\":\"text/html; charset=UTF-8\"}]","filetype":"30037,1001,","filepermission":"2,1,","start_epoch":1453290121,"start_epoch_utc":null,"end_epoch":1566300670,"end_epoch_utc":null,"Javascript_Support":"true","CO_Support":"true","Cap_Support":"NOT_SUPPORTED","VID":"c2e72124-0e8a-4dd8-b13b-3da246af3ab2","clappsig":"de3c633ac428e0678f3aac20cf7f239431e54cbb8a17e8302f53653923305e1835a9cd871db32aa4fc7b8a9463366cc4","clapp":"Firefox","latitude":"31.8969","longitude":"34.8186","Rule_name":"Block Malicious User,High Risk Resources,","Rule_Additional_Info":",,[{\"api_specification_violation_type\":\"INVALID_PARAM_NAME\",\"parameter_name\":\"somename\"}]","agentSeverityString":"Low","agentSeverityNum":3,"deviceEventClassIdNum":1},{"deviceVendor":"Incapsula","deviceProduct":"SIEMintegration","deviceVersion":"1","deviceEventClassId":"1","name":"Normal","agentSeverity":"0","CEFVersion":0,"sourceServiceName":"site123.abcd.info","siteid":"1509732","suid":"50005477","requestClientApplication":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0","deviceFacility":"mia","ccode":"IL","tag":"www.elvis.com","cicode":"Rehovot","Customer":"CEFcustomer123","siteTag":"my-site-tag","start":"1453290121336","request":"site123.abcd.info/main.css","ref":"www.incapsula.com/lama","requestmethod":"GET","cn1":200,"app":"HTTP","deviceExternalID":"33411452762204224","in":54,"xff":"44.44.44.44","cpt":"443","src":"12.12.12.12","ver":"TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256","end":"1566300670892","additionalReqHeaders":"[{\"Accept\":\"*/*\"},{\"x-v\":\"1\"},{\"x-fapi-interaction-id\":\"10.10.10.10\"}]","additionalResHeaders":"[{\"Content-Type\":\"text/html; charset=UTF-8\"}]","start_epoch":1453290121,"start_epoch_utc":null,"end_epoch":1566300670,"end_epoch_utc":null,"latitude":"31.8969","longitude":"34.8186","agentSeverityString":"Low","agentSeverityNum":0,"deviceEventClassIdNum":1},{"deviceVendor":"Incapsula","deviceProduct":"SIEMintegration","deviceVersion":"1","deviceEventClassId":"my device id","name":"Normal","agentSeverity":"0","CEFVersion":0,"sourceServiceName":"site123.abcd.info","siteid":"1509732","suid":"50005477","requestClientApplication":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0","deviceFacility":"mia","ccode":"IL","tag":"www.elvis.com","cicode":"Rehovot","Customer":"CEFcustomer123","siteTag":"my-site-tag","start":"1453290121336","request":"site123.abcd.info/main.css","ref":"www.incapsula.com/lama","requestmethod":"GET","cn1":200,"app":"HTTP","deviceExternalID":"33411452762204224","in":54,"xff":"44.44.44.44","cpt":"443","src":"12.12.12.12","ver":"TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256","end":"1566300670892","additionalReqHeaders":"[{\"Accept\":\"*/*\"},{\"x-v\":\"1\"},{\"x-fapi-interaction-id\":\"10.10.10.10\"}]","additionalResHeaders":"[{\"Content-Type\":\"text/html; charset=UTF-8\"}]","start_epoch":1453290121,"start_epoch_utc":null,"end_epoch":1566300670,"end_epoch_utc":null,"latitude":"31.8969","longitude":"34.8186","agentSeverityString":"Low","agentSeverityNum":0,"deviceEventClassIdNum":null},{"deviceVendor":"Kaspersky Lab","deviceProduct":"Kaspersky ICAP Server","deviceVersion":"%VERSION%","deviceEventClassId":"%EVENT_CLASS_ID%","name":"%EVENT_NAME%","agentSeverity":"%SEVERITY%","CEFVersion":0,"msg":"%EVENT_MSG%","src":"%CLIENT_IP%","dvcpid":"%ICAP_SERVER_PID%","start":"%EVENT_TIME%","fileHash":"%SCANNED_FILE_HASH%","request":"%SCANNED_URL%","start_epoch":null,"start_epoch_utc":null,"X_Client_Username":"%HTTP_USER_NAME%","X_Client_IP":"%HTTP_USER_IP%","Scan_result":"%SCAN_RESULT%","Virus_name":"%VIRUS_NAME%","SHA256":"%SCANNED_FILE_SHA256_HASH%","deviceEventClassIdNum":null},{"deviceVendor":"Elastic","deviceProduct":"Vaporware","deviceVersion":"1.0.0-alpha","deviceEventClassId":"18","name":"Web request","agentSeverity":"low","CEFVersion":0,"eventId":3457,"msg":"hello","agentSeverityString":"low","agentSeverityNum":null,"deviceEventClassIdNum":18},{"deviceVendor":"Aruba Networks","deviceProduct":"ClearPass","deviceVersion":"6.5.0.69058","deviceEventClassId":"0-1-0","name":"Insight Logs","agentSeverity":"0","CEFVersion":0,"Auth_Username":"host/Asif-Test-PC2","Auth_Authorization_Sources":"null","Auth_Login_Status":"216","Auth_Request_Timestamp":"2017-12-03 16:28:20+05:30","Auth_Protocol":"RADIUS","Auth_Source":"null","Auth_Enforcement_Profiles":"[Allow Access Profile]","Auth_NAS_Port":"null","Auth_SSID":"cppm-dot1x-test","TimestampFormat":"MMM dd yyyy HH:mm:ss.SSS zzz","Auth_NAS_Port_Type":"19","Auth_Error_Code":"216","Auth_Roles":"null","Auth_Service":"Test Wireless","Auth_Host_MAC_Address":"6817294b0636","Auth_Unhealthy":"null","Auth_NAS_IP_Address":"10.17.4.7","src":"10.17.4.208","Auth_CalledStationId":"000B8661CD70","Auth_NAS_Identifier":"ClearPassLab3600","agentSeverityString":"Low","agentSeverityNum":0,"deviceEventClassIdNum":null},{"unparsable":"unparsable line"},{"deviceVendor":"Aruba Networks","deviceProduct":"ClearPass","deviceVersion":"6.5.0.68754","deviceEventClassId":"13-1-0","name":"Audit Records","agentSeverity":"5","CEFVersion":0,"cat":"Role","timeFormat":"MMM dd yyyy HH:mm:ss.SSS zzz","rt":"Nov 19, 2014 18:21:13 IST","src":"Test Role 10","act":"ADD","usrName":"admin","rt_epoch":null,"rt_epoch_utc":null,"agentSeverityString":"Medium","agentSeverityNum":5,"deviceEventClassIdNum":null}]
Reference in New Issue View Git Blame Copy Permalink