From 1acebbda285ea8568243ef30cf4c9c28f034223e Mon Sep 17 00:00:00 2001 From: Alfredo Cardigliano Date: Thu, 14 Apr 2022 09:18:45 +0200 Subject: [PATCH] Tests update (change value for no network) --- tests/e2e/rest/result/v1/alert_dns_data_exfiltration_01.out | 2 +- tests/e2e/rest/result/v1/alert_dns_data_exfiltration_02.out | 2 +- tests/e2e/rest/result/v1/alert_flow_exclusion_lists.out | 2 +- tests/e2e/rest/result/v1/alert_flow_invalid_dns_query_02.out | 2 +- tests/e2e/rest/result/v1/alert_flow_risk_dga_01.out | 2 +- tests/e2e/rest/result/v1/alert_flow_risk_dga_02.out | 2 +- .../e2e/rest/result/v1/alert_flow_risk_http_numeric_ip_host.out | 2 +- tests/e2e/rest/result/v1/alert_flow_risk_missing_tls_sni.out | 2 +- tests/e2e/rest/result/v1/alert_flow_risk_unsafe_protocol.out | 2 +- tests/e2e/rest/result/v1/alert_tls_certificate_expired.out | 2 +- tests/e2e/rest/result/v1/alert_tls_certificate_selfsigned.out | 2 +- tests/e2e/rest/result/v1/alert_web_mining.out | 2 +- tests/e2e/rest/result/v1/get_alert_data_01.out | 2 +- tests/e2e/rest/result/v1/get_alert_data_02.out | 2 +- tests/e2e/rest/result/v1/get_host_data_01.out | 2 +- tests/e2e/rest/result/v1/get_host_data_02.out | 2 +- tests/e2e/rest/result/v1/get_interface_data_01.out | 2 +- tests/e2e/rest/result/v1/set_host_alias_01.out | 2 +- tests/e2e/rest/result/v2/alert_dns_data_exfiltration_01.out | 2 +- tests/e2e/rest/result/v2/alert_dns_data_exfiltration_02.out | 2 +- tests/e2e/rest/result/v2/alert_flow_exclusion_lists.out | 2 +- tests/e2e/rest/result/v2/alert_flow_invalid_dns_query_02.out | 2 +- tests/e2e/rest/result/v2/alert_flow_risk_dga_01.out | 2 +- tests/e2e/rest/result/v2/alert_flow_risk_dga_02.out | 2 +- .../e2e/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out | 2 +- tests/e2e/rest/result/v2/alert_flow_risk_missing_tls_sni.out | 2 +- tests/e2e/rest/result/v2/alert_flow_risk_unsafe_protocol.out | 2 +- tests/e2e/rest/result/v2/alert_tls_cert_validity_too_long.out | 2 +- tests/e2e/rest/result/v2/alert_tls_certificate_expired.out | 2 +- tests/e2e/rest/result/v2/alert_tls_certificate_selfsigned.out | 2 +- tests/e2e/rest/result/v2/alert_web_mining.out | 2 +- tests/e2e/rest/result/v2/get_alert_data_01.out | 2 +- tests/e2e/rest/result/v2/get_alert_data_02.out | 2 +- tests/e2e/rest/result/v2/get_host_data_01.out | 2 +- tests/e2e/rest/result/v2/get_host_data_02.out | 2 +- tests/e2e/rest/result/v2/get_interface_data_01.out | 2 +- tests/e2e/rest/result/v2/set_host_alias_01.out | 2 +- 37 files changed, 37 insertions(+), 37 deletions(-) diff --git a/tests/e2e/rest/result/v1/alert_dns_data_exfiltration_01.out b/tests/e2e/rest/result/v1/alert_dns_data_exfiltration_01.out index 3a513c1cb3..4c868fd608 100644 --- a/tests/e2e/rest/result/v1/alert_dns_data_exfiltration_01.out +++ b/tests/e2e/rest/result/v1/alert_dns_data_exfiltration_01.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163813647,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649826271},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163813540,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649826271},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163813635,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649826271},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163899576,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649912200},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163899469,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649912200},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163899564,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649912200},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/alert_dns_data_exfiltration_02.out b/tests/e2e/rest/result/v1/alert_dns_data_exfiltration_02.out index 9947f5d252..f475e38ee5 100644 --- a/tests/e2e/rest/result/v1/alert_dns_data_exfiltration_02.out +++ b/tests/e2e/rest/result/v1/alert_dns_data_exfiltration_02.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163813722,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649826346},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163813615,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649826346},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163813710,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649826346},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163899652,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649912276},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163899545,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649912276},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163899640,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649912276},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/alert_flow_exclusion_lists.out b/tests/e2e/rest/result/v1/alert_flow_exclusion_lists.out index d0b80b7f56..c51dddddf4 100644 --- a/tests/e2e/rest/result/v1/alert_flow_exclusion_lists.out +++ b/tests/e2e/rest/result/v1/alert_flow_exclusion_lists.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":85,"recordsTotal":85,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084557,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51409 and port 53","epoch_begin":1589741864,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571639&flow_hash_id=6","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"51409","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084557,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62064 and port 53","epoch_begin":1589741864,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546849&flow_hash_id=10","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"62064","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51784 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536569&flow_hash_id=52","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51784","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: partner.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 88 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57672 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536592&flow_hash_id=51","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 295 Bytes | Client to Server Traffic: 86 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64331 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169537386&flow_hash_id=18","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64331","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 230 Bytes | Client to Server Traffic: 72 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64210 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571945&flow_hash_id=53","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64210","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 98 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"6","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084557,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62168 and port 53","epoch_begin":1589741864,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169573473&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62168","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"7","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56927 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169542477&flow_hash_id=57","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56927","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 129 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54636 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169545796&flow_hash_id=48","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54636","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 186 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"9","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084557,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64109 and port 53","epoch_begin":1589741864,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546089&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64109","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"10","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53871 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546561&flow_hash_id=76","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53871","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"11","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52340 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169547835&flow_hash_id=24","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52340","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"12","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084557,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65014 and port 53","epoch_begin":1589741864,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169581164&flow_hash_id=7","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65014","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"13","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64119 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169548649&flow_hash_id=50","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64119","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"14","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084557,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61563 and port 443","epoch_begin":1589741864,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584132&flow_hash_id=14","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61563","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61566 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584900&flow_hash_id=21","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61566","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61569 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585668&flow_hash_id=27","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61569","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61570 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585924&flow_hash_id=28","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61570","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61598 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134549&flow_hash_id=68","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61598","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.34 KB | Client to Server Traffic: 972 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#ffc007","label":"50","value":50},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61572 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169586436&flow_hash_id=31","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61572","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59920 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169522265&flow_hash_id=49","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59920","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 92 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"21","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61606 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465136597&flow_hash_id=77","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61606","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.03 KB | Client to Server Traffic: 582 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#ffc007","label":"50","value":50},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61580 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169588484&flow_hash_id=40","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61580","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"23","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62869 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556324&flow_hash_id=16","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62869","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"24","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62359 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556834&flow_hash_id=22","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62359","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 101 Bytes | Client to Server Traffic: 85 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"25","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 55707 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557832&flow_hash_id=34","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55707","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a771.dscq.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 112 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"26","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61589 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169590788&flow_hash_id=59","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61589","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"27","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65309 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169525614&flow_hash_id=54","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65309","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"28","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61594 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169592068&flow_hash_id=64","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61594","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"29","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63777 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169526632&flow_hash_id=46","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63777","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 143 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"30","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52650 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169561660&flow_hash_id=29","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 96 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"31","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084557,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61739 and port 53","epoch_begin":1589741864,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529184&flow_hash_id=15","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61739","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 128 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"32","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61607 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595396&flow_hash_id=78","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61607","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"33","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61608 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595652&flow_hash_id=79","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61608","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"34","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53807 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169530177&flow_hash_id=25","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53807","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 175 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"35","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61609 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595908&flow_hash_id=80","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61609","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 522 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"36","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61610 and port 443","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169596164&flow_hash_id=81","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61610","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"37","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62012 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169533537&flow_hash_id=17","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62012","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 163 Bytes | Client to Server Traffic: 74 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"38","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084556,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51263 and port 53","epoch_begin":1589741865,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534263&flow_hash_id=47","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51263","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 139 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"39","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084557,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54593 and port 53","epoch_begin":1589741864,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534788&flow_hash_id=13","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54593","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 182 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"40","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 60368 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571418&flow_hash_id=98","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60368","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"41","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64080 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169538665&flow_hash_id=100","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64080","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 167 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"42","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61397 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169572702&flow_hash_id=92","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61397","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 184 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"43","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57066 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169578061&flow_hash_id=93","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57066","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"44","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 49907 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169580337&flow_hash_id=101","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"49907","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 177 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"45","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52734 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169583164&flow_hash_id=95","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52734","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 136 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"46","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52367 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169554747&flow_hash_id=90","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52367","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"47","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59283 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169555798&flow_hash_id=99","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59283","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a221.g.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 109 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"48","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58649 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524564&flow_hash_id=94","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58649","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 121 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"49","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51226 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524791&flow_hash_id=97","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51226","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"50","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54170 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557570&flow_hash_id=91","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54170","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 105 Bytes | Client to Server Traffic: 89 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"51","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63273 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169528678&flow_hash_id=96","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63273","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"52","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64299 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529194&flow_hash_id=89","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64299","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 97 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"53","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56374 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531979&flow_hash_id=102","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56374","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 176 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"54","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61619 and port 443","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598468&flow_hash_id=105","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61619","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"55","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61620 and port 443","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598724&flow_hash_id=106","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61620","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 517 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"56","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61621 and port 443","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598980&flow_hash_id=107","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61621","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"57","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61622 and port 443","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599236&flow_hash_id=108","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61622","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"58","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61623 and port 443","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599492&flow_hash_id=109","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61623","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"59","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61624 and port 443","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599748&flow_hash_id=110","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61624","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 526 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"60","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56898 and port 53","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169535053&flow_hash_id=88","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56898","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 94 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"61","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate Mismatch","value":"23"},"alert_name":" TLS Certificate Mismatch","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Mismatch [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 184.51.127.56 and port 61632 and port 443","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2027748492&flow_hash_id=118","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61632","srv_ip":{"blacklisted":"0","country":"IT","label":"184.51.127.56","label_long":"184.51.127.56","reference":"","value":"184.51.127.56"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 13/08/2019 02:00:00 - 12/08/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.15 KB | Client to Server Traffic: 576 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Mismatch [Score: 100]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"62","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084554,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61650 and port 443","epoch_begin":1589741867,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606404&flow_hash_id=132","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"63","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084554,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61651 and port 443","epoch_begin":1589741867,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606660&flow_hash_id=133","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61651","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"64","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084554,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61657 and port 443","epoch_begin":1589741867,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608196&flow_hash_id=139","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61657","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"65","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084554,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61664 and port 443","epoch_begin":1589741867,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609988&flow_hash_id=146","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61664","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"66","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084554,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61665 and port 443","epoch_begin":1589741867,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610244&flow_hash_id=147","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61665","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"67","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084554,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61667 and port 443","epoch_begin":1589741867,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610756&flow_hash_id=149","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61667","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"68","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61625 and port 443","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600004&flow_hash_id=111","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61625","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"69","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61627 and port 443","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600516&flow_hash_id=113","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61627","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"70","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61628 and port 443","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600772&flow_hash_id=114","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61628","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"71","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084555,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61629 and port 443","epoch_begin":1589741866,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169601028&flow_hash_id=115","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61629","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"72","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084553,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 50013 and port 53","epoch_begin":1589741868,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169541938&flow_hash_id=162","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"50013","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: media.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 178 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"73","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084553,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56544 and port 53","epoch_begin":1589741868,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575499&flow_hash_id=172","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56544","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: fbc.wcfbc.net ] [ Main Direction: Server Client | Server to Client Traffic: 89 Bytes | Client to Server Traffic: 73 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"74","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084553,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61672 and port 443","epoch_begin":1589741868,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612036&flow_hash_id=152","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"75","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084553,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61675 and port 443","epoch_begin":1589741868,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612804&flow_hash_id=155","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61675","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"76","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084553,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61676 and port 443","epoch_begin":1589741868,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613060&flow_hash_id=156","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61676","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"77","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084553,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61678 and port 443","epoch_begin":1589741868,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613572&flow_hash_id=158","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61678","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"78","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084553,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61682 and port 443","epoch_begin":1589741868,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169614596&flow_hash_id=163","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61682","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"79","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084553,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58163 and port 53","epoch_begin":1589741868,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531218&flow_hash_id=165","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58163","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: d.adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"80","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60084553,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63928 and port 53","epoch_begin":1589741868,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169565288&flow_hash_id=169","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63928","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"81","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60084554,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61660 and port 443","epoch_begin":1589741867,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608964&flow_hash_id=142","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61660","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"82","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60084554,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61663 and port 443","epoch_begin":1589741867,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609732&flow_hash_id=145","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61663","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"83","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60084552,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61691 and port 443","epoch_begin":1589741869,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169616900&flow_hash_id=177","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61691","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 512 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"84","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS not carrying HTTPS","value":"46"},"alert_name":" TLS not carrying HTTPS","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS not carrying HTTPS [Score: 10]"},"duration":60084553,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61685 and port 443","epoch_begin":1589741868,"epoch_end":1649826422},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044741801&flow_hash_id=167","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61685","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Client Server | Server to Client Traffic: 1.88 KB | Client to Server Traffic: 2.0 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS not carrying HTTPS [Score: 10]","fullname":"TLS not carrying HTTPS","name":"TLS not carrying HTTPS","value":46},"proto":{"label":"TCP","value":"6"},"row_id":"85","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_tls_not_carrying_https","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":85,"recordsTotal":85,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170486,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51409 and port 53","epoch_begin":1589741864,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571639&flow_hash_id=6","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"51409","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170486,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62064 and port 53","epoch_begin":1589741864,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546849&flow_hash_id=10","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"62064","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51784 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536569&flow_hash_id=52","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51784","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: partner.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 88 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57672 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536592&flow_hash_id=51","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 295 Bytes | Client to Server Traffic: 86 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64331 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169537386&flow_hash_id=18","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64331","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 230 Bytes | Client to Server Traffic: 72 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64210 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571945&flow_hash_id=53","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64210","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 98 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"6","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170486,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62168 and port 53","epoch_begin":1589741864,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169573473&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62168","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"7","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56927 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169542477&flow_hash_id=57","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56927","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 129 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54636 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169545796&flow_hash_id=48","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54636","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 186 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"9","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170486,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64109 and port 53","epoch_begin":1589741864,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546089&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64109","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"10","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53871 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546561&flow_hash_id=76","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53871","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"11","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52340 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169547835&flow_hash_id=24","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52340","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"12","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170486,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65014 and port 53","epoch_begin":1589741864,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169581164&flow_hash_id=7","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65014","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"13","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64119 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169548649&flow_hash_id=50","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64119","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"14","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170486,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61563 and port 443","epoch_begin":1589741864,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584132&flow_hash_id=14","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61563","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61566 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584900&flow_hash_id=21","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61566","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61569 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585668&flow_hash_id=27","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61569","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61570 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585924&flow_hash_id=28","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61570","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61598 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134549&flow_hash_id=68","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61598","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.34 KB | Client to Server Traffic: 972 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#ffc007","label":"50","value":50},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61572 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169586436&flow_hash_id=31","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61572","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59920 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169522265&flow_hash_id=49","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59920","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 92 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"21","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61606 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465136597&flow_hash_id=77","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61606","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.03 KB | Client to Server Traffic: 582 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#ffc007","label":"50","value":50},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61580 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169588484&flow_hash_id=40","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61580","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"23","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62869 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556324&flow_hash_id=16","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62869","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"24","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62359 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556834&flow_hash_id=22","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62359","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 101 Bytes | Client to Server Traffic: 85 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"25","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 55707 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557832&flow_hash_id=34","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55707","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a771.dscq.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 112 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"26","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61589 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169590788&flow_hash_id=59","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61589","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"27","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65309 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169525614&flow_hash_id=54","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65309","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"28","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61594 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169592068&flow_hash_id=64","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61594","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"29","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63777 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169526632&flow_hash_id=46","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63777","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 143 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"30","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52650 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169561660&flow_hash_id=29","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 96 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"31","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170486,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61739 and port 53","epoch_begin":1589741864,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529184&flow_hash_id=15","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61739","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 128 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"32","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61607 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595396&flow_hash_id=78","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61607","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"33","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61608 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595652&flow_hash_id=79","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61608","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"34","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53807 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169530177&flow_hash_id=25","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53807","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 175 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"35","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61609 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595908&flow_hash_id=80","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61609","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 522 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"36","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61610 and port 443","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169596164&flow_hash_id=81","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61610","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"37","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62012 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169533537&flow_hash_id=17","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62012","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 163 Bytes | Client to Server Traffic: 74 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"38","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170485,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51263 and port 53","epoch_begin":1589741865,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534263&flow_hash_id=47","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51263","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 139 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"39","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170486,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54593 and port 53","epoch_begin":1589741864,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534788&flow_hash_id=13","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54593","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 182 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"40","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 60368 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571418&flow_hash_id=98","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60368","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"41","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64080 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169538665&flow_hash_id=100","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64080","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 167 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"42","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61397 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169572702&flow_hash_id=92","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61397","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 184 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"43","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57066 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169578061&flow_hash_id=93","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57066","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"44","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 49907 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169580337&flow_hash_id=101","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"49907","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 177 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"45","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52734 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169583164&flow_hash_id=95","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52734","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 136 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"46","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52367 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169554747&flow_hash_id=90","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52367","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"47","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59283 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169555798&flow_hash_id=99","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59283","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a221.g.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 109 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"48","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58649 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524564&flow_hash_id=94","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58649","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 121 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"49","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51226 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524791&flow_hash_id=97","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51226","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"50","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54170 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557570&flow_hash_id=91","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54170","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 105 Bytes | Client to Server Traffic: 89 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"51","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63273 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169528678&flow_hash_id=96","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63273","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"52","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64299 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529194&flow_hash_id=89","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64299","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 97 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"53","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56374 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531979&flow_hash_id=102","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56374","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 176 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"54","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61619 and port 443","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598468&flow_hash_id=105","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61619","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"55","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61620 and port 443","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598724&flow_hash_id=106","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61620","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 517 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"56","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61621 and port 443","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598980&flow_hash_id=107","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61621","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"57","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61622 and port 443","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599236&flow_hash_id=108","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61622","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"58","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61623 and port 443","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599492&flow_hash_id=109","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61623","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"59","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61624 and port 443","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599748&flow_hash_id=110","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61624","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 526 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"60","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56898 and port 53","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169535053&flow_hash_id=88","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56898","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 94 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"61","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate Mismatch","value":"23"},"alert_name":" TLS Certificate Mismatch","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Mismatch [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 184.51.127.56 and port 61632 and port 443","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2027748492&flow_hash_id=118","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61632","srv_ip":{"blacklisted":"0","country":"IT","label":"184.51.127.56","label_long":"184.51.127.56","reference":"","value":"184.51.127.56"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 13/08/2019 02:00:00 - 12/08/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.15 KB | Client to Server Traffic: 576 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Mismatch [Score: 100]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"62","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170483,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61650 and port 443","epoch_begin":1589741867,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606404&flow_hash_id=132","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"63","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170483,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61651 and port 443","epoch_begin":1589741867,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606660&flow_hash_id=133","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61651","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"64","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170483,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61657 and port 443","epoch_begin":1589741867,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608196&flow_hash_id=139","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61657","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"65","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170483,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61664 and port 443","epoch_begin":1589741867,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609988&flow_hash_id=146","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61664","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"66","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170483,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61665 and port 443","epoch_begin":1589741867,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610244&flow_hash_id=147","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61665","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"67","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170483,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61667 and port 443","epoch_begin":1589741867,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610756&flow_hash_id=149","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61667","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"68","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61625 and port 443","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600004&flow_hash_id=111","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61625","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"69","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61627 and port 443","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600516&flow_hash_id=113","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61627","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"70","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61628 and port 443","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600772&flow_hash_id=114","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61628","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"71","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170484,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61629 and port 443","epoch_begin":1589741866,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169601028&flow_hash_id=115","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61629","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"72","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170482,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 50013 and port 53","epoch_begin":1589741868,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169541938&flow_hash_id=162","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"50013","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: media.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 178 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"73","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170482,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56544 and port 53","epoch_begin":1589741868,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575499&flow_hash_id=172","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56544","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: fbc.wcfbc.net ] [ Main Direction: Server Client | Server to Client Traffic: 89 Bytes | Client to Server Traffic: 73 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"74","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170482,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61672 and port 443","epoch_begin":1589741868,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612036&flow_hash_id=152","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"75","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170482,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61675 and port 443","epoch_begin":1589741868,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612804&flow_hash_id=155","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61675","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"76","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170482,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61676 and port 443","epoch_begin":1589741868,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613060&flow_hash_id=156","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61676","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"77","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170482,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61678 and port 443","epoch_begin":1589741868,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613572&flow_hash_id=158","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61678","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"78","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170482,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61682 and port 443","epoch_begin":1589741868,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169614596&flow_hash_id=163","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61682","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"79","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170482,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58163 and port 53","epoch_begin":1589741868,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531218&flow_hash_id=165","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58163","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: d.adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"80","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60170482,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63928 and port 53","epoch_begin":1589741868,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169565288&flow_hash_id=169","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63928","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"81","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60170483,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61660 and port 443","epoch_begin":1589741867,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608964&flow_hash_id=142","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61660","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"82","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60170483,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61663 and port 443","epoch_begin":1589741867,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609732&flow_hash_id=145","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61663","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"83","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60170481,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61691 and port 443","epoch_begin":1589741869,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169616900&flow_hash_id=177","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61691","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 512 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"84","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS not carrying HTTPS","value":"46"},"alert_name":" TLS not carrying HTTPS","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS not carrying HTTPS [Score: 10]"},"duration":60170482,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61685 and port 443","epoch_begin":1589741868,"epoch_end":1649912351},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044741801&flow_hash_id=167","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61685","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Client Server | Server to Client Traffic: 1.88 KB | Client to Server Traffic: 2.0 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS not carrying HTTPS [Score: 10]","fullname":"TLS not carrying HTTPS","name":"TLS not carrying HTTPS","value":46},"proto":{"label":"TCP","value":"6"},"row_id":"85","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_tls_not_carrying_https","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/alert_flow_invalid_dns_query_02.out b/tests/e2e/rest/result/v1/alert_flow_invalid_dns_query_02.out index c7e0ac6662..bf898593bf 100644 --- a/tests/e2e/rest/result/v1/alert_flow_invalid_dns_query_02.out +++ b/tests/e2e/rest/result/v1/alert_flow_invalid_dns_query_02.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Error Code Detected [Score: 10]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100]"},"duration":36337644,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 9.9.9.9 and port 59610 and port 53","epoch_begin":1613488852,"epoch_end":1649826497},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"blacklisted":"0","country":"CH","label":"9.9.9.9","label_long":"9.9.9.9","reference":"","value":"9.9.9.9"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NXDOMAIN ] [ URL: adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it ] [ Main Direction: Server Client | Server to Client Traffic: 357 Bytes | Client to Server Traffic: 297 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"120","value":120},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"16/02/2021 17:20:52","value":1613488852},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Error Code Detected [Score: 10]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100]"},"duration":36423575,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 9.9.9.9 and port 59610 and port 53","epoch_begin":1613488852,"epoch_end":1649912428},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"blacklisted":"0","country":"CH","label":"9.9.9.9","label_long":"9.9.9.9","reference":"","value":"9.9.9.9"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NXDOMAIN ] [ URL: adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it ] [ Main Direction: Server Client | Server to Client Traffic: 357 Bytes | Client to Server Traffic: 297 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"120","value":120},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"16/02/2021 17:20:52","value":1613488852},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/alert_flow_risk_dga_01.out b/tests/e2e/rest/result/v1/alert_flow_risk_dga_01.out index f75405d971..6ab29dbc6f 100644 --- a/tests/e2e/rest/result/v1/alert_flow_risk_dga_01.out +++ b/tests/e2e/rest/result/v1/alert_flow_risk_dga_01.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163814022,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649826646},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163813915,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649826646},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163814010,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649826646},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163899952,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649912576},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163899845,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649912576},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163899940,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649912576},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/alert_flow_risk_dga_02.out b/tests/e2e/rest/result/v1/alert_flow_risk_dga_02.out index d40de79b28..0f725baeda 100644 --- a/tests/e2e/rest/result/v1/alert_flow_risk_dga_02.out +++ b/tests/e2e/rest/result/v1/alert_flow_risk_dga_02.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163814097,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649826721},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163813991,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649826722},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163814086,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649826722},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163900027,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649912651},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163899920,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649912651},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163900015,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649912651},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/alert_flow_risk_http_numeric_ip_host.out b/tests/e2e/rest/result/v1/alert_flow_risk_http_numeric_ip_host.out index 1acfc4804e..173638884c 100644 --- a/tests/e2e/rest/result/v1/alert_flow_risk_http_numeric_ip_host.out +++ b/tests/e2e/rest/result/v1/alert_flow_risk_http_numeric_ip_host.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":22,"recordsTotal":22,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479860,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52098 and port 80","epoch_begin":1499346935,"epoch_end":1649826796},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824054532&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52098","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: Not Found ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 13.12 KB | Client to Server Traffic: 2.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:15:35","value":1499346935},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479839,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52200 and port 80","epoch_begin":1499346956,"epoch_end":1649826796},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080644&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52200","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 11.94 KB | Client to Server Traffic: 2.09 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:15:56","value":1499346956},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479819,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52298 and port 80","epoch_begin":1499346976,"epoch_end":1649826796},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040197&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52298","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: Not Found ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 13.12 KB | Client to Server Traffic: 3.05 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479819,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52300 and port 80","epoch_begin":1499346976,"epoch_end":1649826796},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040709&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52300","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/dvwa/js/dvwaPage.js ] [ Main Direction: Server Client | Server to Client Traffic: 6.22 KB | Client to Server Traffic: 1.14 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479441,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56306 and port 80","epoch_begin":1499347355,"epoch_end":1649826797},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824083220&flow_hash_id=226","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"56306","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 7.57 KB | Client to Server Traffic: 2.54 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:22:35","value":1499347355},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150478729,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 35626 and port 80","epoch_begin":1499348068,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824031940&flow_hash_id=642","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"35626","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 79.32 KB | Client to Server Traffic: 26.1 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:34:28","value":1499348068},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150478925,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 33580 and port 80","epoch_begin":1499347872,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824032444&flow_hash_id=531","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"33580","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.38 KB | Client to Server Traffic: 60.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:31:12","value":1499347872},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479569,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54956 and port 80","epoch_begin":1499347228,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065295&flow_hash_id=151","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"54956","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.06 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"8","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:20:28","value":1499347228},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479764,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52910 and port 80","epoch_begin":1499347033,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065799&flow_hash_id=40","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52910","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:17:13","value":1499347033},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479054,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 60464 and port 80","epoch_begin":1499347743,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824033573&flow_hash_id=457","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"60464","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.13 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:29:03","value":1499347743},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479700,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 53584 and port 80","epoch_begin":1499347097,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041738&flow_hash_id=77","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"53584","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.19 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"11","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:18:17","value":1499347097},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479506,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 55632 and port 80","epoch_begin":1499347291,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041746&flow_hash_id=189","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"55632","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"12","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:21:31","value":1499347291},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479313,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 57684 and port 80","epoch_begin":1499347484,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042778&flow_hash_id=303","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"57684","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.12 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"13","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:24:44","value":1499347484},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479122,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59732 and port 80","epoch_begin":1499347675,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042786&flow_hash_id=418","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"59732","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.03 KB | Client to Server Traffic: 60.84 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"14","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:27:55","value":1499347675},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479821,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52318 and port 80","epoch_begin":1499346976,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824045317&flow_hash_id=10","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52318","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/favicon.ico ] [ Main Direction: Server Client | Server to Client Traffic: 2.0 KB | Client to Server Traffic: 696 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150478858,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34278 and port 80","epoch_begin":1499347939,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080062&flow_hash_id=568","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"34278","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.12 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:32:19","value":1499347939},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479250,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 58360 and port 80","epoch_begin":1499347547,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824084764&flow_hash_id=341","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"58360","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.38 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:25:47","value":1499347547},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150478795,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34940 and port 80","epoch_begin":1499348002,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824052929&flow_hash_id=605","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"34940","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.04 KB | Client to Server Traffic: 60.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:33:22","value":1499348002},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479634,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54268 and port 80","epoch_begin":1499347163,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824085772&flow_hash_id=113","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"54268","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.14 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:19:23","value":1499347163},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150478990,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 32906 and port 80","epoch_begin":1499347807,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824056505&flow_hash_id=494","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"32906","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:30:07","value":1499347807},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479378,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56994 and port 80","epoch_begin":1499347419,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062743&flow_hash_id=264","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"56994","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"21","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:23:39","value":1499347419},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150479186,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59042 and port 80","epoch_begin":1499347611,"epoch_end":1649826798},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062751&flow_hash_id=379","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"59042","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.19 KB | Client to Server Traffic: 61.44 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:26:51","value":1499347611},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":22,"recordsTotal":22,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565790,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52098 and port 80","epoch_begin":1499346935,"epoch_end":1649912726},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824054532&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52098","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: Not Found ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 13.12 KB | Client to Server Traffic: 2.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:15:35","value":1499346935},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565769,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52200 and port 80","epoch_begin":1499346956,"epoch_end":1649912726},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080644&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52200","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 11.94 KB | Client to Server Traffic: 2.09 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:15:56","value":1499346956},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565749,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52298 and port 80","epoch_begin":1499346976,"epoch_end":1649912726},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040197&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52298","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: Not Found ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 13.12 KB | Client to Server Traffic: 3.05 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565749,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52300 and port 80","epoch_begin":1499346976,"epoch_end":1649912726},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040709&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52300","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/dvwa/js/dvwaPage.js ] [ Main Direction: Server Client | Server to Client Traffic: 6.22 KB | Client to Server Traffic: 1.14 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565371,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56306 and port 80","epoch_begin":1499347355,"epoch_end":1649912727},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824083220&flow_hash_id=226","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"56306","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 7.57 KB | Client to Server Traffic: 2.54 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:22:35","value":1499347355},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150564660,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 35626 and port 80","epoch_begin":1499348068,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824031940&flow_hash_id=642","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"35626","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 79.32 KB | Client to Server Traffic: 26.1 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:34:28","value":1499348068},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150564856,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 33580 and port 80","epoch_begin":1499347872,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824032444&flow_hash_id=531","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"33580","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.38 KB | Client to Server Traffic: 60.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:31:12","value":1499347872},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565500,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54956 and port 80","epoch_begin":1499347228,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065295&flow_hash_id=151","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"54956","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.06 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"8","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:20:28","value":1499347228},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565695,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52910 and port 80","epoch_begin":1499347033,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065799&flow_hash_id=40","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52910","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:17:13","value":1499347033},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150564985,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 60464 and port 80","epoch_begin":1499347743,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824033573&flow_hash_id=457","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"60464","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.13 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:29:03","value":1499347743},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565631,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 53584 and port 80","epoch_begin":1499347097,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041738&flow_hash_id=77","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"53584","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.19 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"11","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:18:17","value":1499347097},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565437,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 55632 and port 80","epoch_begin":1499347291,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041746&flow_hash_id=189","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"55632","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"12","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:21:31","value":1499347291},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565244,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 57684 and port 80","epoch_begin":1499347484,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042778&flow_hash_id=303","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"57684","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.12 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"13","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:24:44","value":1499347484},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565053,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59732 and port 80","epoch_begin":1499347675,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042786&flow_hash_id=418","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"59732","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.03 KB | Client to Server Traffic: 60.84 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"14","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:27:55","value":1499347675},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565752,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52318 and port 80","epoch_begin":1499346976,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824045317&flow_hash_id=10","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52318","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/favicon.ico ] [ Main Direction: Server Client | Server to Client Traffic: 2.0 KB | Client to Server Traffic: 696 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150564789,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34278 and port 80","epoch_begin":1499347939,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080062&flow_hash_id=568","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"34278","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.12 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:32:19","value":1499347939},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565181,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 58360 and port 80","epoch_begin":1499347547,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824084764&flow_hash_id=341","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"58360","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.38 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:25:47","value":1499347547},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150564726,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34940 and port 80","epoch_begin":1499348002,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824052929&flow_hash_id=605","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"34940","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.04 KB | Client to Server Traffic: 60.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:33:22","value":1499348002},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565565,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54268 and port 80","epoch_begin":1499347163,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824085772&flow_hash_id=113","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"54268","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.14 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:19:23","value":1499347163},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150564921,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 32906 and port 80","epoch_begin":1499347807,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824056505&flow_hash_id=494","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"32906","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:30:07","value":1499347807},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565309,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56994 and port 80","epoch_begin":1499347419,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062743&flow_hash_id=264","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"56994","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"21","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:23:39","value":1499347419},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150565117,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59042 and port 80","epoch_begin":1499347611,"epoch_end":1649912729},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062751&flow_hash_id=379","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"59042","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.19 KB | Client to Server Traffic: 61.44 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:26:51","value":1499347611},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/alert_flow_risk_missing_tls_sni.out b/tests/e2e/rest/result/v1/alert_flow_risk_missing_tls_sni.out index 8133c50d05..4228454015 100644 --- a/tests/e2e/rest/result/v1/alert_flow_risk_missing_tls_sni.out +++ b/tests/e2e/rest/result/v1/alert_flow_risk_missing_tls_sni.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
TLS not carrying HTTPS [Score: 10]"},"alert_id":{"label":" Missing TLS SNI","value":"54"},"alert_name":" Missing TLS SNI","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Missing TLS SNI [Score: 50]"},"duration":92008028,"family":"flow","filter":{"bpf":"host 10.206.131.18 and host 10.206.65.249 and port 58657 and port 443","epoch_begin":1557818846,"epoch_end":1649826875},"flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"10.206.131.18","label_long":"10.206.131.18","reference":"","value":"10.206.131.18"},"cli_port":"58657","srv_ip":{"blacklisted":"0","country":"","label":"10.206.65.249","label_long":"10.206.65.249","reference":"","value":"10.206.65.249"},"srv_port":"443","vlan":{"label":"258","title":"258","value":258}},"flow_related_info":{"descr":" [ TLS Certificate Validity: 29/11/2018 20:57:22 - 29/11/2023 20:57:22 ] [ Cipher State: safe ] [ Main Direction: Server Client | Server to Client Traffic: 3.89 KB | Client to Server Traffic: 1.12 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Missing TLS SNI [Score: 50]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"14/05/2019 09:27:26","value":1557818846},"vlan_id":"258"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
TLS not carrying HTTPS [Score: 10]"},"alert_id":{"label":" Missing TLS SNI","value":"54"},"alert_name":" Missing TLS SNI","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Missing TLS SNI [Score: 50]"},"duration":92093958,"family":"flow","filter":{"bpf":"host 10.206.131.18 and host 10.206.65.249 and port 58657 and port 443","epoch_begin":1557818846,"epoch_end":1649912805},"flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"10.206.131.18","label_long":"10.206.131.18","reference":"","value":"10.206.131.18"},"cli_port":"58657","srv_ip":{"blacklisted":"0","country":"","label":"10.206.65.249","label_long":"10.206.65.249","reference":"","value":"10.206.65.249"},"srv_port":"443","vlan":{"label":"258","title":"258","value":258}},"flow_related_info":{"descr":" [ TLS Certificate Validity: 29/11/2018 20:57:22 - 29/11/2023 20:57:22 ] [ Cipher State: safe ] [ Main Direction: Server Client | Server to Client Traffic: 3.89 KB | Client to Server Traffic: 1.12 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Missing TLS SNI [Score: 50]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"09:27:26","value":1557818846},"vlan_id":"258"}]}} diff --git a/tests/e2e/rest/result/v1/alert_flow_risk_unsafe_protocol.out b/tests/e2e/rest/result/v1/alert_flow_risk_unsafe_protocol.out index 1d3ff7c7ae..527e0a614b 100644 --- a/tests/e2e/rest/result/v1/alert_flow_risk_unsafe_protocol.out +++ b/tests/e2e/rest/result/v1/alert_flow_risk_unsafe_protocol.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":10,"recordsTotal":10,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate About To Expire [Score: 50]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266005281,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51110 and port 443","epoch_begin":1383821665,"epoch_end":1649826947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473481660&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51110","srv_ip":{"blacklisted":"0","country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"","value":"91.143.93.242"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/10/2013 02:00:00 - 19/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.ct7ctrgb6cr7.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 2.63 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"160","value":160},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:25","value":1383821665},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.e6r5p57kbafwrxj3plz.com [Score: 100]"},"duration":266005280,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 46.59.52.31 and port 51111 and port 443","epoch_begin":1383821666,"epoch_end":1649826947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4007958761&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51111","srv_ip":{"blacklisted":"0","country":"SE","label":"www.e6r5p57kbafwrxj3plz.…","label_long":"www.e6r5p57kbafwrxj3plz.com","name":"www.e6r5p57kbafwrxj3plz.com","reference":"","value":"46.59.52.31"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/06/2013 02:00:00 - 07/02/2014 02:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.e6r5p57kbafwrxj3plz.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 2.63 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.e6r5p57kbafwrxj3plz.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:26","value":1383821666},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.q4cyamnc6mtokjurvdclt.com [Score: 100]"},"duration":266005278,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51112 and port 443","epoch_begin":1383821668,"epoch_end":1649826947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884887039&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51112","srv_ip":{"blacklisted":"0","country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"","value":"38.229.70.53"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/09/2013 02:00:00 - 22/02/2014 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.q4cyamnc6mtokjurvdclt.com ] [ Main Direction: Server Client | Server to Client Traffic: 1.19 KB | Client to Server Traffic: 784 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.q4cyamnc6mtokjurvdclt.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:28","value":1383821668},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266005273,"family":"flow","filter":{"bpf":"host 192.168.1.1 and host 192.168.1.255 and port 17500 and port 17500","epoch_begin":1383821673,"epoch_end":1649826947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169551769&flow_hash_id=3","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"cli_port":"17500","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"","value":"192.168.1.255"},"srv_port":"17500"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 186 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"Dropbox","label":"UDP:Dropbox","value":"121"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:54:33","value":1383821673},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266005253,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 192.168.1.255 and port 138 and port 138","epoch_begin":1383821693,"epoch_end":1649826947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575436&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"138","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"","value":"192.168.1.255"},"srv_port":"138"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 252 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"NetBIOS.SMBv1","label":"UDP:NetBIOS.SMBv1","value":"16"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:54:53","value":1383821693},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
TLS Certificate About To Expire [Score: 50]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.gfu7hbxpfp.com [Score: 100]"},"duration":266004818,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51175 and port 443","epoch_begin":1383822129,"epoch_end":1649826948},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473498300&flow_hash_id=7","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51175","srv_ip":{"blacklisted":"0","country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"","value":"91.143.93.242"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/10/2013 02:00:00 - 19/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.gfu7hbxpfp.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.73 KB | Client to Server Traffic: 3.25 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.gfu7hbxpfp.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ff3231","label":"280","value":280},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate About To Expire [Score: 50]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266004818,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 212.83.155.250 and port 51174 and port 443","epoch_begin":1383822129,"epoch_end":1649826948},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2499624900&flow_hash_id=6","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51174","srv_ip":{"blacklisted":"0","country":"FR","label":"www.t3i3ru.com","label_long":"www.t3i3ru.com","name":"www.t3i3ru.com","reference":"","value":"212.83.155.250"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 11/09/2013 02:00:00 - 25/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.t3i3ru.com ] [ Main Direction: Server Client | Server to Client Traffic: 5.85 KB | Client to Server Traffic: 3.43 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#ff3231","label":"160","value":160},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266004817,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51176 and port 443","epoch_begin":1383822130,"epoch_end":1649826948},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884903423&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51176","srv_ip":{"blacklisted":"0","country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"","value":"38.229.70.53"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/09/2013 02:00:00 - 22/02/2014 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.jmts2id.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.59 KB | Client to Server Traffic: 2.69 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"8","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:10","value":1383822130},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266004757,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 62.210.137.230 and port 51185 and port 443","epoch_begin":1383822190,"epoch_end":1649826948},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4286331056&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51185","srv_ip":{"blacklisted":"0","country":"FR","label":"www.6gyip7tqim7sieb.com","label_long":"www.6gyip7tqim7sieb.com","name":"www.6gyip7tqim7sieb.com","reference":"","value":"62.210.137.230"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 02/11/2013 02:00:00 - 17/02/2014 02:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.6gyip7tqim7sieb.com ] [ Main Direction: Server Client | Server to Client Traffic: 5.21 KB | Client to Server Traffic: 3.31 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:03:10","value":1383822190},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266005213,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 157.56.30.46 and port 51104 and port 443","epoch_begin":1383821734,"epoch_end":1649826948},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1575058424&flow_hash_id=5","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51104","srv_ip":{"blacklisted":"0","country":"US","label":"157.56.30.46","label_long":"157.56.30.46","reference":"","value":"157.56.30.46"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 60 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Azure","label":"TCP:TLS.Azure","value":"276"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:55:34","value":1383821734},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":10,"recordsTotal":10,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate About To Expire [Score: 50]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266091215,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51110 and port 443","epoch_begin":1383821665,"epoch_end":1649912881},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473481660&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51110","srv_ip":{"blacklisted":"0","country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"","value":"91.143.93.242"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/10/2013 02:00:00 - 19/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.ct7ctrgb6cr7.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 2.63 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"160","value":160},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:25","value":1383821665},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.e6r5p57kbafwrxj3plz.com [Score: 100]"},"duration":266091214,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 46.59.52.31 and port 51111 and port 443","epoch_begin":1383821666,"epoch_end":1649912881},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4007958761&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51111","srv_ip":{"blacklisted":"0","country":"SE","label":"www.e6r5p57kbafwrxj3plz.…","label_long":"www.e6r5p57kbafwrxj3plz.com","name":"www.e6r5p57kbafwrxj3plz.com","reference":"","value":"46.59.52.31"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/06/2013 02:00:00 - 07/02/2014 02:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.e6r5p57kbafwrxj3plz.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 2.63 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.e6r5p57kbafwrxj3plz.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:26","value":1383821666},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.q4cyamnc6mtokjurvdclt.com [Score: 100]"},"duration":266091212,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51112 and port 443","epoch_begin":1383821668,"epoch_end":1649912881},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884887039&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51112","srv_ip":{"blacklisted":"0","country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"","value":"38.229.70.53"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/09/2013 02:00:00 - 22/02/2014 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.q4cyamnc6mtokjurvdclt.com ] [ Main Direction: Server Client | Server to Client Traffic: 1.19 KB | Client to Server Traffic: 784 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.q4cyamnc6mtokjurvdclt.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:28","value":1383821668},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266091207,"family":"flow","filter":{"bpf":"host 192.168.1.1 and host 192.168.1.255 and port 17500 and port 17500","epoch_begin":1383821673,"epoch_end":1649912881},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169551769&flow_hash_id=3","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"cli_port":"17500","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"","value":"192.168.1.255"},"srv_port":"17500"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 186 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"Dropbox","label":"UDP:Dropbox","value":"121"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:54:33","value":1383821673},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266091187,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 192.168.1.255 and port 138 and port 138","epoch_begin":1383821693,"epoch_end":1649912881},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575436&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"138","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"","value":"192.168.1.255"},"srv_port":"138"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 252 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"NetBIOS.SMBv1","label":"UDP:NetBIOS.SMBv1","value":"16"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:54:53","value":1383821693},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
TLS Certificate About To Expire [Score: 50]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.gfu7hbxpfp.com [Score: 100]"},"duration":266090751,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51175 and port 443","epoch_begin":1383822129,"epoch_end":1649912881},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473498300&flow_hash_id=7","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51175","srv_ip":{"blacklisted":"0","country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"","value":"91.143.93.242"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/10/2013 02:00:00 - 19/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.gfu7hbxpfp.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.73 KB | Client to Server Traffic: 3.25 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.gfu7hbxpfp.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ff3231","label":"280","value":280},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate About To Expire [Score: 50]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266090751,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 212.83.155.250 and port 51174 and port 443","epoch_begin":1383822129,"epoch_end":1649912881},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2499624900&flow_hash_id=6","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51174","srv_ip":{"blacklisted":"0","country":"FR","label":"www.t3i3ru.com","label_long":"www.t3i3ru.com","name":"www.t3i3ru.com","reference":"","value":"212.83.155.250"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 11/09/2013 02:00:00 - 25/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.t3i3ru.com ] [ Main Direction: Server Client | Server to Client Traffic: 5.85 KB | Client to Server Traffic: 3.43 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#ff3231","label":"160","value":160},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266090750,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51176 and port 443","epoch_begin":1383822130,"epoch_end":1649912881},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884903423&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51176","srv_ip":{"blacklisted":"0","country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"","value":"38.229.70.53"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/09/2013 02:00:00 - 22/02/2014 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.jmts2id.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.59 KB | Client to Server Traffic: 2.69 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"8","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:10","value":1383822130},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266090690,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 62.210.137.230 and port 51185 and port 443","epoch_begin":1383822190,"epoch_end":1649912881},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4286331056&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51185","srv_ip":{"blacklisted":"0","country":"FR","label":"www.6gyip7tqim7sieb.com","label_long":"www.6gyip7tqim7sieb.com","name":"www.6gyip7tqim7sieb.com","reference":"","value":"62.210.137.230"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 02/11/2013 02:00:00 - 17/02/2014 02:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.6gyip7tqim7sieb.com ] [ Main Direction: Server Client | Server to Client Traffic: 5.21 KB | Client to Server Traffic: 3.31 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:03:10","value":1383822190},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266091146,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 157.56.30.46 and port 51104 and port 443","epoch_begin":1383821734,"epoch_end":1649912881},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1575058424&flow_hash_id=5","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51104","srv_ip":{"blacklisted":"0","country":"US","label":"157.56.30.46","label_long":"157.56.30.46","reference":"","value":"157.56.30.46"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 60 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Azure","label":"TCP:TLS.Azure","value":"276"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:55:34","value":1383821734},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/alert_tls_certificate_expired.out b/tests/e2e/rest/result/v1/alert_tls_certificate_expired.out index 68f7c5e42f..67e784b1c5 100644 --- a/tests/e2e/rest/result/v1/alert_tls_certificate_expired.out +++ b/tests/e2e/rest/result/v1/alert_tls_certificate_expired.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":27267190,"family":"flow","filter":{"bpf":"host 192.168.2.126 and host 104.111.215.93 and port 60174 and port 443","epoch_begin":1622559830,"epoch_end":1649827021},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.2.126","label_long":"192.168.2.126","reference":"","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"blacklisted":"0","country":"DE","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"104.111.215.93"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/03/2019 02:00:00 - 05/05/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 106.51 KB | Client to Server Traffic: 8.34 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"01/06/2021 17:03:50","value":1622559830},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":27353125,"family":"flow","filter":{"bpf":"host 192.168.2.126 and host 104.111.215.93 and port 60174 and port 443","epoch_begin":1622559830,"epoch_end":1649912956},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.2.126","label_long":"192.168.2.126","reference":"","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"blacklisted":"0","country":"DE","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"104.111.215.93"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/03/2019 02:00:00 - 05/05/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 106.51 KB | Client to Server Traffic: 8.34 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"01/06/2021 17:03:50","value":1622559830},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/alert_tls_certificate_selfsigned.out b/tests/e2e/rest/result/v1/alert_tls_certificate_selfsigned.out index a1a612889d..350b69db23 100644 --- a/tests/e2e/rest/result/v1/alert_tls_certificate_selfsigned.out +++ b/tests/e2e/rest/result/v1/alert_tls_certificate_selfsigned.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate Self-signed [Score: 100]
Application on Non-Standard Port [Score: 50]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"127.0.0.0/8","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60905449,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 51607 and port 3001","epoch_begin":1588921646,"epoch_end":1649827096},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"srv_port":"3001"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/10/2015 17:55:47 - 09/10/2016 17:55:47 ] [ Cipher State: safe ] [ Requested Server Name: localhost ] [ Main Direction: Server Client | Server to Client Traffic: 2.29 KB | Client to Server Traffic: 1.39 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"127.0.0.0/8","value":"0"},"tstamp":{"highlight":"#ff3231","label":"08/05/2020 09:07:26","value":1588921646},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate Self-signed [Score: 100]
Application on Non-Standard Port [Score: 50]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"127.0.0.0/8","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60991384,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 51607 and port 3001","epoch_begin":1588921646,"epoch_end":1649913031},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"srv_port":"3001"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/10/2015 17:55:47 - 09/10/2016 17:55:47 ] [ Cipher State: safe ] [ Requested Server Name: localhost ] [ Main Direction: Server Client | Server to Client Traffic: 2.29 KB | Client to Server Traffic: 1.39 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"127.0.0.0/8","value":"0"},"tstamp":{"highlight":"#ff3231","label":"08/05/2020 09:07:26","value":1588921646},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/alert_web_mining.out b/tests/e2e/rest/result/v1/alert_web_mining.out index 910d9deb82..9f8fedef5c 100644 --- a/tests/e2e/rest/result/v1/alert_web_mining.out +++ b/tests/e2e/rest/result/v1/alert_web_mining.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":6,"recordsTotal":6,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348499233,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 188.165.213.169 and port 55317 and port 8333","epoch_begin":1301327937,"epoch_end":1649827171},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2102295093&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55317","srv_ip":{"blacklisted":"0","country":"FR","label":"188.165.213.169","label_long":"188.165.213.169","reference":"","value":"188.165.213.169"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 1.73 KB | Client to Server Traffic: 1.21 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:58:57","value":1301327937},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348499081,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 69.118.54.122 and port 55328 and port 8333","epoch_begin":1301328089,"epoch_end":1649827171},"flow":{"active_url":"/lua/flow_details.lua?flow_key=102688262&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55328","srv_ip":{"blacklisted":"0","country":"US","label":"69.118.54.122","label_long":"69.118.54.122","reference":"","value":"69.118.54.122"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:01:29","value":1301328089},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348498851,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 74.89.181.229 and port 55348 and port 8333","epoch_begin":1301328319,"epoch_end":1649827171},"flow":{"active_url":"/lua/flow_details.lua?flow_key=184711537&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55348","srv_ip":{"blacklisted":"0","country":"US","label":"74.89.181.229","label_long":"74.89.181.229","reference":"","value":"74.89.181.229"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 257 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:05:19","value":1301328319},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348498699,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 66.68.83.22 and port 55383 and port 8333","epoch_begin":1301328472,"epoch_end":1649827172},"flow":{"active_url":"/lua/flow_details.lua?flow_key=49101218&flow_hash_id=3","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55383","srv_ip":{"blacklisted":"0","country":"US","label":"66.68.83.22","label_long":"66.68.83.22","reference":"","value":"66.68.83.22"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:07:52","value":1301328472},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348498472,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 195.218.16.178 and port 55400 and port 8333","epoch_begin":1301328699,"epoch_end":1649827172},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2223179838&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55400","srv_ip":{"blacklisted":"0","country":"LU","label":"195.218.16.178","label_long":"195.218.16.178","reference":"","value":"195.218.16.178"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 257 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:11:39","value":1301328699},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348497867,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 184.58.165.119 and port 55487 and port 8333","epoch_begin":1301329304,"epoch_end":1649827172},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2028205059&flow_hash_id=5","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55487","srv_ip":{"blacklisted":"0","country":"US","label":"184.58.165.119","label_long":"184.58.165.119","reference":"","value":"184.58.165.119"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:21:44","value":1301329304},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":6,"recordsTotal":6,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348585168,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 188.165.213.169 and port 55317 and port 8333","epoch_begin":1301327937,"epoch_end":1649913106},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2102295093&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55317","srv_ip":{"blacklisted":"0","country":"FR","label":"188.165.213.169","label_long":"188.165.213.169","reference":"","value":"188.165.213.169"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 1.73 KB | Client to Server Traffic: 1.21 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:58:57","value":1301327937},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348585016,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 69.118.54.122 and port 55328 and port 8333","epoch_begin":1301328089,"epoch_end":1649913106},"flow":{"active_url":"/lua/flow_details.lua?flow_key=102688262&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55328","srv_ip":{"blacklisted":"0","country":"US","label":"69.118.54.122","label_long":"69.118.54.122","reference":"","value":"69.118.54.122"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:01:29","value":1301328089},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348584786,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 74.89.181.229 and port 55348 and port 8333","epoch_begin":1301328319,"epoch_end":1649913106},"flow":{"active_url":"/lua/flow_details.lua?flow_key=184711537&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55348","srv_ip":{"blacklisted":"0","country":"US","label":"74.89.181.229","label_long":"74.89.181.229","reference":"","value":"74.89.181.229"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 257 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:05:19","value":1301328319},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348584633,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 66.68.83.22 and port 55383 and port 8333","epoch_begin":1301328472,"epoch_end":1649913106},"flow":{"active_url":"/lua/flow_details.lua?flow_key=49101218&flow_hash_id=3","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55383","srv_ip":{"blacklisted":"0","country":"US","label":"66.68.83.22","label_long":"66.68.83.22","reference":"","value":"66.68.83.22"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:07:52","value":1301328472},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348584406,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 195.218.16.178 and port 55400 and port 8333","epoch_begin":1301328699,"epoch_end":1649913106},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2223179838&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55400","srv_ip":{"blacklisted":"0","country":"LU","label":"195.218.16.178","label_long":"195.218.16.178","reference":"","value":"195.218.16.178"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 257 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:11:39","value":1301328699},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348583801,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 184.58.165.119 and port 55487 and port 8333","epoch_begin":1301329304,"epoch_end":1649913106},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2028205059&flow_hash_id=5","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55487","srv_ip":{"blacklisted":"0","country":"US","label":"184.58.165.119","label_long":"184.58.165.119","reference":"","value":"184.58.165.119"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:21:44","value":1301329304},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/get_alert_data_01.out b/tests/e2e/rest/result/v1/get_alert_data_01.out index 40bcca03c7..604147cef4 100644 --- a/tests/e2e/rest/result/v1/get_alert_data_01.out +++ b/tests/e2e/rest/result/v1/get_alert_data_01.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":137,"recordsTotal":137,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51409 and port 53","epoch_begin":1589741864,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571639&flow_hash_id=6","cli_ip":{"country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"51409","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62064 and port 53","epoch_begin":1589741864,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546849&flow_hash_id=10","cli_ip":{"country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"62064","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.28 and port 5353 and port 5353","epoch_begin":1589741864,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169623730&flow_hash_id=5","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"5353","srv_ip":{"country":"","label":"192.168.1.28","label_long":"192.168.1.28","reference":"","value":"192.168.1.28"},"srv_port":"5353"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 320 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"MDNS","label":"UDP:MDNS","value":"8"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51784 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536569&flow_hash_id=52","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51784","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: partner.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 88 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57672 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536592&flow_hash_id=51","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57672","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 295 Bytes | Client to Server Traffic: 86 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64331 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169537386&flow_hash_id=18","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64331","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 230 Bytes | Client to Server Traffic: 72 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"6","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64210 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571945&flow_hash_id=53","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64210","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 98 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"7","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62168 and port 53","epoch_begin":1589741864,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169573473&flow_hash_id=8","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62168","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61604 and port 80","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267400252&flow_hash_id=74","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61604","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61567 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753284184&flow_hash_id=23","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61567","srv_ip":{"country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 177.42 KB | Client to Server Traffic: 7.11 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61605 and port 80","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267400508&flow_hash_id=75","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61605","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"11","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56927 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169542477&flow_hash_id=57","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56927","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 129 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"12","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61611 and port 80","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402044&flow_hash_id=82","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61611","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"13","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.122 and port 61564 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465125838&flow_hash_id=19","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61564","srv_ip":{"country":"CH","label":"oasjs.kataweb.it","label_long":"oasjs.kataweb.it","name":"oasjs.kataweb.it","reference":"","value":"13.224.102.122"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 71.75 KB | Client to Server Traffic: 4.1 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"14","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.127 and port 61565 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465126099&flow_hash_id=20","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61565","srv_ip":{"country":"CH","label":"scripts.kataweb.it","label_long":"scripts.kataweb.it","name":"scripts.kataweb.it","reference":"","value":"13.224.102.127"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.9 KB | Client to Server Traffic: 1.72 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.119 and port 61568 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465126859&flow_hash_id=26","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61568","srv_ip":{"country":"CH","label":"scripts.repubblica.it","label_long":"scripts.repubblica.it","name":"scripts.repubblica.it","reference":"","value":"13.224.102.119"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.36 KB | Client to Server Traffic: 2.82 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 34.252.198.143 and port 61600 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3819316195&flow_hash_id=70","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61600","srv_ip":{"country":"IE","label":"secure-it.imrworldwide.c…","label_long":"secure-it.imrworldwide.com","name":"secure-it.imrworldwide.com","reference":"","value":"34.252.198.143"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 21/01/2020 02:00:00 - 24/02/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.75 KB | Client to Server Traffic: 913 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54636 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169545796&flow_hash_id=48","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54636","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 186 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"18","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64109 and port 53","epoch_begin":1589741864,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546089&flow_hash_id=9","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64109","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"19","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.94 and port 61571 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465127602&flow_hash_id=30","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61571","srv_ip":{"country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.94"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 28.32 KB | Client to Server Traffic: 11.77 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53871 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546561&flow_hash_id=76","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53871","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"21","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61592 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753290584&flow_hash_id=62","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61592","srv_ip":{"country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: staticxx.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52340 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169547835&flow_hash_id=24","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52340","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"23","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61593 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753290840&flow_hash_id=63","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61593","srv_ip":{"country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 907 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"24","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61561 and port 443","epoch_begin":1589741864,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488910256&flow_hash_id=11","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61561","srv_ip":{"country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.64 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"25","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65014 and port 53","epoch_begin":1589741864,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169581164&flow_hash_id=7","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65014","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"26","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61562 and port 443","epoch_begin":1589741864,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488910512&flow_hash_id=12","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61562","srv_ip":{"country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 102.97 KB | Client to Server Traffic: 5.49 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"27","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64119 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169548649&flow_hash_id=50","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64119","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"28","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61579 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689156813&flow_hash_id=39","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61579","srv_ip":{"country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 105.32 KB | Client to Server Traffic: 4.02 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"29","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.22 and port 61586 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131370&flow_hash_id=55","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61586","srv_ip":{"country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.22"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.13 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"30","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.122 and port 61587 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131726&flow_hash_id=56","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61587","srv_ip":{"country":"CH","label":"oasjs.kataweb.it","label_long":"oasjs.kataweb.it","name":"oasjs.kataweb.it","reference":"","value":"13.224.102.122"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.59 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"31","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.127 and port 61588 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131987&flow_hash_id=58","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61588","srv_ip":{"country":"CH","label":"scripts.kataweb.it","label_long":"scripts.kataweb.it","name":"scripts.kataweb.it","reference":"","value":"13.224.102.127"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.25 KB | Client to Server Traffic: 905 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"32","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61563 and port 443","epoch_begin":1589741864,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584132&flow_hash_id=14","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61563","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"33","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61566 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584900&flow_hash_id=21","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61566","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"34","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.58 and port 61595 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465133710&flow_hash_id=65","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61595","srv_ip":{"country":"CH","label":"oasjs.repubblica.it","label_long":"oasjs.repubblica.it","name":"oasjs.repubblica.it","reference":"","value":"13.224.102.58"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.59 KB | Client to Server Traffic: 906 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"35","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61591 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689159885&flow_hash_id=61","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61591","srv_ip":{"country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.39 KB | Client to Server Traffic: 835 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"36","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.116 and port 61596 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134024&flow_hash_id=66","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61596","srv_ip":{"country":"CH","label":"data.kataweb.it","label_long":"data.kataweb.it","name":"data.kataweb.it","reference":"","value":"13.224.102.116"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 23/03/2020 13:22:07 - 21/06/2020 13:22:07 ] [ Cipher State: safe ] [ Requested Server Name: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.11 KB | Client to Server Traffic: 902 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"37","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61569 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585668&flow_hash_id=27","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61569","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"38","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61570 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585924&flow_hash_id=28","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61570","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"39","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61598 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134549&flow_hash_id=68","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61598","srv_ip":{"country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.34 KB | Client to Server Traffic: 972 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"40","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61572 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169586436&flow_hash_id=31","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61572","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"41","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.103.79 and port 61599 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465135011&flow_hash_id=69","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61599","srv_ip":{"country":"CH","label":"login.kataweb.it","label_long":"login.kataweb.it","name":"login.kataweb.it","reference":"","value":"13.224.103.79"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/04/2020 10:23:21 - 09/07/2020 10:23:21 ] [ Cipher State: safe ] [ Requested Server Name: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.12 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"42","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61573 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477362905&flow_hash_id=32","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61573","srv_ip":{"country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 05/03/2020 02:00:00 - 06/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 5.32 KB | Client to Server Traffic: 2.29 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"43","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.8 and port 61602 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465135452&flow_hash_id=72","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61602","srv_ip":{"country":"CH","label":"tvzap.kataweb.it","label_long":"tvzap.kataweb.it","name":"tvzap.kataweb.it","reference":"","value":"13.224.102.8"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 04/04/2020 14:21:29 - 03/07/2020 14:21:29 ] [ Cipher State: safe ] [ Requested Server Name: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.11 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"44","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61574 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477363161&flow_hash_id=33","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61574","srv_ip":{"country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 26/03/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 4.89 KB | Client to Server Traffic: 2.15 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"45","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59920 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169522265&flow_hash_id=49","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59920","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 92 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"46","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61606 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465136597&flow_hash_id=77","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61606","srv_ip":{"country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.03 KB | Client to Server Traffic: 582 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"47","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61580 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169588484&flow_hash_id=40","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61580","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"48","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62869 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556324&flow_hash_id=16","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62869","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"49","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62359 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556834&flow_hash_id=22","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62359","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 101 Bytes | Client to Server Traffic: 85 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"50","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 55707 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557832&flow_hash_id=34","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55707","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a771.dscq.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 112 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"51","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61589 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169590788&flow_hash_id=59","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61589","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"52","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65309 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169525614&flow_hash_id=54","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65309","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"53","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61590 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477367257&flow_hash_id=60","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61590","srv_ip":{"country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 05/03/2020 02:00:00 - 06/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 4.14 KB | Client to Server Traffic: 800 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"54","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61594 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169592068&flow_hash_id=64","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61594","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"55","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63777 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169526632&flow_hash_id=46","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63777","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 143 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"56","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52650 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169561660&flow_hash_id=29","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52650","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 96 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"57","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61739 and port 53","epoch_begin":1589741864,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529184&flow_hash_id=15","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61739","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 128 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"58","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61607 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595396&flow_hash_id=78","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61607","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"59","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61608 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595652&flow_hash_id=79","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61608","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"60","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53807 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169530177&flow_hash_id=25","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53807","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 175 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"61","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61609 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595908&flow_hash_id=80","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61609","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"62","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61610 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169596164&flow_hash_id=81","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61610","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"63","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 213.92.16.78 and port 61597 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2516937378&flow_hash_id=67","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61597","srv_ip":{"country":"IT","label":"adagiof3.repubblica.it","label_long":"adagiof3.repubblica.it","name":"adagiof3.repubblica.it","reference":"","value":"213.92.16.78"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 11/04/2020 09:21:29 - 10/07/2020 09:21:29 ] [ Cipher State: safe ] [ Requested Server Name: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 3.33 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"64","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62012 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169533537&flow_hash_id=17","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62012","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 163 Bytes | Client to Server Traffic: 74 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"65","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61601 and port 443","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044720297&flow_hash_id=71","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61601","srv_ip":{"country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/12/2019 16:36:04 - 19/01/2021 15:11:04 ] [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.15 KB | Client to Server Traffic: 935 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"66","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61575 and port 80","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267392828&flow_hash_id=35","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61575","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"67","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51263 and port 53","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534263&flow_hash_id=47","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51263","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 139 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"68","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651917,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54593 and port 53","epoch_begin":1589741864,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534788&flow_hash_id=13","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54593","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 182 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"69","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61581 and port 80","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394364&flow_hash_id=41","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61581","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"70","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61582 and port 80","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394620&flow_hash_id=42","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61582","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"71","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61583 and port 80","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394876&flow_hash_id=43","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61583","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"72","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61584 and port 80","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267395132&flow_hash_id=44","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61584","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"73","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61585 and port 80","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267395388&flow_hash_id=45","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61585","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"74","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 60368 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571418&flow_hash_id=98","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60368","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"75","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64080 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169538665&flow_hash_id=100","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64080","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 167 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"76","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61397 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169572702&flow_hash_id=92","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61397","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 184 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"77","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651916,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61612 and port 80","epoch_begin":1589741865,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402300&flow_hash_id=83","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61612","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"78","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61613 and port 80","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402556&flow_hash_id=84","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61613","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"79","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61614 and port 80","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402812&flow_hash_id=85","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61614","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"80","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57066 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169578061&flow_hash_id=93","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57066","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"81","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 49907 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169580337&flow_hash_id=101","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"49907","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 177 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"82","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52734 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169583164&flow_hash_id=95","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52734","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 136 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"83","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61641 and port 80","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267409724&flow_hash_id=127","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61641","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"84","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61642 and port 80","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267409980&flow_hash_id=128","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61642","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"85","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52367 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169554747&flow_hash_id=90","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52367","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"86","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59283 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169555798&flow_hash_id=99","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59283","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a221.g.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 109 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"87","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61626 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753299288&flow_hash_id=112","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61626","srv_ip":{"country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: scontent.xx.fbcdn.net ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"88","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.208.170 and port 61633 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565099262&flow_hash_id=119","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61633","srv_ip":{"country":"PT","label":"imasdk.googleapis.com","label_long":"imasdk.googleapis.com","name":"imasdk.googleapis.com","reference":"","value":"216.58.208.170"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 28/04/2020 09:51:28 - 21/07/2020 09:51:28 ] [ Cipher State: safe ] [ Requested Server Name: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 875 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"89","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58649 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524564&flow_hash_id=94","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58649","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 121 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"90","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.36 and port 61630 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753300344&flow_hash_id=116","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61630","srv_ip":{"country":"IT","label":"www.facebook.com","label_long":"www.facebook.com","name":"www.facebook.com","reference":"","value":"31.13.86.36"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"91","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51226 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524791&flow_hash_id=97","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51226","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"92","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54170 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557570&flow_hash_id=91","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54170","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 105 Bytes | Client to Server Traffic: 89 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"93","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.8 and port 61631 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753300572&flow_hash_id=117","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61631","srv_ip":{"country":"IT","label":"graph.facebook.com","label_long":"graph.facebook.com","name":"graph.facebook.com","reference":"","value":"31.13.86.8"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"94","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.115 and port 61615 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465138887&flow_hash_id=86","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61615","srv_ip":{"country":"CH","label":"oasjs.repubblica.it","label_long":"oasjs.repubblica.it","name":"oasjs.repubblica.it","reference":"","value":"13.224.102.115"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.77 KB | Client to Server Traffic: 2.55 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"95","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.103.79 and port 61616 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465139363&flow_hash_id=87","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61616","srv_ip":{"country":"CH","label":"login.kataweb.it","label_long":"login.kataweb.it","name":"login.kataweb.it","reference":"","value":"13.224.103.79"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/04/2020 10:23:21 - 09/07/2020 10:23:21 ] [ Cipher State: safe ] [ Requested Server Name: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 7.53 KB | Client to Server Traffic: 2.21 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"96","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.119 and port 61618 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465139659&flow_hash_id=104","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61618","srv_ip":{"country":"CH","label":"scripts.repubblica.it","label_long":"scripts.repubblica.it","name":"scripts.repubblica.it","reference":"","value":"13.224.102.119"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.25 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"97","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63273 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169528678&flow_hash_id=96","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63273","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"98","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64299 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529194&flow_hash_id=89","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64299","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 97 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"99","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61617 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488924592&flow_hash_id=103","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61617","srv_ip":{"country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 6.8 KB | Client to Server Traffic: 1.96 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"100","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.59 and port 61638 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465144719&flow_hash_id=126","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61638","srv_ip":{"country":"CH","label":"www.gelestatic.it","label_long":"www.gelestatic.it","name":"www.gelestatic.it","reference":"","value":"13.224.102.59"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/04/2020 04:21:56 - 02/07/2020 04:21:56 ] [ Cipher State: safe ] [ Requested Server Name: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 3.82 KB | Client to Server Traffic: 580 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"101","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61635 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689171149&flow_hash_id=121","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61635","srv_ip":{"country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.39 KB | Client to Server Traffic: 839 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"102","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56374 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531979&flow_hash_id=102","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56374","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 176 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"103","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61619 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598468&flow_hash_id=105","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61619","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"104","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61620 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598724&flow_hash_id=106","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61620","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 517 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"105","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61621 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598980&flow_hash_id=107","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61621","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"106","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61622 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599236&flow_hash_id=108","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61622","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"107","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61623 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599492&flow_hash_id=109","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61623","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"108","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61624 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599748&flow_hash_id=110","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61624","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 526 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"109","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56898 and port 53","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169535053&flow_hash_id=88","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56898","srv_ip":{"country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 94 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"110","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.83.123.49 and port 61636 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=687668357&flow_hash_id=122","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61636","srv_ip":{"country":"IT","label":"socialize.us1.gigya.com","label_long":"socialize.us1.gigya.com","name":"socialize.us1.gigya.com","reference":"","value":"104.83.123.49"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 6.17 KB | Client to Server Traffic: 1.22 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"111","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Mismatch","value":"23"},"alert_name":" TLS Certificate Mismatch","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Mismatch [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 184.51.127.56 and port 61632 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2027748492&flow_hash_id=118","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61632","srv_ip":{"country":"IT","label":"184.51.127.56","label_long":"184.51.127.56","reference":"","value":"184.51.127.56"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 13/08/2019 02:00:00 - 12/08/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.15 KB | Client to Server Traffic: 642 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Mismatch [Score: 100]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"112","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.83.123.49 and port 61637 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=687668613&flow_hash_id=125","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61637","srv_ip":{"country":"IT","label":"socialize.us1.gigya.com","label_long":"socialize.us1.gigya.com","name":"socialize.us1.gigya.com","reference":"","value":"104.83.123.49"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 6.17 KB | Client to Server Traffic: 975 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"113","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.94 and port 61661 and port 443","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465150642&flow_hash_id=143","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61661","srv_ip":{"country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.94"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 11.59 KB | Client to Server Traffic: 1.91 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"114","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61650 and port 443","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606404&flow_hash_id=132","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61650","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"115","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61651 and port 443","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606660&flow_hash_id=133","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61651","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"116","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61657 and port 443","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608196&flow_hash_id=139","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61657","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"117","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61664 and port 443","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609988&flow_hash_id=146","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61664","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"118","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61665 and port 443","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610244&flow_hash_id=147","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61665","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"119","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61667 and port 443","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610756&flow_hash_id=149","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61667","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"120","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61643 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410236&flow_hash_id=129","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61643","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"121","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61644 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410492&flow_hash_id=130","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61644","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"122","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61645 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410748&flow_hash_id=131","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61645","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"123","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61652 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267412540&flow_hash_id=134","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61652","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"124","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61653 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267412796&flow_hash_id=135","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61653","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"125","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61654 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413052&flow_hash_id=136","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61654","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"126","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61655 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413308&flow_hash_id=137","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61655","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"127","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61656 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413564&flow_hash_id=138","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61656","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"128","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61658 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267414076&flow_hash_id=140","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61658","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"129","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61659 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267414332&flow_hash_id=141","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61659","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"130","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61662 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267415100&flow_hash_id=144","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61662","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"131","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61666 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267416124&flow_hash_id=148","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61666","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"132","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":59651914,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61670 and port 80","epoch_begin":1589741867,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267417148&flow_hash_id=150","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61670","srv_ip":{"country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"133","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61625 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600004&flow_hash_id=111","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61625","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"134","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61627 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600516&flow_hash_id=113","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61627","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"135","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61628 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600772&flow_hash_id=114","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61628","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"136","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":59651915,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61629 and port 443","epoch_begin":1589741866,"epoch_end":1649393782},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169601028&flow_hash_id=115","cli_ip":{"country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61629","srv_ip":{"country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"137","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":178,"recordsTotal":178,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51409 and port 53","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571639&flow_hash_id=6","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"51409","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62064 and port 53","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546849&flow_hash_id=10","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"62064","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.28 and port 5353 and port 5353","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169623730&flow_hash_id=5","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"5353","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.28","label_long":"192.168.1.28","reference":"","value":"192.168.1.28"},"srv_port":"5353"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 320 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"MDNS","label":"UDP:MDNS","value":"8"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51784 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536569&flow_hash_id=52","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51784","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: partner.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 88 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57672 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536592&flow_hash_id=51","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 295 Bytes | Client to Server Traffic: 86 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64331 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169537386&flow_hash_id=18","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64331","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 230 Bytes | Client to Server Traffic: 72 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"6","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64210 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571945&flow_hash_id=53","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64210","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 98 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"7","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62168 and port 53","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169573473&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62168","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61604 and port 80","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267400252&flow_hash_id=74","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61604","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61567 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753284184&flow_hash_id=23","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61567","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 177.42 KB | Client to Server Traffic: 7.11 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61605 and port 80","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267400508&flow_hash_id=75","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61605","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"11","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56927 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169542477&flow_hash_id=57","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56927","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 129 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"12","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61611 and port 80","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402044&flow_hash_id=82","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61611","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"13","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.122 and port 61564 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465125838&flow_hash_id=19","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61564","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.kataweb.it","label_long":"oasjs.kataweb.it","name":"oasjs.kataweb.it","reference":"","value":"13.224.102.122"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 71.75 KB | Client to Server Traffic: 4.1 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"14","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.127 and port 61565 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465126099&flow_hash_id=20","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61565","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.kataweb.it","label_long":"scripts.kataweb.it","name":"scripts.kataweb.it","reference":"","value":"13.224.102.127"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.9 KB | Client to Server Traffic: 1.72 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.119 and port 61568 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465126859&flow_hash_id=26","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61568","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.repubblica.it","label_long":"scripts.repubblica.it","name":"scripts.repubblica.it","reference":"","value":"13.224.102.119"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.36 KB | Client to Server Traffic: 2.82 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 34.252.198.143 and port 61600 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3819316195&flow_hash_id=70","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61600","srv_ip":{"blacklisted":"0","country":"IE","label":"secure-it.imrworldwide.c…","label_long":"secure-it.imrworldwide.com","name":"secure-it.imrworldwide.com","reference":"","value":"34.252.198.143"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 21/01/2020 02:00:00 - 24/02/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.75 KB | Client to Server Traffic: 913 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54636 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169545796&flow_hash_id=48","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54636","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 186 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"18","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64109 and port 53","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546089&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64109","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"19","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.94 and port 61571 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465127602&flow_hash_id=30","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61571","srv_ip":{"blacklisted":"0","country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.94"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 28.32 KB | Client to Server Traffic: 11.77 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53871 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546561&flow_hash_id=76","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53871","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"21","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61592 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753290584&flow_hash_id=62","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61592","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: staticxx.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52340 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169547835&flow_hash_id=24","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52340","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"23","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61593 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753290840&flow_hash_id=63","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61593","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 907 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"24","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61561 and port 443","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488910256&flow_hash_id=11","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61561","srv_ip":{"blacklisted":"0","country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.64 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"25","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65014 and port 53","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169581164&flow_hash_id=7","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65014","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"26","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61562 and port 443","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488910512&flow_hash_id=12","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61562","srv_ip":{"blacklisted":"0","country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 102.97 KB | Client to Server Traffic: 5.49 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"27","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64119 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169548649&flow_hash_id=50","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64119","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"28","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61579 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689156813&flow_hash_id=39","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61579","srv_ip":{"blacklisted":"0","country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 105.32 KB | Client to Server Traffic: 4.02 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"29","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.22 and port 61586 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131370&flow_hash_id=55","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61586","srv_ip":{"blacklisted":"0","country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.22"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.13 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"30","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.122 and port 61587 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131726&flow_hash_id=56","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61587","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.kataweb.it","label_long":"oasjs.kataweb.it","name":"oasjs.kataweb.it","reference":"","value":"13.224.102.122"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.59 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"31","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.127 and port 61588 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131987&flow_hash_id=58","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61588","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.kataweb.it","label_long":"scripts.kataweb.it","name":"scripts.kataweb.it","reference":"","value":"13.224.102.127"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.25 KB | Client to Server Traffic: 905 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"32","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61563 and port 443","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584132&flow_hash_id=14","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61563","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"33","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61566 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584900&flow_hash_id=21","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61566","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"34","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.58 and port 61595 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465133710&flow_hash_id=65","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61595","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.repubblica.it","label_long":"oasjs.repubblica.it","name":"oasjs.repubblica.it","reference":"","value":"13.224.102.58"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.59 KB | Client to Server Traffic: 906 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"35","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61591 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689159885&flow_hash_id=61","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61591","srv_ip":{"blacklisted":"0","country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.39 KB | Client to Server Traffic: 835 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"36","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.116 and port 61596 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134024&flow_hash_id=66","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61596","srv_ip":{"blacklisted":"0","country":"CH","label":"data.kataweb.it","label_long":"data.kataweb.it","name":"data.kataweb.it","reference":"","value":"13.224.102.116"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 23/03/2020 13:22:07 - 21/06/2020 13:22:07 ] [ Cipher State: safe ] [ Requested Server Name: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.11 KB | Client to Server Traffic: 902 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"37","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61569 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585668&flow_hash_id=27","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61569","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"38","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61570 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585924&flow_hash_id=28","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61570","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"39","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61598 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134549&flow_hash_id=68","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61598","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.34 KB | Client to Server Traffic: 972 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"40","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61572 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169586436&flow_hash_id=31","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61572","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"41","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.103.79 and port 61599 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465135011&flow_hash_id=69","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61599","srv_ip":{"blacklisted":"0","country":"CH","label":"login.kataweb.it","label_long":"login.kataweb.it","name":"login.kataweb.it","reference":"","value":"13.224.103.79"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/04/2020 10:23:21 - 09/07/2020 10:23:21 ] [ Cipher State: safe ] [ Requested Server Name: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.12 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"42","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61573 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477362905&flow_hash_id=32","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61573","srv_ip":{"blacklisted":"0","country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 05/03/2020 02:00:00 - 06/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 5.32 KB | Client to Server Traffic: 2.29 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"43","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.8 and port 61602 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465135452&flow_hash_id=72","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61602","srv_ip":{"blacklisted":"0","country":"CH","label":"tvzap.kataweb.it","label_long":"tvzap.kataweb.it","name":"tvzap.kataweb.it","reference":"","value":"13.224.102.8"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 04/04/2020 14:21:29 - 03/07/2020 14:21:29 ] [ Cipher State: safe ] [ Requested Server Name: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.11 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"44","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61574 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477363161&flow_hash_id=33","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61574","srv_ip":{"blacklisted":"0","country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 26/03/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 4.89 KB | Client to Server Traffic: 2.15 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"45","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59920 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169522265&flow_hash_id=49","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59920","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 92 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"46","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61606 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465136597&flow_hash_id=77","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61606","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.03 KB | Client to Server Traffic: 582 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"47","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61580 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169588484&flow_hash_id=40","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61580","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"48","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62869 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556324&flow_hash_id=16","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62869","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"49","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62359 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556834&flow_hash_id=22","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62359","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 101 Bytes | Client to Server Traffic: 85 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"50","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 55707 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557832&flow_hash_id=34","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55707","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a771.dscq.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 112 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"51","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61589 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169590788&flow_hash_id=59","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61589","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"52","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65309 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169525614&flow_hash_id=54","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65309","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"53","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61590 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477367257&flow_hash_id=60","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61590","srv_ip":{"blacklisted":"0","country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 05/03/2020 02:00:00 - 06/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 4.14 KB | Client to Server Traffic: 800 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"54","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61594 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169592068&flow_hash_id=64","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61594","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"55","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63777 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169526632&flow_hash_id=46","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63777","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 143 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"56","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52650 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169561660&flow_hash_id=29","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 96 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"57","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61739 and port 53","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529184&flow_hash_id=15","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61739","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 128 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"58","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61607 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595396&flow_hash_id=78","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61607","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"59","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61608 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595652&flow_hash_id=79","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61608","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"60","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53807 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169530177&flow_hash_id=25","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53807","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 175 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"61","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61609 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595908&flow_hash_id=80","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61609","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 522 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"62","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61610 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169596164&flow_hash_id=81","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61610","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"63","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 213.92.16.78 and port 61597 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2516937378&flow_hash_id=67","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61597","srv_ip":{"blacklisted":"0","country":"IT","label":"adagiof3.repubblica.it","label_long":"adagiof3.repubblica.it","name":"adagiof3.repubblica.it","reference":"","value":"213.92.16.78"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 11/04/2020 09:21:29 - 10/07/2020 09:21:29 ] [ Cipher State: safe ] [ Requested Server Name: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 3.33 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"64","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62012 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169533537&flow_hash_id=17","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62012","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 163 Bytes | Client to Server Traffic: 74 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"65","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61601 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044720297&flow_hash_id=71","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61601","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/12/2019 16:36:04 - 19/01/2021 15:11:04 ] [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.15 KB | Client to Server Traffic: 935 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"66","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61575 and port 80","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267392828&flow_hash_id=35","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61575","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"67","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51263 and port 53","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534263&flow_hash_id=47","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51263","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 139 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"68","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54593 and port 53","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534788&flow_hash_id=13","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54593","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 182 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"69","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61581 and port 80","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394364&flow_hash_id=41","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61581","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"70","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61582 and port 80","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394620&flow_hash_id=42","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61582","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"71","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61583 and port 80","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394876&flow_hash_id=43","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61583","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"72","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61584 and port 80","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267395132&flow_hash_id=44","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61584","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"73","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61585 and port 80","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267395388&flow_hash_id=45","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61585","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"74","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 60368 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571418&flow_hash_id=98","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60368","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"75","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64080 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169538665&flow_hash_id=100","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64080","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 167 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"76","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61397 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169572702&flow_hash_id=92","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61397","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 184 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"77","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61612 and port 80","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402300&flow_hash_id=83","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61612","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"78","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61613 and port 80","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402556&flow_hash_id=84","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61613","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"79","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61614 and port 80","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402812&flow_hash_id=85","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61614","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"80","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57066 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169578061&flow_hash_id=93","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57066","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"81","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 49907 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169580337&flow_hash_id=101","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"49907","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 177 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"82","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52734 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169583164&flow_hash_id=95","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52734","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 136 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"83","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61641 and port 80","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267409724&flow_hash_id=127","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61641","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"84","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61642 and port 80","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267409980&flow_hash_id=128","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61642","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"85","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52367 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169554747&flow_hash_id=90","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52367","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"86","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59283 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169555798&flow_hash_id=99","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59283","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a221.g.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 109 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"87","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61626 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753299288&flow_hash_id=112","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61626","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: scontent.xx.fbcdn.net ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"88","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.208.170 and port 61633 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565099262&flow_hash_id=119","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61633","srv_ip":{"blacklisted":"0","country":"PT","label":"imasdk.googleapis.com","label_long":"imasdk.googleapis.com","name":"imasdk.googleapis.com","reference":"","value":"216.58.208.170"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 28/04/2020 09:51:28 - 21/07/2020 09:51:28 ] [ Cipher State: safe ] [ Requested Server Name: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 875 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"89","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58649 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524564&flow_hash_id=94","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58649","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 121 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"90","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.36 and port 61630 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753300344&flow_hash_id=116","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61630","srv_ip":{"blacklisted":"0","country":"IT","label":"www.facebook.com","label_long":"www.facebook.com","name":"www.facebook.com","reference":"","value":"31.13.86.36"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"91","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51226 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524791&flow_hash_id=97","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51226","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"92","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54170 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557570&flow_hash_id=91","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54170","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 105 Bytes | Client to Server Traffic: 89 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"93","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.8 and port 61631 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753300572&flow_hash_id=117","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61631","srv_ip":{"blacklisted":"0","country":"IT","label":"graph.facebook.com","label_long":"graph.facebook.com","name":"graph.facebook.com","reference":"","value":"31.13.86.8"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"94","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.115 and port 61615 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465138887&flow_hash_id=86","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61615","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.repubblica.it","label_long":"oasjs.repubblica.it","name":"oasjs.repubblica.it","reference":"","value":"13.224.102.115"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.77 KB | Client to Server Traffic: 2.55 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"95","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.103.79 and port 61616 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465139363&flow_hash_id=87","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61616","srv_ip":{"blacklisted":"0","country":"CH","label":"login.kataweb.it","label_long":"login.kataweb.it","name":"login.kataweb.it","reference":"","value":"13.224.103.79"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/04/2020 10:23:21 - 09/07/2020 10:23:21 ] [ Cipher State: safe ] [ Requested Server Name: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 7.53 KB | Client to Server Traffic: 2.21 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"96","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.119 and port 61618 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465139659&flow_hash_id=104","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61618","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.repubblica.it","label_long":"scripts.repubblica.it","name":"scripts.repubblica.it","reference":"","value":"13.224.102.119"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.25 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"97","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63273 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169528678&flow_hash_id=96","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63273","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"98","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64299 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529194&flow_hash_id=89","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64299","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 97 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"99","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61617 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488924592&flow_hash_id=103","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61617","srv_ip":{"blacklisted":"0","country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 6.8 KB | Client to Server Traffic: 1.96 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"100","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.59 and port 61638 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465144719&flow_hash_id=126","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61638","srv_ip":{"blacklisted":"0","country":"CH","label":"www.gelestatic.it","label_long":"www.gelestatic.it","name":"www.gelestatic.it","reference":"","value":"13.224.102.59"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/04/2020 04:21:56 - 02/07/2020 04:21:56 ] [ Cipher State: safe ] [ Requested Server Name: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 3.82 KB | Client to Server Traffic: 580 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"101","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61635 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689171149&flow_hash_id=121","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61635","srv_ip":{"blacklisted":"0","country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.39 KB | Client to Server Traffic: 839 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"102","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56374 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531979&flow_hash_id=102","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56374","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 176 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"103","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61619 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598468&flow_hash_id=105","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61619","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"104","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61620 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598724&flow_hash_id=106","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61620","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 517 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"105","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61621 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598980&flow_hash_id=107","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61621","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"106","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61622 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599236&flow_hash_id=108","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61622","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"107","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61623 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599492&flow_hash_id=109","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61623","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"108","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61624 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599748&flow_hash_id=110","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61624","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 526 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"109","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56898 and port 53","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169535053&flow_hash_id=88","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56898","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 94 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"110","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.83.123.49 and port 61636 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=687668357&flow_hash_id=122","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61636","srv_ip":{"blacklisted":"0","country":"IT","label":"socialize.us1.gigya.com","label_long":"socialize.us1.gigya.com","name":"socialize.us1.gigya.com","reference":"","value":"104.83.123.49"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 6.17 KB | Client to Server Traffic: 1.22 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"111","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Mismatch","value":"23"},"alert_name":" TLS Certificate Mismatch","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Mismatch [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 184.51.127.56 and port 61632 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2027748492&flow_hash_id=118","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61632","srv_ip":{"blacklisted":"0","country":"IT","label":"184.51.127.56","label_long":"184.51.127.56","reference":"","value":"184.51.127.56"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 13/08/2019 02:00:00 - 12/08/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.15 KB | Client to Server Traffic: 576 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Mismatch [Score: 100]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"112","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.83.123.49 and port 61637 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=687668613&flow_hash_id=125","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61637","srv_ip":{"blacklisted":"0","country":"IT","label":"socialize.us1.gigya.com","label_long":"socialize.us1.gigya.com","name":"socialize.us1.gigya.com","reference":"","value":"104.83.123.49"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 6.17 KB | Client to Server Traffic: 975 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"113","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.94 and port 61661 and port 443","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465150642&flow_hash_id=143","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61661","srv_ip":{"blacklisted":"0","country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.94"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 11.59 KB | Client to Server Traffic: 1.91 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"114","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61650 and port 443","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606404&flow_hash_id=132","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"115","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61651 and port 443","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606660&flow_hash_id=133","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61651","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"116","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61657 and port 443","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608196&flow_hash_id=139","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61657","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"117","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61664 and port 443","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609988&flow_hash_id=146","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61664","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"118","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61665 and port 443","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610244&flow_hash_id=147","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61665","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"119","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61667 and port 443","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610756&flow_hash_id=149","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61667","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"120","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61643 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410236&flow_hash_id=129","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61643","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"121","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61644 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410492&flow_hash_id=130","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61644","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"122","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61645 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410748&flow_hash_id=131","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61645","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"123","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61652 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267412540&flow_hash_id=134","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61652","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"124","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61653 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267412796&flow_hash_id=135","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61653","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"125","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61654 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413052&flow_hash_id=136","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61654","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"126","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61655 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413308&flow_hash_id=137","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61655","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"127","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61656 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413564&flow_hash_id=138","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61656","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"128","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61658 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267414076&flow_hash_id=140","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61658","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"129","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61659 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267414332&flow_hash_id=141","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61659","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"130","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61662 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267415100&flow_hash_id=144","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61662","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"131","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61666 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267416124&flow_hash_id=148","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61666","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"132","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61670 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267417148&flow_hash_id=150","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61670","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"133","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61625 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600004&flow_hash_id=111","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61625","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"134","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61627 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600516&flow_hash_id=113","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61627","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"135","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61628 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600772&flow_hash_id=114","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61628","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"136","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61629 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169601028&flow_hash_id=115","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61629","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"137","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.36 and port 61687 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753314936&flow_hash_id=170","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61687","srv_ip":{"blacklisted":"0","country":"IT","label":"www.facebook.com","label_long":"www.facebook.com","name":"www.facebook.com","reference":"","value":"31.13.86.36"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.facebook.com ] [ Main Direction: Client Server | Server to Client Traffic: 4.41 KB | Client to Server Traffic: 6.88 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"138","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 8.241.92.250 and port 61683 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3382381902&flow_hash_id=164","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61683","srv_ip":{"blacklisted":"0","country":"IT","label":"media.gedidigital.it","label_long":"media.gedidigital.it","name":"media.gedidigital.it","reference":"","value":"8.241.92.250"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 21/03/2020 13:21:56 - 19/06/2020 13:21:56 ] [ Cipher State: safe ] [ Requested Server Name: media.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 517.73 KB | Client to Server Traffic: 17.25 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"139","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 138.68.91.103 and port 61688 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1257115835&flow_hash_id=171","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61688","srv_ip":{"blacklisted":"0","country":"DE","label":"hits-i.iubenda.com","label_long":"hits-i.iubenda.com","name":"hits-i.iubenda.com","reference":"","value":"138.68.91.103"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/01/2020 02:00:00 - 31/01/2022 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 6 KB | Client to Server Traffic: 2.0 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"140","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 50013 and port 53","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169541938&flow_hash_id=162","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"50013","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: media.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 178 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"141","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56544 and port 53","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575499&flow_hash_id=172","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56544","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: fbc.wcfbc.net ] [ Main Direction: Server Client | Server to Client Traffic: 89 Bytes | Client to Server Traffic: 73 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"142","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61672 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612036&flow_hash_id=152","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"143","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61675 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612804&flow_hash_id=155","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61675","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"144","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61676 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613060&flow_hash_id=156","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61676","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"145","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61678 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613572&flow_hash_id=158","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61678","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"146","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61682 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169614596&flow_hash_id=163","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61682","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"147","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61677 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044739753&flow_hash_id=157","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61677","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/12/2019 16:36:04 - 19/01/2021 15:11:04 ] [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.94 KB | Client to Server Traffic: 4.09 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"148","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61671 and port 80","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267417404&flow_hash_id=151","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61671","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"149","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61673 and port 80","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267417916&flow_hash_id=153","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61673","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"150","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61679 and port 80","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267419452&flow_hash_id=159","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61679","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"151","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61680 and port 80","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267419708&flow_hash_id=160","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61680","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"152","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61681 and port 80","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267419964&flow_hash_id=161","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61681","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"153","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61686 and port 80","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267421244&flow_hash_id=168","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61686","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"154","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58163 and port 53","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531218&flow_hash_id=165","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58163","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: d.adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"155","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63928 and port 53","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169565288&flow_hash_id=169","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63928","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"156","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.45.75.18 and port 61684 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=685177958&flow_hash_id=166","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61684","srv_ip":{"blacklisted":"0","country":"NL","label":"d.adagiof3.repubblica.it","label_long":"d.adagiof3.repubblica.it","name":"d.adagiof3.repubblica.it","reference":"","value":"104.45.75.18"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/10/2019 14:51:03 - 09/12/2020 14:36:04 ] [ Cipher State: safe ] [ Requested Server Name: d.adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 6.28 KB | Client to Server Traffic: 3.79 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Azure","label":"TCP:TLS.Azure","value":"276"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"157","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.36 and port 61674 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753311608&flow_hash_id=154","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61674","srv_ip":{"blacklisted":"0","country":"IT","label":"www.facebook.com","label_long":"www.facebook.com","name":"www.facebook.com","reference":"","value":"31.13.86.36"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.89 KB | Client to Server Traffic: 2.65 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"158","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171317,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 172.217.21.67 and port 60856 and port 443","epoch_begin":1589741863,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1837271700&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60856","srv_ip":{"blacklisted":"0","country":"DE","label":"172.217.21.67","label_long":"172.217.21.67","reference":"","value":"172.217.21.67"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 264 Bytes | Client to Server Traffic: 341 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"159","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171311,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 138.68.91.103 and port 61690 and port 443","epoch_begin":1589741869,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1257116347&flow_hash_id=176","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61690","srv_ip":{"blacklisted":"0","country":"DE","label":"hits-i.iubenda.com","label_long":"hits-i.iubenda.com","name":"hits-i.iubenda.com","reference":"","value":"138.68.91.103"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/01/2020 02:00:00 - 31/01/2022 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 5.77 KB | Client to Server Traffic: 1.05 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"160","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171311,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 35.190.242.29 and port 55099 and port 4070","epoch_begin":1589741869,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3832026470&flow_hash_id=174","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55099","srv_ip":{"blacklisted":"0","country":"US","label":"35.190.242.29","label_long":"35.190.242.29","reference":"","value":"35.190.242.29"},"srv_port":"4070"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 363 Bytes | Client to Server Traffic: 1.01 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Google","label":"TCP:Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"161","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61660 and port 443","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608964&flow_hash_id=142","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61660","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"162","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60171313,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61663 and port 443","epoch_begin":1589741867,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609732&flow_hash_id=145","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61663","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"163","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171317,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.22.34.92 and port 60994 and port 443","epoch_begin":1589741863,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=683614638&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60994","srv_ip":{"blacklisted":"0","country":"US","label":"104.22.34.92","label_long":"104.22.34.92","reference":"","value":"104.22.34.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 180 Bytes | Client to Server Traffic: 293 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Cloudflare","label":"TCP:TLS.Cloudflare","value":"220"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"164","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.58 and port 61576 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465128846&flow_hash_id=36","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61576","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.repubblica.it","label_long":"oasjs.repubblica.it","name":"oasjs.repubblica.it","reference":"","value":"13.224.102.58"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 74 Bytes | Client to Server Traffic: 132 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"165","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.10 and port 61577 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465129054&flow_hash_id=37","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61577","srv_ip":{"blacklisted":"0","country":"CH","label":"13.224.102.10","label_long":"13.224.102.10","reference":"","value":"13.224.102.10"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 74 Bytes | Client to Server Traffic: 132 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"166","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.127 and port 61578 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465129427&flow_hash_id=38","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61578","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.kataweb.it","label_long":"scripts.kataweb.it","name":"scripts.kataweb.it","reference":"","value":"13.224.102.127"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 74 Bytes | Client to Server Traffic: 132 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"167","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171315,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.209.34 and port 61603 and port 443","epoch_begin":1589741865,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565091702&flow_hash_id=73","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61603","srv_ip":{"blacklisted":"0","country":"BG","label":"216.58.209.34","label_long":"216.58.209.34","reference":"","value":"216.58.209.34"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: partner.googleadservices.com ] [ Main Direction: Client Server | Server to Client Traffic: 497 Bytes | Client to Server Traffic: 976 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"168","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60171311,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61691 and port 443","epoch_begin":1589741869,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169616900&flow_hash_id=177","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61691","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 512 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"169","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171317,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.205.68 and port 60854 and port 443","epoch_begin":1589741863,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565095573&flow_hash_id=3","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60854","srv_ip":{"blacklisted":"0","country":"FR","label":"216.58.205.68","label_long":"216.58.205.68","reference":"","value":"216.58.205.68"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 264 Bytes | Client to Server Traffic: 341 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"170","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171317,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.208.131 and port 60858 and port 443","epoch_begin":1589741863,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565097428&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60858","srv_ip":{"blacklisted":"0","country":"PT","label":"216.58.208.131","label_long":"216.58.208.131","reference":"","value":"216.58.208.131"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 264 Bytes | Client to Server Traffic: 341 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"171","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS not carrying HTTPS","value":"46"},"alert_name":" TLS not carrying HTTPS","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS not carrying HTTPS [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61685 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044741801&flow_hash_id=167","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61685","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Client Server | Server to Client Traffic: 1.88 KB | Client to Server Traffic: 2.0 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS not carrying HTTPS [Score: 10]","fullname":"TLS not carrying HTTPS","name":"TLS not carrying HTTPS","value":46},"proto":{"label":"TCP","value":"6"},"row_id":"172","score":{"color":"#5cd65c","label":"20","value":20},"script_key":"ndpi_tls_not_carrying_https","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171312,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.123 and port 61689 and port 443","epoch_begin":1589741868,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044742863&flow_hash_id=173","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61689","srv_ip":{"blacklisted":"0","country":"DE","label":"fbc.wcfbc.net","label_long":"fbc.wcfbc.net","name":"fbc.wcfbc.net","reference":"","value":"185.54.150.123"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 11/01/2018 15:08:01 - 11/01/2021 15:08:01 ] [ Cipher State: safe ] [ Requested Server Name: fbc.wcfbc.net ] [ Main Direction: Server Client | Server to Client Traffic: 6.62 KB | Client to Server Traffic: 1.79 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"173","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.208.170 and port 61634 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565099518&flow_hash_id=120","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61634","srv_ip":{"blacklisted":"0","country":"PT","label":"imasdk.googleapis.com","label_long":"imasdk.googleapis.com","name":"imasdk.googleapis.com","reference":"","value":"216.58.208.170"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 98.3 KB | Client to Server Traffic: 4.59 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"174","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171314,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 149.154.167.91 and port 55156 and port 443","epoch_begin":1589741866,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1447286934&flow_hash_id=124","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55156","srv_ip":{"blacklisted":"0","country":"GB","label":"149.154.167.91","label_long":"149.154.167.91","reference":"","value":"149.154.167.91"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 66 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Telegram","label":"TCP:TLS.Telegram","value":"185"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"175","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171311,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 35.186.224.53 and port 55114 and port 443","epoch_begin":1589741869,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3831752560&flow_hash_id=175","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55114","srv_ip":{"blacklisted":"0","country":"US","label":"35.186.224.53","label_long":"35.186.224.53","reference":"","value":"35.186.224.53"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 5.28 KB | Client to Server Traffic: 1.94 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleCloud","label":"TCP:TLS.GoogleCloud","value":"284"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"176","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171311,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61692 and port 80","epoch_begin":1589741869,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267422780&flow_hash_id=178","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61692","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"177","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60171316,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.28 and port 55148 and port 49152","epoch_begin":1589741864,"epoch_end":1649913181},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169532438&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55148","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.28","label_long":"192.168.1.28","reference":"","value":"192.168.1.28"},"srv_port":"49152"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 144 Bytes | Client to Server Traffic: 210 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Unknown","label":"TCP:Unknown","value":"0"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"178","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/get_alert_data_02.out b/tests/e2e/rest/result/v1/get_alert_data_02.out index 15b0240427..e1769ab973 100644 --- a/tests/e2e/rest/result/v1/get_alert_data_02.out +++ b/tests/e2e/rest/result/v1/get_alert_data_02.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"DNS Packet Larger Than 512 bytes [Score: 50]
Malformed packet [Score: 10]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 127.0.0.1 [Score: 100]"},"duration":58275561,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 50435 and port 53","epoch_begin":1591551760,"epoch_end":1649827322},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261427416&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"cli_port":"50435","srv_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.xt.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.79 KB | Client to Server Traffic: 70 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 127.0.0.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"170","value":170},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/06/2020 19:42:40","value":1591551760},"vlan_id":"0"}]}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"DNS Packet Larger Than 512 bytes [Score: 50]
Malformed packet [Score: 10]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 127.0.0.1 [Score: 100]"},"duration":58361496,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 50435 and port 53","epoch_begin":1591551760,"epoch_end":1649913257},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261427416&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"cli_port":"50435","srv_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.xt.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.79 KB | Client to Server Traffic: 70 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 127.0.0.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"170","value":170},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/06/2020 19:42:40","value":1591551760},"vlan_id":"0"}]}} diff --git a/tests/e2e/rest/result/v1/get_host_data_01.out b/tests/e2e/rest/result/v1/get_host_data_01.out index a1e549b82f..531f580742 100644 --- a/tests/e2e/rest/result/v1/get_host_data_01.out +++ b/tests/e2e/rest/result/v1/get_host_data_01.out @@ -1 +1 @@ -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"ICMPv4":[],"active_alerted_flows":45,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":45,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":18,"contacts.as_server":1,"continent":"","countries_contacts":{"value":3},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":57668404,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"luca’s imac","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":4095,"score.as_client":4095,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3471,"upper_bound":4196,"value":4095},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1647410266,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.05061075091362,"throughput_pps":6.1541504692286e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":45,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"ICMPv4":[],"active_alerted_flows":40,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":40,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":53,"contacts.as_server":1,"continent":"","countries_contacts":{"value":2},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":60172068,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"luca’s imac","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":3645,"score.as_client":3645,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3063,"upper_bound":3740,"value":3645},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1649913930,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.048504915088415,"throughput_pps":5.8980858739233e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":40,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0}} diff --git a/tests/e2e/rest/result/v1/get_host_data_02.out b/tests/e2e/rest/result/v1/get_host_data_02.out index 92d926d296..d71164d3b2 100644 --- a/tests/e2e/rest/result/v1/get_host_data_02.out +++ b/tests/e2e/rest/result/v1/get_host_data_02.out @@ -1 +1 @@ -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"ICMPv4":[],"active_alerted_flows":45,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":45,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":18,"contacts.as_server":1,"continent":"","countries_contacts":{"value":3},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":57668478,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"luca’s imac","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":4095,"score.as_client":4095,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3471,"upper_bound":4196,"value":4095},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1647410340,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.050610683858395,"throughput_pps":6.1541424656752e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":45,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"ICMPv4":[],"active_alerted_flows":40,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":40,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":53,"contacts.as_server":1,"continent":"","countries_contacts":{"value":2},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":60172143,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"luca’s imac","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":3645,"score.as_client":3645,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3063,"upper_bound":3740,"value":3645},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1649914005,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.04850485548377,"throughput_pps":5.8980782341678e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":40,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0}} diff --git a/tests/e2e/rest/result/v1/get_interface_data_01.out b/tests/e2e/rest/result/v1/get_interface_data_01.out index 07b1c8104e..a66a27b940 100644 --- a/tests/e2e/rest/result/v1/get_interface_data_01.out +++ b/tests/e2e/rest/result/v1/get_interface_data_01.out @@ -1 +1 @@ -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"alerted_flows":45,"bytes":3744757,"bytes_download":3744757,"bytes_upload":0,"dropped_alerts":0,"drops":0,"engaged_alerts":0,"epoch":1643350270,"flows_pctg":1,"hosts_pctg":1,"ifid":"0","ifname":"test_01.pcap","is_view":false,"local2remote":185214,"localtime":"07:11:10 +0100","macs_pctg":1,"num_devices":4,"num_flows":179,"num_hosts":42,"num_live_captures":0,"num_local_hosts":4,"packets":5000,"packets_download":5000,"packets_upload":0,"periodic_stats_update_frequency_secs":5,"profiles":[],"remote2local":3332878,"remote_bps":0,"remote_pps":0,"speed":1000,"system_host_stats":{"alerts_queries":51,"alerts_stats":{"alert_queues":{"internal_alerts_queue":{"pct_not_enqueued":0}}},"cpu_load":0.31999999284744,"cpu_states":{"guest":0,"guest_nice":0,"idle":98.294783049131,"iowait":0,"irq":0,"nice":0,"softirq":0.151950025325,"steal":0,"system":0.25325004220834,"user":1.3000168833361},"dropped_alerts":0,"mem_buffers":791016,"mem_cached":11637380,"mem_free":277648,"mem_ntopng_resident":532856,"mem_ntopng_virtual":21475351708,"mem_shmem":0,"mem_sreclaimable":688812,"mem_total":32727900,"mem_used":19333044,"written_alerts":0},"tcpPacketStats":{"lost":0,"out_of_order":0,"retransmissions":10},"throughput":{"download":{"bps":0,"pps":0},"upload":{"bps":0,"pps":0}},"throughput_bps":0,"throughput_pps":0,"ts_alerts":[],"uptime":"00:19 sec"}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"alerted_flows":40,"bytes":3744757,"bytes_download":3744757,"bytes_upload":0,"dropped_alerts":0,"drops":0,"engaged_alerts":0,"epoch":1649914610,"flows_pctg":1,"hosts_pctg":1,"ifid":"0","ifname":"test_01.pcap","is_view":false,"local2remote":185214,"localtime":"07:36:50 +0200","macs_pctg":1,"num_devices":4,"num_flows":179,"num_hosts":42,"num_live_captures":0,"num_local_hosts":4,"packets":5000,"packets_download":5000,"packets_upload":0,"periodic_stats_update_frequency_secs":5,"profiles":[],"remote2local":3332878,"remote_bps":0,"remote_pps":0,"speed":1000,"system_host_stats":{"alerts_queries":49,"alerts_stats":{"alert_queues":{"internal_alerts_queue":{"pct_not_enqueued":0}}},"cpu_load":0.79000002145767,"cpu_states":{"guest":0,"guest_nice":0,"idle":94.485917882592,"iowait":0.084832032575501,"irq":0,"nice":0,"softirq":1.3742789277231,"steal":0,"system":1.5778758059043,"user":2.4770953512046},"dropped_alerts":0,"mem_buffers":1040576,"mem_cached":14323204,"mem_free":254320,"mem_ntopng_resident":481212,"mem_ntopng_virtual":21475370988,"mem_shmem":0,"mem_sreclaimable":1482156,"mem_total":32724536,"mem_used":15624280,"written_alerts":0},"tcpPacketStats":{"lost":0,"out_of_order":0,"retransmissions":10},"throughput":{"download":{"bps":0,"pps":0},"upload":{"bps":0,"pps":0}},"throughput_bps":0,"throughput_pps":0,"ts_alerts":[],"uptime":"00:24 sec"}} diff --git a/tests/e2e/rest/result/v1/set_host_alias_01.out b/tests/e2e/rest/result/v1/set_host_alias_01.out index a5a07d7bb7..cd1c446d06 100644 --- a/tests/e2e/rest/result/v1/set_host_alias_01.out +++ b/tests/e2e/rest/result/v1/set_host_alias_01.out @@ -1,2 +1,2 @@ {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]} -{"ICMPv4":[],"active_alerted_flows":45,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":45,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":18,"contacts.as_server":1,"continent":"","countries_contacts":{"value":3},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":57670133,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"charles","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":4095,"score.as_client":4095,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3471,"upper_bound":4196,"value":4095},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1647411995,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.050609230995178,"throughput_pps":6.1539656599052e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":45,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0} +{"ICMPv4":[],"active_alerted_flows":40,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":40,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":53,"contacts.as_server":1,"continent":"","countries_contacts":{"value":2},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":60173794,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"Charles","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":3645,"score.as_client":3645,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3063,"upper_bound":3740,"value":3645},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1649915656,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.048503521829844,"throughput_pps":5.8979167079087e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":40,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0} diff --git a/tests/e2e/rest/result/v2/alert_dns_data_exfiltration_01.out b/tests/e2e/rest/result/v2/alert_dns_data_exfiltration_01.out index b64c6b35ec..833ea0e977 100644 --- a/tests/e2e/rest/result/v2/alert_dns_data_exfiltration_01.out +++ b/tests/e2e/rest/result/v2/alert_dns_data_exfiltration_01.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163817172,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649829796},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163817065,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649829796},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163817160,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649829796},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 3 records [12,397 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.24199485778809}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163903109,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649915733},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163903002,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649915733},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163903097,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649915733},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 3 records [11,408 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.26297569274902}}} diff --git a/tests/e2e/rest/result/v2/alert_dns_data_exfiltration_02.out b/tests/e2e/rest/result/v2/alert_dns_data_exfiltration_02.out index 3dc5718c12..3e4e85dbc8 100644 --- a/tests/e2e/rest/result/v2/alert_dns_data_exfiltration_02.out +++ b/tests/e2e/rest/result/v2/alert_dns_data_exfiltration_02.out @@ -1,3 +1,3 @@ {"success":true} {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163817248,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649829872},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163817141,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649829872},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163817236,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649829872},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 3 records [9,649 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.31089782714844}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163903182,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649915806},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163903075,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649915806},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163903170,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649915806},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 3 records [9,376 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.3199577331543}}} diff --git a/tests/e2e/rest/result/v2/alert_flow_exclusion_lists.out b/tests/e2e/rest/result/v2/alert_flow_exclusion_lists.out index ad28070a0f..21cc140c70 100644 --- a/tests/e2e/rest/result/v2/alert_flow_exclusion_lists.out +++ b/tests/e2e/rest/result/v2/alert_flow_exclusion_lists.out @@ -2,4 +2,4 @@ {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]} {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]} {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":85,"recordsTotal":85,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088082,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51409 and port 53","epoch_begin":1589741864,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571639&flow_hash_id=6","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"51409","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088082,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62064 and port 53","epoch_begin":1589741864,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546849&flow_hash_id=10","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"62064","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51784 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536569&flow_hash_id=52","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51784","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: partner.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 88 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57672 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536592&flow_hash_id=51","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 295 Bytes | Client to Server Traffic: 86 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64331 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169537386&flow_hash_id=18","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64331","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 230 Bytes | Client to Server Traffic: 72 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64210 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571945&flow_hash_id=53","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64210","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 98 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"6","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088082,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62168 and port 53","epoch_begin":1589741864,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169573473&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62168","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"7","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56927 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169542477&flow_hash_id=57","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56927","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 129 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54636 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169545796&flow_hash_id=48","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54636","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 186 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"9","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088082,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64109 and port 53","epoch_begin":1589741864,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546089&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64109","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"10","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53871 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546561&flow_hash_id=76","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53871","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"11","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52340 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169547835&flow_hash_id=24","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52340","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"12","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088082,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65014 and port 53","epoch_begin":1589741864,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169581164&flow_hash_id=7","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65014","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"13","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64119 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169548649&flow_hash_id=50","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64119","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"14","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088082,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61563 and port 443","epoch_begin":1589741864,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584132&flow_hash_id=14","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61563","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61566 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584900&flow_hash_id=21","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61566","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61569 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585668&flow_hash_id=27","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61569","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61570 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585924&flow_hash_id=28","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61570","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61598 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134549&flow_hash_id=68","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61598","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.34 KB | Client to Server Traffic: 972 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#ffc007","label":"50","value":50},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61572 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169586436&flow_hash_id=31","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61572","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59920 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169522265&flow_hash_id=49","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59920","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 92 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"21","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61606 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465136597&flow_hash_id=77","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61606","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.03 KB | Client to Server Traffic: 582 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#ffc007","label":"50","value":50},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61580 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169588484&flow_hash_id=40","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61580","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"23","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62869 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556324&flow_hash_id=16","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62869","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"24","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62359 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556834&flow_hash_id=22","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62359","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 101 Bytes | Client to Server Traffic: 85 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"25","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 55707 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557832&flow_hash_id=34","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55707","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a771.dscq.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 112 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"26","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61589 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169590788&flow_hash_id=59","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61589","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"27","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65309 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169525614&flow_hash_id=54","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65309","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"28","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61594 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169592068&flow_hash_id=64","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61594","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"29","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63777 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169526632&flow_hash_id=46","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63777","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 143 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"30","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52650 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169561660&flow_hash_id=29","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 96 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"31","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088082,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61739 and port 53","epoch_begin":1589741864,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529184&flow_hash_id=15","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61739","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 128 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"32","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61607 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595396&flow_hash_id=78","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61607","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"33","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61608 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595652&flow_hash_id=79","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61608","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"34","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53807 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169530177&flow_hash_id=25","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53807","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 175 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"35","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61609 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595908&flow_hash_id=80","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61609","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 522 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"36","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61610 and port 443","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169596164&flow_hash_id=81","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61610","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"37","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62012 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169533537&flow_hash_id=17","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62012","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 163 Bytes | Client to Server Traffic: 74 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"38","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088081,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51263 and port 53","epoch_begin":1589741865,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534263&flow_hash_id=47","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51263","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 139 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"39","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088082,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54593 and port 53","epoch_begin":1589741864,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534788&flow_hash_id=13","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54593","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 182 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"40","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 60368 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571418&flow_hash_id=98","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60368","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"41","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64080 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169538665&flow_hash_id=100","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64080","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 167 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"42","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61397 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169572702&flow_hash_id=92","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61397","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 184 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"43","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57066 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169578061&flow_hash_id=93","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57066","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"44","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 49907 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169580337&flow_hash_id=101","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"49907","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 177 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"45","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52734 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169583164&flow_hash_id=95","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52734","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 136 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"46","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52367 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169554747&flow_hash_id=90","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52367","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"47","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59283 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169555798&flow_hash_id=99","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59283","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a221.g.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 109 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"48","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58649 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524564&flow_hash_id=94","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58649","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 121 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"49","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51226 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524791&flow_hash_id=97","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51226","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"50","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54170 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557570&flow_hash_id=91","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54170","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 105 Bytes | Client to Server Traffic: 89 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"51","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63273 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169528678&flow_hash_id=96","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63273","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"52","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64299 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529194&flow_hash_id=89","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64299","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 97 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"53","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56374 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531979&flow_hash_id=102","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56374","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 176 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"54","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61619 and port 443","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598468&flow_hash_id=105","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61619","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"55","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61620 and port 443","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598724&flow_hash_id=106","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61620","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 517 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"56","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61621 and port 443","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598980&flow_hash_id=107","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61621","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"57","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61622 and port 443","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599236&flow_hash_id=108","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61622","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"58","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61623 and port 443","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599492&flow_hash_id=109","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61623","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"59","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61624 and port 443","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599748&flow_hash_id=110","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61624","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 526 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"60","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56898 and port 53","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169535053&flow_hash_id=88","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56898","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 94 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"61","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate Mismatch","value":"23"},"alert_name":" TLS Certificate Mismatch","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Mismatch [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 184.51.127.56 and port 61632 and port 443","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2027748492&flow_hash_id=118","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61632","srv_ip":{"blacklisted":"0","country":"IT","label":"184.51.127.56","label_long":"184.51.127.56","reference":"","value":"184.51.127.56"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 13/08/2019 02:00:00 - 12/08/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.15 KB | Client to Server Traffic: 576 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Mismatch [Score: 100]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"62","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088079,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61650 and port 443","epoch_begin":1589741867,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606404&flow_hash_id=132","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"63","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088079,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61651 and port 443","epoch_begin":1589741867,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606660&flow_hash_id=133","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61651","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"64","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088079,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61657 and port 443","epoch_begin":1589741867,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608196&flow_hash_id=139","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61657","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"65","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088079,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61664 and port 443","epoch_begin":1589741867,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609988&flow_hash_id=146","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61664","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"66","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088079,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61665 and port 443","epoch_begin":1589741867,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610244&flow_hash_id=147","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61665","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"67","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088079,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61667 and port 443","epoch_begin":1589741867,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610756&flow_hash_id=149","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61667","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"68","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61625 and port 443","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600004&flow_hash_id=111","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61625","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"69","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61627 and port 443","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600516&flow_hash_id=113","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61627","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"70","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61628 and port 443","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600772&flow_hash_id=114","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61628","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"71","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088080,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61629 and port 443","epoch_begin":1589741866,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169601028&flow_hash_id=115","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61629","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"72","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088078,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 50013 and port 53","epoch_begin":1589741868,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169541938&flow_hash_id=162","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"50013","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: media.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 178 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"73","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088078,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56544 and port 53","epoch_begin":1589741868,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575499&flow_hash_id=172","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56544","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: fbc.wcfbc.net ] [ Main Direction: Server Client | Server to Client Traffic: 89 Bytes | Client to Server Traffic: 73 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"74","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088078,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61672 and port 443","epoch_begin":1589741868,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612036&flow_hash_id=152","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"75","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088078,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61675 and port 443","epoch_begin":1589741868,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612804&flow_hash_id=155","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61675","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"76","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088078,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61676 and port 443","epoch_begin":1589741868,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613060&flow_hash_id=156","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61676","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"77","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088078,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61678 and port 443","epoch_begin":1589741868,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613572&flow_hash_id=158","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61678","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"78","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088078,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61682 and port 443","epoch_begin":1589741868,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169614596&flow_hash_id=163","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61682","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"79","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088078,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58163 and port 53","epoch_begin":1589741868,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531218&flow_hash_id=165","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58163","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: d.adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"80","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60088078,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63928 and port 53","epoch_begin":1589741868,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169565288&flow_hash_id=169","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63928","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"81","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60088079,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61660 and port 443","epoch_begin":1589741867,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608964&flow_hash_id=142","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61660","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"82","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60088079,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61663 and port 443","epoch_begin":1589741867,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609732&flow_hash_id=145","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61663","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"83","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60088077,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61691 and port 443","epoch_begin":1589741869,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169616900&flow_hash_id=177","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61691","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 512 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"84","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS not carrying HTTPS","value":"46"},"alert_name":" TLS not carrying HTTPS","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS not carrying HTTPS [Score: 10]"},"duration":60088078,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61685 and port 443","epoch_begin":1589741868,"epoch_end":1649829947},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044741801&flow_hash_id=167","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61685","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Client Server | Server to Client Traffic: 1.88 KB | Client to Server Traffic: 2.0 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS not carrying HTTPS [Score: 10]","fullname":"TLS not carrying HTTPS","name":"TLS not carrying HTTPS","value":46},"proto":{"label":"TCP","value":"6"},"row_id":"85","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_tls_not_carrying_https","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 85 records [58,254 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":1.4591217041016}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":85,"recordsTotal":85,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174017,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51409 and port 53","epoch_begin":1589741864,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571639&flow_hash_id=6","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"51409","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174017,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62064 and port 53","epoch_begin":1589741864,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546849&flow_hash_id=10","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"62064","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51784 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536569&flow_hash_id=52","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51784","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: partner.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 88 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57672 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536592&flow_hash_id=51","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 295 Bytes | Client to Server Traffic: 86 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64331 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169537386&flow_hash_id=18","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64331","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 230 Bytes | Client to Server Traffic: 72 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64210 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571945&flow_hash_id=53","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64210","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 98 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"6","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174017,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62168 and port 53","epoch_begin":1589741864,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169573473&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62168","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"7","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56927 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169542477&flow_hash_id=57","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56927","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 129 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54636 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169545796&flow_hash_id=48","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54636","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 186 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"9","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174017,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64109 and port 53","epoch_begin":1589741864,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546089&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64109","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"10","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53871 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546561&flow_hash_id=76","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53871","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"11","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52340 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169547835&flow_hash_id=24","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52340","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"12","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174017,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65014 and port 53","epoch_begin":1589741864,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169581164&flow_hash_id=7","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65014","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"13","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64119 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169548649&flow_hash_id=50","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64119","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"14","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174017,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61563 and port 443","epoch_begin":1589741864,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584132&flow_hash_id=14","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61563","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61566 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584900&flow_hash_id=21","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61566","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61569 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585668&flow_hash_id=27","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61569","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61570 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585924&flow_hash_id=28","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61570","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61598 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134549&flow_hash_id=68","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61598","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.34 KB | Client to Server Traffic: 972 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#ffc007","label":"50","value":50},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61572 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169586436&flow_hash_id=31","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61572","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59920 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169522265&flow_hash_id=49","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59920","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 92 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"21","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61606 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465136597&flow_hash_id=77","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61606","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.03 KB | Client to Server Traffic: 582 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#ffc007","label":"50","value":50},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61580 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169588484&flow_hash_id=40","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61580","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"23","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62869 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556324&flow_hash_id=16","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62869","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"24","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62359 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556834&flow_hash_id=22","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62359","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 101 Bytes | Client to Server Traffic: 85 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"25","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 55707 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557832&flow_hash_id=34","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55707","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a771.dscq.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 112 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"26","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61589 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169590788&flow_hash_id=59","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61589","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"27","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65309 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169525614&flow_hash_id=54","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65309","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"28","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61594 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169592068&flow_hash_id=64","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61594","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"29","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63777 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169526632&flow_hash_id=46","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63777","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 143 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"30","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52650 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169561660&flow_hash_id=29","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 96 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"31","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174017,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61739 and port 53","epoch_begin":1589741864,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529184&flow_hash_id=15","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61739","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 128 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"32","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61607 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595396&flow_hash_id=78","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61607","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"33","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61608 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595652&flow_hash_id=79","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61608","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"34","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53807 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169530177&flow_hash_id=25","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53807","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 175 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"35","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61609 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595908&flow_hash_id=80","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61609","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 522 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"36","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61610 and port 443","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169596164&flow_hash_id=81","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61610","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"37","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62012 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169533537&flow_hash_id=17","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62012","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 163 Bytes | Client to Server Traffic: 74 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"38","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51263 and port 53","epoch_begin":1589741865,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534263&flow_hash_id=47","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51263","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 139 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"39","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174017,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54593 and port 53","epoch_begin":1589741864,"epoch_end":1649915882},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534788&flow_hash_id=13","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54593","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 182 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"40","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 60368 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571418&flow_hash_id=98","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60368","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"41","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64080 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169538665&flow_hash_id=100","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64080","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 167 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"42","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61397 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169572702&flow_hash_id=92","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61397","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 184 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"43","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57066 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169578061&flow_hash_id=93","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57066","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"44","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 49907 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169580337&flow_hash_id=101","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"49907","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 177 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"45","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52734 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169583164&flow_hash_id=95","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52734","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 136 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"46","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52367 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169554747&flow_hash_id=90","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52367","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"47","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59283 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169555798&flow_hash_id=99","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59283","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a221.g.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 109 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"48","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58649 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524564&flow_hash_id=94","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58649","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 121 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"49","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51226 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524791&flow_hash_id=97","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51226","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"50","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54170 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557570&flow_hash_id=91","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54170","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 105 Bytes | Client to Server Traffic: 89 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"51","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63273 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169528678&flow_hash_id=96","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63273","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"52","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64299 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529194&flow_hash_id=89","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64299","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 97 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"53","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56374 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531979&flow_hash_id=102","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56374","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 176 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"54","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61619 and port 443","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598468&flow_hash_id=105","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61619","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"55","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61620 and port 443","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598724&flow_hash_id=106","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61620","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 517 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"56","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61621 and port 443","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598980&flow_hash_id=107","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61621","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"57","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61622 and port 443","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599236&flow_hash_id=108","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61622","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"58","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61623 and port 443","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599492&flow_hash_id=109","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61623","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"59","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61624 and port 443","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599748&flow_hash_id=110","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61624","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 526 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"60","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56898 and port 53","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169535053&flow_hash_id=88","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56898","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 94 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"61","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS Certificate Mismatch","value":"23"},"alert_name":" TLS Certificate Mismatch","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Mismatch [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 184.51.127.56 and port 61632 and port 443","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2027748492&flow_hash_id=118","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61632","srv_ip":{"blacklisted":"0","country":"IT","label":"184.51.127.56","label_long":"184.51.127.56","reference":"","value":"184.51.127.56"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 13/08/2019 02:00:00 - 12/08/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.15 KB | Client to Server Traffic: 576 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Mismatch [Score: 100]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"62","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174015,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61650 and port 443","epoch_begin":1589741867,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606404&flow_hash_id=132","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"63","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174015,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61651 and port 443","epoch_begin":1589741867,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606660&flow_hash_id=133","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61651","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"64","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174015,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61657 and port 443","epoch_begin":1589741867,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608196&flow_hash_id=139","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61657","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"65","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174015,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61664 and port 443","epoch_begin":1589741867,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609988&flow_hash_id=146","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61664","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"66","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174015,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61665 and port 443","epoch_begin":1589741867,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610244&flow_hash_id=147","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61665","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"67","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174015,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61667 and port 443","epoch_begin":1589741867,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610756&flow_hash_id=149","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61667","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"68","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61625 and port 443","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600004&flow_hash_id=111","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61625","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"69","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61627 and port 443","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600516&flow_hash_id=113","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61627","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"70","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61628 and port 443","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600772&flow_hash_id=114","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61628","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"71","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174016,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61629 and port 443","epoch_begin":1589741866,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169601028&flow_hash_id=115","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61629","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"72","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174014,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 50013 and port 53","epoch_begin":1589741868,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169541938&flow_hash_id=162","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"50013","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: media.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 178 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"73","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174014,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56544 and port 53","epoch_begin":1589741868,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575499&flow_hash_id=172","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56544","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: fbc.wcfbc.net ] [ Main Direction: Server Client | Server to Client Traffic: 89 Bytes | Client to Server Traffic: 73 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"74","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174014,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61672 and port 443","epoch_begin":1589741868,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612036&flow_hash_id=152","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"75","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174014,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61675 and port 443","epoch_begin":1589741868,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612804&flow_hash_id=155","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61675","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"76","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174014,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61676 and port 443","epoch_begin":1589741868,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613060&flow_hash_id=156","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61676","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"77","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174014,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61678 and port 443","epoch_begin":1589741868,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613572&flow_hash_id=158","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61678","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"78","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174014,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61682 and port 443","epoch_begin":1589741868,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169614596&flow_hash_id=163","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61682","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"79","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174014,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58163 and port 53","epoch_begin":1589741868,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531218&flow_hash_id=165","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58163","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: d.adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"80","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60174014,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63928 and port 53","epoch_begin":1589741868,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169565288&flow_hash_id=169","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63928","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"81","score":{"color":"#ff3231","label":"100","value":100},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60174015,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61660 and port 443","epoch_begin":1589741867,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608964&flow_hash_id=142","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61660","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"82","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60174015,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61663 and port 443","epoch_begin":1589741867,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609732&flow_hash_id=145","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61663","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"83","score":{"color":"#ff3231","label":"100","value":100},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60174013,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61691 and port 443","epoch_begin":1589741869,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169616900&flow_hash_id=177","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61691","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 512 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"84","score":{"color":"#ff3231","label":"200","value":200},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"192.168.1.0/24","value":"0"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" TLS not carrying HTTPS","value":"46"},"alert_name":" TLS not carrying HTTPS","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"192.168.1.0/24","value":"0"},"count":1,"description":{"descr":"TLS not carrying HTTPS [Score: 10]"},"duration":60174014,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61685 and port 443","epoch_begin":1589741868,"epoch_end":1649915883},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044741801&flow_hash_id=167","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61685","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Client Server | Server to Client Traffic: 1.88 KB | Client to Server Traffic: 2.0 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS not carrying HTTPS [Score: 10]","fullname":"TLS not carrying HTTPS","name":"TLS not carrying HTTPS","value":46},"proto":{"label":"TCP","value":"6"},"row_id":"85","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_tls_not_carrying_https","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 85 records [63,482 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":1.3389587402344}}} diff --git a/tests/e2e/rest/result/v2/alert_flow_invalid_dns_query_02.out b/tests/e2e/rest/result/v2/alert_flow_invalid_dns_query_02.out index 7828f47963..d942f8a0ff 100644 --- a/tests/e2e/rest/result/v2/alert_flow_invalid_dns_query_02.out +++ b/tests/e2e/rest/result/v2/alert_flow_invalid_dns_query_02.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Error Code Detected [Score: 10]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100]"},"duration":36341169,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 9.9.9.9 and port 59610 and port 53","epoch_begin":1613488852,"epoch_end":1649830022},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"blacklisted":"0","country":"CH","label":"9.9.9.9","label_long":"9.9.9.9","reference":"","value":"9.9.9.9"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NXDOMAIN ] [ URL: adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it ] [ Main Direction: Server Client | Server to Client Traffic: 357 Bytes | Client to Server Traffic: 297 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"120","value":120},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"16/02/2021 17:20:52","value":1613488852},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 1 records [4,544 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.22006034851074}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Error Code Detected [Score: 10]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 9.9.9.9 [Score: 100]"},"duration":36427105,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 9.9.9.9 and port 59610 and port 53","epoch_begin":1613488852,"epoch_end":1649915958},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3383892960&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"","value":"192.168.2.222"},"cli_port":"59610","srv_ip":{"blacklisted":"0","country":"CH","label":"9.9.9.9","label_long":"9.9.9.9","reference":"","value":"9.9.9.9"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NXDOMAIN ] [ URL: adsf.adsfadfasdfasdfadsfadsf.adfasdfasdfadsf.adsfadfasdfasdfadsfaasdf.google.it ] [ Main Direction: Server Client | Server to Client Traffic: 357 Bytes | Client to Server Traffic: 297 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 9.9.9.9 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"120","value":120},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"16/02/2021 17:20:52","value":1613488852},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 1 records [4,064 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.24604797363281}}} diff --git a/tests/e2e/rest/result/v2/alert_flow_risk_dga_01.out b/tests/e2e/rest/result/v2/alert_flow_risk_dga_01.out index af68db9dae..48b310e28d 100644 --- a/tests/e2e/rest/result/v2/alert_flow_risk_dga_01.out +++ b/tests/e2e/rest/result/v2/alert_flow_risk_dga_01.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163817547,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649830171},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163817440,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649830171},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163817535,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649830171},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 3 records [11,449 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.26202201843262}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163903482,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649916106},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163903375,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649916106},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163903470,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649916106},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 3 records [11,275 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.26607513427734}}} diff --git a/tests/e2e/rest/result/v2/alert_flow_risk_dga_02.out b/tests/e2e/rest/result/v2/alert_flow_risk_dga_02.out index eb43470faa..5196ec1140 100644 --- a/tests/e2e/rest/result/v2/alert_flow_risk_dga_02.out +++ b/tests/e2e/rest/result/v2/alert_flow_risk_dga_02.out @@ -1,3 +1,3 @@ {"success":true} {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163817627,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649830251},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163817520,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649830251},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163817615,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649830251},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 3 records [12,397 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.24199485778809}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":3,"recordsTotal":3,"rsp":{"records":[{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]"},"duration":163903558,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 35966 and port 53","epoch_begin":1486012623,"epoch_end":1649916182},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299533052&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"35966","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: 958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 294 Bytes | Client to Server Traffic: 361 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain 958700a621c3620001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:03","value":1486012623},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]"},"duration":163903451,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 46961 and port 53","epoch_begin":1486012730,"epoch_end":1649916182},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299529767&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"46961","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: MX ] [ Return Code: NOERROR ] [ URL: a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org ] [ Main Direction: Server Client | Server to Client Traffic: 298 Bytes | Client to Server Traffic: 228 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain a05700e6da83510001636f6e736f6c65… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:18:50","value":1486012730},"vlan_id":"0"},{"additional_alerts":{"descr":"Unexpected DNS server found [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]"},"duration":163903546,"family":"flow","filter":{"bpf":"host 192.168.43.91 and host 4.2.2.4 and port 56354 and port 53","epoch_begin":1486012635,"epoch_end":1649916182},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3299509580&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.43.91","label_long":"192.168.43.91","reference":"","value":"192.168.43.91"},"cli_port":"56354","srv_ip":{"blacklisted":"0","country":"US","label":"4.2.2.4","label_long":"4.2.2.4","reference":"","value":"4.2.2.4"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: CNAME ] [ Return Code: NOERROR ] [ URL: e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org ] [ Main Direction: Client Server | Server to Client Traffic: 42.27 KB | Client to Server Traffic: 50.38 KB ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain e18f00fdf525320021636f6d6d616e64… [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#ff3231","label":"210","value":210},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"02/02/2017 07:17:15","value":1486012635},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 3 records [11,629 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.25796890258789}}} diff --git a/tests/e2e/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out b/tests/e2e/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out index 621fc7b0c4..6fcdaaefcf 100644 --- a/tests/e2e/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out +++ b/tests/e2e/rest/result/v2/alert_flow_risk_http_numeric_ip_host.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":22,"recordsTotal":22,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150483391,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52098 and port 80","epoch_begin":1499346935,"epoch_end":1649830327},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824054532&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52098","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: Not Found ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 13.12 KB | Client to Server Traffic: 2.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:15:35","value":1499346935},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150483370,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52200 and port 80","epoch_begin":1499346956,"epoch_end":1649830327},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080644&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52200","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 11.94 KB | Client to Server Traffic: 2.09 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:15:56","value":1499346956},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150483350,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52298 and port 80","epoch_begin":1499346976,"epoch_end":1649830327},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040197&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52298","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: Not Found ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 13.12 KB | Client to Server Traffic: 3.05 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150483350,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52300 and port 80","epoch_begin":1499346976,"epoch_end":1649830327},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040709&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52300","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/dvwa/js/dvwaPage.js ] [ Main Direction: Server Client | Server to Client Traffic: 6.22 KB | Client to Server Traffic: 1.14 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482971,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56306 and port 80","epoch_begin":1499347355,"epoch_end":1649830327},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824083220&flow_hash_id=226","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"56306","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 7.57 KB | Client to Server Traffic: 2.54 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:22:35","value":1499347355},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482260,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 35626 and port 80","epoch_begin":1499348068,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824031940&flow_hash_id=642","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"35626","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 79.32 KB | Client to Server Traffic: 26.1 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:34:28","value":1499348068},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482456,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 33580 and port 80","epoch_begin":1499347872,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824032444&flow_hash_id=531","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"33580","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.38 KB | Client to Server Traffic: 60.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:31:12","value":1499347872},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150483100,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54956 and port 80","epoch_begin":1499347228,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065295&flow_hash_id=151","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"54956","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.06 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"8","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:20:28","value":1499347228},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150483295,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52910 and port 80","epoch_begin":1499347033,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065799&flow_hash_id=40","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52910","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:17:13","value":1499347033},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482585,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 60464 and port 80","epoch_begin":1499347743,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824033573&flow_hash_id=457","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"60464","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.13 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:29:03","value":1499347743},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150483231,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 53584 and port 80","epoch_begin":1499347097,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041738&flow_hash_id=77","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"53584","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.19 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"11","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:18:17","value":1499347097},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150483037,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 55632 and port 80","epoch_begin":1499347291,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041746&flow_hash_id=189","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"55632","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"12","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:21:31","value":1499347291},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482844,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 57684 and port 80","epoch_begin":1499347484,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042778&flow_hash_id=303","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"57684","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.12 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"13","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:24:44","value":1499347484},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482653,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59732 and port 80","epoch_begin":1499347675,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042786&flow_hash_id=418","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"59732","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.03 KB | Client to Server Traffic: 60.84 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"14","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:27:55","value":1499347675},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150483352,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52318 and port 80","epoch_begin":1499346976,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824045317&flow_hash_id=10","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52318","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/favicon.ico ] [ Main Direction: Server Client | Server to Client Traffic: 2.0 KB | Client to Server Traffic: 696 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482389,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34278 and port 80","epoch_begin":1499347939,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080062&flow_hash_id=568","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"34278","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.12 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:32:19","value":1499347939},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482781,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 58360 and port 80","epoch_begin":1499347547,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824084764&flow_hash_id=341","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"58360","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.38 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:25:47","value":1499347547},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482326,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34940 and port 80","epoch_begin":1499348002,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824052929&flow_hash_id=605","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"34940","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.04 KB | Client to Server Traffic: 60.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:33:22","value":1499348002},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150483165,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54268 and port 80","epoch_begin":1499347163,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824085772&flow_hash_id=113","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"54268","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.14 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:19:23","value":1499347163},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482521,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 32906 and port 80","epoch_begin":1499347807,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824056505&flow_hash_id=494","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"32906","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:30:07","value":1499347807},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482909,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56994 and port 80","epoch_begin":1499347419,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062743&flow_hash_id=264","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"56994","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"21","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:23:39","value":1499347419},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150482717,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59042 and port 80","epoch_begin":1499347611,"epoch_end":1649830329},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062751&flow_hash_id=379","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"59042","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.19 KB | Client to Server Traffic: 61.44 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:26:51","value":1499347611},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 22 records [40,365 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.54502487182617}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":22,"recordsTotal":22,"rsp":{"records":[{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150569320,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52098 and port 80","epoch_begin":1499346935,"epoch_end":1649916256},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824054532&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52098","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: Not Found ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 13.12 KB | Client to Server Traffic: 2.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:15:35","value":1499346935},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150569299,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52200 and port 80","epoch_begin":1499346956,"epoch_end":1649916256},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080644&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52200","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 11.94 KB | Client to Server Traffic: 2.09 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:15:56","value":1499346956},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150569279,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52298 and port 80","epoch_begin":1499346976,"epoch_end":1649916256},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040197&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52298","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: Not Found ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 13.12 KB | Client to Server Traffic: 3.05 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150569279,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52300 and port 80","epoch_begin":1499346976,"epoch_end":1649916256},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824040709&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52300","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/dvwa/js/dvwaPage.js ] [ Main Direction: Server Client | Server to Client Traffic: 6.22 KB | Client to Server Traffic: 1.14 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568901,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56306 and port 80","epoch_begin":1499347355,"epoch_end":1649916257},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824083220&flow_hash_id=226","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"56306","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 7.57 KB | Client to Server Traffic: 2.54 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:22:35","value":1499347355},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568190,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 35626 and port 80","epoch_begin":1499348068,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824031940&flow_hash_id=642","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"35626","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27KGE8ES9SCQ7FORY5VSPTYY4R4UHJNRQTPTAY6L9JR1OU40RPDA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 79.32 KB | Client to Server Traffic: 26.1 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:34:28","value":1499348068},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568386,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 33580 and port 80","epoch_begin":1499347872,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824032444&flow_hash_id=531","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"33580","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.38 KB | Client to Server Traffic: 60.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:31:12","value":1499347872},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150569030,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54956 and port 80","epoch_begin":1499347228,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065295&flow_hash_id=151","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"54956","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.06 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"8","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:20:28","value":1499347228},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150569225,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52910 and port 80","epoch_begin":1499347033,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824065799&flow_hash_id=40","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52910","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AQ80NQUS4TAQLQVWHMAGXB11KUBK34NZA8RUUD143IFKQDS3P5%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:17:13","value":1499347033},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568515,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 60464 and port 80","epoch_begin":1499347743,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824033573&flow_hash_id=457","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"60464","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.13 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:29:03","value":1499347743},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150569161,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 53584 and port 80","epoch_begin":1499347097,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041738&flow_hash_id=77","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"53584","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.19 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"11","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:18:17","value":1499347097},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568967,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 55632 and port 80","epoch_begin":1499347291,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824041746&flow_hash_id=189","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"55632","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27JUL2D3WXHEGWRAFJE2PI7OS71Z4Z8RFUHXGNFLUFYVP6M3OL55%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"12","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:21:31","value":1499347291},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568774,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 57684 and port 80","epoch_begin":1499347484,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042778&flow_hash_id=303","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"57684","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.12 KB | Client to Server Traffic: 60.86 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"13","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:24:44","value":1499347484},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568583,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59732 and port 80","epoch_begin":1499347675,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824042786&flow_hash_id=418","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"59732","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27SZGGJRXX6DR9VWKN864H8LTBEZ6QC3GJPC8TUUNAED3BBL4L8P%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.03 KB | Client to Server Traffic: 60.84 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"14","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:27:55","value":1499347675},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150569282,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 52318 and port 80","epoch_begin":1499346976,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824045317&flow_hash_id=10","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"52318","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/favicon.ico ] [ Main Direction: Server Client | Server to Client Traffic: 2.0 KB | Client to Server Traffic: 696 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:16:16","value":1499346976},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568319,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34278 and port 80","epoch_begin":1499347939,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824080062&flow_hash_id=568","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"34278","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27TNRH0PFRPCFVXECFZU2OUYBTDZQVIWB8HBZ1VC7EXA9PGMGBWA%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.16 KB | Client to Server Traffic: 61.12 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:32:19","value":1499347939},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568711,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 58360 and port 80","epoch_begin":1499347547,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824084764&flow_hash_id=341","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"58360","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27MRVS1VO9FLO4CFA5FLJ13I9GULOFH69WHOJQ0PH0OKE2FMG3MQ%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.38 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:25:47","value":1499347547},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568256,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 34940 and port 80","epoch_begin":1499348002,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824052929&flow_hash_id=605","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"34940","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.04 KB | Client to Server Traffic: 60.92 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"18","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:33:22","value":1499348002},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150569095,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 54268 and port 80","epoch_begin":1499347163,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824085772&flow_hash_id=113","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"54268","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%270XVM4C1CNSWY8VF443GGZ6W527WBY4H29E2XQNGG2QUPQEKW0U%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.14 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"19","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:19:23","value":1499347163},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568451,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 32906 and port 80","epoch_begin":1499347807,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824056505&flow_hash_id=494","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"32906","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27UQE70NGV80W4ZBVWQELDMRMBY9BF6W552ZBHL3F4W4MIP7R7K6%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:30:07","value":1499347807},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568839,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 56994 and port 80","epoch_begin":1499347419,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062743&flow_hash_id=264","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"56994","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/?name=%3Cscript%3Econsole.log%28%27AA0U7VCIO18AUKPZNB0ZXFCDF9PVHM0BRGOWM22EICNEPXK5UC%27%29%3Bconsole.log%28document.cookie%29%3B%3C%2Fscript%3E ] [ Main Direction: Server Client | Server to Client Traffic: 186.17 KB | Client to Server Traffic: 61.06 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"21","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:23:39","value":1499347419},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" HTTP Numeric IP Host","value":"43"},"alert_name":" HTTP Numeric IP Host","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"172.16.0.0/24","value":"0"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"HTTP Numeric IP Host [Score: 10]"},"duration":150568647,"family":"flow","filter":{"bpf":"host 172.16.0.1 and host 192.168.10.50 and port 59042 and port 80","epoch_begin":1499347611,"epoch_end":1649916259},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1824062751&flow_hash_id=379","cli_ip":{"blacklisted":"0","country":"","label":"172.16.0.1","label_long":"172.16.0.1","reference":"","value":"172.16.0.1"},"cli_port":"59042","srv_ip":{"blacklisted":"0","country":"","label":"192.168.10.50","label_long":"192.168.10.50","reference":"","value":"192.168.10.50"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 ] [ URL: 205.174.165.68/dv/vulnerabilities/xss_r/ ] [ Main Direction: Server Client | Server to Client Traffic: 186.19 KB | Client to Server Traffic: 61.44 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"HTTP Numeric IP Host [Score: 10]","fullname":"HTTP Numeric IP Host","name":"HTTP Numeric IP Host","value":43},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"ndpi_http_numeric_ip_host","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"srv_role":{"label":"Is Victim","tag_label":"Is Victim","value":"victim"},"tstamp":{"highlight":"#5cd65c","label":"06/07/2017 15:26:51","value":1499347611},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 22 records [39,722 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.55384635925293}}} diff --git a/tests/e2e/rest/result/v2/alert_flow_risk_missing_tls_sni.out b/tests/e2e/rest/result/v2/alert_flow_risk_missing_tls_sni.out index 1b9889bac6..57d17e2fbf 100644 --- a/tests/e2e/rest/result/v2/alert_flow_risk_missing_tls_sni.out +++ b/tests/e2e/rest/result/v2/alert_flow_risk_missing_tls_sni.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
TLS not carrying HTTPS [Score: 10]"},"alert_id":{"label":" Missing TLS SNI","value":"54"},"alert_name":" Missing TLS SNI","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Missing TLS SNI [Score: 50]"},"duration":92011561,"family":"flow","filter":{"bpf":"host 10.206.131.18 and host 10.206.65.249 and port 58657 and port 443","epoch_begin":1557818846,"epoch_end":1649830408},"flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"10.206.131.18","label_long":"10.206.131.18","reference":"","value":"10.206.131.18"},"cli_port":"58657","srv_ip":{"blacklisted":"0","country":"","label":"10.206.65.249","label_long":"10.206.65.249","reference":"","value":"10.206.65.249"},"srv_port":"443","vlan":{"label":"258","title":"258","value":258}},"flow_related_info":{"descr":" [ TLS Certificate Validity: 29/11/2018 20:57:22 - 29/11/2023 20:57:22 ] [ Cipher State: safe ] [ Main Direction: Server Client | Server to Client Traffic: 3.89 KB | Client to Server Traffic: 1.12 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Missing TLS SNI [Score: 50]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"14/05/2019 09:27:26","value":1557818846},"vlan_id":"258"}],"stats":{"num_records_processed":"Processed 1 records [4,203 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.23794174194336}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
TLS not carrying HTTPS [Score: 10]"},"alert_id":{"label":" Missing TLS SNI","value":"54"},"alert_name":" Missing TLS SNI","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Missing TLS SNI [Score: 50]"},"duration":92097488,"family":"flow","filter":{"bpf":"host 10.206.131.18 and host 10.206.65.249 and port 58657 and port 443","epoch_begin":1557818846,"epoch_end":1649916335},"flow":{"active_url":"/lua/flow_details.lua?flow_key=362652409&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"10.206.131.18","label_long":"10.206.131.18","reference":"","value":"10.206.131.18"},"cli_port":"58657","srv_ip":{"blacklisted":"0","country":"","label":"10.206.65.249","label_long":"10.206.65.249","reference":"","value":"10.206.65.249"},"srv_port":"443","vlan":{"label":"258","title":"258","value":258}},"flow_related_info":{"descr":" [ TLS Certificate Validity: 29/11/2018 20:57:22 - 29/11/2023 20:57:22 ] [ Cipher State: safe ] [ Main Direction: Server Client | Server to Client Traffic: 3.89 KB | Client to Server Traffic: 1.12 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Missing TLS SNI [Score: 50]","fullname":"Missing TLS SNI","name":"Missing TLS SNI","value":54},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"ndpi_tls_missing_sni","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"09:27:26","value":1557818846},"vlan_id":"258"}],"stats":{"num_records_processed":"Processed 1 records [3,484 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.28705596923828}}} diff --git a/tests/e2e/rest/result/v2/alert_flow_risk_unsafe_protocol.out b/tests/e2e/rest/result/v2/alert_flow_risk_unsafe_protocol.out index ee35e8539d..69ea812e24 100644 --- a/tests/e2e/rest/result/v2/alert_flow_risk_unsafe_protocol.out +++ b/tests/e2e/rest/result/v2/alert_flow_risk_unsafe_protocol.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":10,"recordsTotal":10,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate About To Expire [Score: 50]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266008815,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51110 and port 443","epoch_begin":1383821665,"epoch_end":1649830481},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473481660&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51110","srv_ip":{"blacklisted":"0","country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"","value":"91.143.93.242"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/10/2013 02:00:00 - 19/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.ct7ctrgb6cr7.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 2.63 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"160","value":160},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:25","value":1383821665},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.e6r5p57kbafwrxj3plz.com [Score: 100]"},"duration":266008814,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 46.59.52.31 and port 51111 and port 443","epoch_begin":1383821666,"epoch_end":1649830481},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4007958761&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51111","srv_ip":{"blacklisted":"0","country":"SE","label":"www.e6r5p57kbafwrxj3plz.…","label_long":"www.e6r5p57kbafwrxj3plz.com","name":"www.e6r5p57kbafwrxj3plz.com","reference":"","value":"46.59.52.31"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/06/2013 02:00:00 - 07/02/2014 02:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.e6r5p57kbafwrxj3plz.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 2.63 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.e6r5p57kbafwrxj3plz.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:26","value":1383821666},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.q4cyamnc6mtokjurvdclt.com [Score: 100]"},"duration":266008812,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51112 and port 443","epoch_begin":1383821668,"epoch_end":1649830481},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884887039&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51112","srv_ip":{"blacklisted":"0","country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"","value":"38.229.70.53"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/09/2013 02:00:00 - 22/02/2014 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.q4cyamnc6mtokjurvdclt.com ] [ Main Direction: Server Client | Server to Client Traffic: 1.19 KB | Client to Server Traffic: 784 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.q4cyamnc6mtokjurvdclt.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:28","value":1383821668},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266008807,"family":"flow","filter":{"bpf":"host 192.168.1.1 and host 192.168.1.255 and port 17500 and port 17500","epoch_begin":1383821673,"epoch_end":1649830481},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169551769&flow_hash_id=3","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"cli_port":"17500","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"","value":"192.168.1.255"},"srv_port":"17500"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 186 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"Dropbox","label":"UDP:Dropbox","value":"121"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:54:33","value":1383821673},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266008787,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 192.168.1.255 and port 138 and port 138","epoch_begin":1383821693,"epoch_end":1649830481},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575436&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"138","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"","value":"192.168.1.255"},"srv_port":"138"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 252 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"NetBIOS.SMBv1","label":"UDP:NetBIOS.SMBv1","value":"16"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:54:53","value":1383821693},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
TLS Certificate About To Expire [Score: 50]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.gfu7hbxpfp.com [Score: 100]"},"duration":266008351,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51175 and port 443","epoch_begin":1383822129,"epoch_end":1649830481},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473498300&flow_hash_id=7","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51175","srv_ip":{"blacklisted":"0","country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"","value":"91.143.93.242"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/10/2013 02:00:00 - 19/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.gfu7hbxpfp.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.73 KB | Client to Server Traffic: 3.25 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.gfu7hbxpfp.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ff3231","label":"280","value":280},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate About To Expire [Score: 50]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266008351,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 212.83.155.250 and port 51174 and port 443","epoch_begin":1383822129,"epoch_end":1649830481},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2499624900&flow_hash_id=6","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51174","srv_ip":{"blacklisted":"0","country":"FR","label":"www.t3i3ru.com","label_long":"www.t3i3ru.com","name":"www.t3i3ru.com","reference":"","value":"212.83.155.250"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 11/09/2013 02:00:00 - 25/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.t3i3ru.com ] [ Main Direction: Server Client | Server to Client Traffic: 5.85 KB | Client to Server Traffic: 3.43 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#ff3231","label":"160","value":160},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266008350,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51176 and port 443","epoch_begin":1383822130,"epoch_end":1649830481},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884903423&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51176","srv_ip":{"blacklisted":"0","country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"","value":"38.229.70.53"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/09/2013 02:00:00 - 22/02/2014 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.jmts2id.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.59 KB | Client to Server Traffic: 2.69 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"8","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:10","value":1383822130},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266008290,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 62.210.137.230 and port 51185 and port 443","epoch_begin":1383822190,"epoch_end":1649830481},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4286331056&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51185","srv_ip":{"blacklisted":"0","country":"FR","label":"www.6gyip7tqim7sieb.com","label_long":"www.6gyip7tqim7sieb.com","name":"www.6gyip7tqim7sieb.com","reference":"","value":"62.210.137.230"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 02/11/2013 02:00:00 - 17/02/2014 02:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.6gyip7tqim7sieb.com ] [ Main Direction: Server Client | Server to Client Traffic: 5.21 KB | Client to Server Traffic: 3.31 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:03:10","value":1383822190},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266008746,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 157.56.30.46 and port 51104 and port 443","epoch_begin":1383821734,"epoch_end":1649830481},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1575058424&flow_hash_id=5","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51104","srv_ip":{"blacklisted":"0","country":"US","label":"157.56.30.46","label_long":"157.56.30.46","reference":"","value":"157.56.30.46"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 60 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Azure","label":"TCP:TLS.Azure","value":"276"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:55:34","value":1383821734},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 10 records [28,827 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.34689903259277}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":10,"recordsTotal":10,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate About To Expire [Score: 50]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266094745,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51110 and port 443","epoch_begin":1383821665,"epoch_end":1649916411},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473481660&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51110","srv_ip":{"blacklisted":"0","country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"","value":"91.143.93.242"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/10/2013 02:00:00 - 19/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.ct7ctrgb6cr7.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 2.63 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"160","value":160},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:25","value":1383821665},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.e6r5p57kbafwrxj3plz.com [Score: 100]"},"duration":266094744,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 46.59.52.31 and port 51111 and port 443","epoch_begin":1383821666,"epoch_end":1649916411},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4007958761&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51111","srv_ip":{"blacklisted":"0","country":"SE","label":"www.e6r5p57kbafwrxj3plz.…","label_long":"www.e6r5p57kbafwrxj3plz.com","name":"www.e6r5p57kbafwrxj3plz.com","reference":"","value":"46.59.52.31"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/06/2013 02:00:00 - 07/02/2014 02:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.e6r5p57kbafwrxj3plz.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 2.63 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.e6r5p57kbafwrxj3plz.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:26","value":1383821666},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.q4cyamnc6mtokjurvdclt.com [Score: 100]"},"duration":266094742,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51112 and port 443","epoch_begin":1383821668,"epoch_end":1649916411},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884887039&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51112","srv_ip":{"blacklisted":"0","country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"","value":"38.229.70.53"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/09/2013 02:00:00 - 22/02/2014 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.q4cyamnc6mtokjurvdclt.com ] [ Main Direction: Server Client | Server to Client Traffic: 1.19 KB | Client to Server Traffic: 784 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.q4cyamnc6mtokjurvdclt.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ff3231","label":"230","value":230},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 12:54:28","value":1383821668},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266094737,"family":"flow","filter":{"bpf":"host 192.168.1.1 and host 192.168.1.255 and port 17500 and port 17500","epoch_begin":1383821673,"epoch_end":1649916411},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169551769&flow_hash_id=3","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"cli_port":"17500","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"","value":"192.168.1.255"},"srv_port":"17500"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 186 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"Dropbox","label":"UDP:Dropbox","value":"121"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:54:33","value":1383821673},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266094717,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 192.168.1.255 and port 138 and port 138","epoch_begin":1383821693,"epoch_end":1649916411},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575436&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"138","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.255","label_long":"192.168.1.255","reference":"","value":"192.168.1.255"},"srv_port":"138"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 252 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"NetBIOS.SMBv1","label":"UDP:NetBIOS.SMBv1","value":"16"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:54:53","value":1383821693},"vlan_id":"0"},{"additional_alerts":{"descr":"Obsolete TLS Version [Score: 100]
TLS Certificate About To Expire [Score: 50]
Remote Access [Score: 10]
Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Suspicious DGA Domain","value":"47"},"alert_name":" Suspicious DGA Domain","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Suspicious DGA Domain www.gfu7hbxpfp.com [Score: 100]"},"duration":266094282,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 91.143.93.242 and port 51175 and port 443","epoch_begin":1383822129,"epoch_end":1649916412},"flow":{"active_url":"/lua/flow_details.lua?flow_key=473498300&flow_hash_id=7","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51175","srv_ip":{"blacklisted":"0","country":"DE","label":"www.ct7ctrgb6cr7.com","label_long":"www.ct7ctrgb6cr7.com","name":"www.ct7ctrgb6cr7.com","reference":"","value":"91.143.93.242"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/10/2013 02:00:00 - 19/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.gfu7hbxpfp.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.73 KB | Client to Server Traffic: 3.25 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Tor","label":"TCP:TLS.Tor","value":"163"},"msg":{"configset_ref":" ","description":"Suspicious DGA Domain www.gfu7hbxpfp.com [Score: 100]","fullname":"Suspicious DGA Domain","name":"Suspicious DGA Domain","value":47},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ff3231","label":"280","value":280},"script_key":"ndpi_suspicious_dga_domain","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate About To Expire [Score: 50]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266094282,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 212.83.155.250 and port 51174 and port 443","epoch_begin":1383822129,"epoch_end":1649916412},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2499624900&flow_hash_id=6","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51174","srv_ip":{"blacklisted":"0","country":"FR","label":"www.t3i3ru.com","label_long":"www.t3i3ru.com","name":"www.t3i3ru.com","reference":"","value":"212.83.155.250"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 11/09/2013 02:00:00 - 25/11/2013 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.t3i3ru.com ] [ Main Direction: Server Client | Server to Client Traffic: 5.85 KB | Client to Server Traffic: 3.43 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"7","score":{"color":"#ff3231","label":"160","value":160},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:09","value":1383822129},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266094281,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 38.229.70.53 and port 51176 and port 443","epoch_begin":1383822130,"epoch_end":1649916412},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3884903423&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51176","srv_ip":{"blacklisted":"0","country":"US","label":"www.q4cyamnc6mtokjurvdcl…","label_long":"www.q4cyamnc6mtokjurvdclt.com","name":"www.q4cyamnc6mtokjurvdclt.com","reference":"","value":"38.229.70.53"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/09/2013 02:00:00 - 22/02/2014 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: www.jmts2id.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.59 KB | Client to Server Traffic: 2.69 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"8","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:02:10","value":1383822130},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":266094221,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 62.210.137.230 and port 51185 and port 443","epoch_begin":1383822190,"epoch_end":1649916412},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4286331056&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51185","srv_ip":{"blacklisted":"0","country":"FR","label":"www.6gyip7tqim7sieb.com","label_long":"www.6gyip7tqim7sieb.com","name":"www.6gyip7tqim7sieb.com","reference":"","value":"62.210.137.230"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 02/11/2013 02:00:00 - 17/02/2014 02:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.6gyip7tqim7sieb.com ] [ Main Direction: Server Client | Server to Client Traffic: 5.21 KB | Client to Server Traffic: 3.31 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/11/2013 13:03:10","value":1383822190},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":266094677,"family":"flow","filter":{"bpf":"host 192.168.1.252 and host 157.56.30.46 and port 51104 and port 443","epoch_begin":1383821734,"epoch_end":1649916412},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1575058424&flow_hash_id=5","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.252","label_long":"192.168.1.252","reference":"","value":"192.168.1.252"},"cli_port":"51104","srv_ip":{"blacklisted":"0","country":"US","label":"157.56.30.46","label_long":"157.56.30.46","reference":"","value":"157.56.30.46"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 60 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Azure","label":"TCP:TLS.Azure","value":"276"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"07/11/2013 12:55:34","value":1383821734},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 10 records [24,329 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.41103363037109}}} diff --git a/tests/e2e/rest/result/v2/alert_tls_cert_validity_too_long.out b/tests/e2e/rest/result/v2/alert_tls_cert_validity_too_long.out index 350961a86a..eb54d06df5 100644 --- a/tests/e2e/rest/result/v2/alert_tls_cert_validity_too_long.out +++ b/tests/e2e/rest/result/v2/alert_tls_cert_validity_too_long.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Too Long TLS Certificate Validity","value":"60"},"alert_name":" Too Long TLS Certificate Validity","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Too Long TLS Certificate Validity [Score: 50]"},"duration":27129125,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 20.86.186.134 and port 40124 and port 443","epoch_begin":1622701860,"epoch_end":1649830986},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3573560583&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"","value":"192.168.2.222"},"cli_port":"40124","srv_ip":{"blacklisted":"0","country":"NL","label":"wdcp.microsoft.com","label_long":"wdcp.microsoft.com","name":"wdcp.microsoft.com","reference":"","value":"20.86.186.134"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/12/2020 21:38:28 - 10/03/2022 21:38:28 ] [ Cipher State: safe ] [ Requested Server Name: wdcp.microsoft.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.74 KB | Client to Server Traffic: 1.13 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Microsoft","label":"TCP:TLS.Microsoft","value":"212"},"msg":{"configset_ref":" ","description":"Too Long TLS Certificate Validity [Score: 50]","fullname":"Too Long TLS Certificate Validity","name":"Too Long TLS Certificate Validity","value":60},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_cert_validity_too_long","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"03/06/2021 08:31:00","value":1622701860},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 1 records [4,739 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.21100044250488}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Too Long TLS Certificate Validity","value":"60"},"alert_name":" Too Long TLS Certificate Validity","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Too Long TLS Certificate Validity [Score: 50]"},"duration":27215055,"family":"flow","filter":{"bpf":"host 192.168.2.222 and host 20.86.186.134 and port 40124 and port 443","epoch_begin":1622701860,"epoch_end":1649916916},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3573560583&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.2.222","label_long":"192.168.2.222","reference":"","value":"192.168.2.222"},"cli_port":"40124","srv_ip":{"blacklisted":"0","country":"NL","label":"wdcp.microsoft.com","label_long":"wdcp.microsoft.com","name":"wdcp.microsoft.com","reference":"","value":"20.86.186.134"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/12/2020 21:38:28 - 10/03/2022 21:38:28 ] [ Cipher State: safe ] [ Requested Server Name: wdcp.microsoft.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.74 KB | Client to Server Traffic: 1.13 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Microsoft","label":"TCP:TLS.Microsoft","value":"212"},"msg":{"configset_ref":" ","description":"Too Long TLS Certificate Validity [Score: 50]","fullname":"Too Long TLS Certificate Validity","name":"Too Long TLS Certificate Validity","value":60},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_cert_validity_too_long","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"03/06/2021 08:31:00","value":1622701860},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 1 records [4,328 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.23102760314941}}} diff --git a/tests/e2e/rest/result/v2/alert_tls_certificate_expired.out b/tests/e2e/rest/result/v2/alert_tls_certificate_expired.out index 4fc213d302..e0eb475533 100644 --- a/tests/e2e/rest/result/v2/alert_tls_certificate_expired.out +++ b/tests/e2e/rest/result/v2/alert_tls_certificate_expired.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":27271005,"family":"flow","filter":{"bpf":"host 192.168.2.126 and host 104.111.215.93 and port 60174 and port 443","epoch_begin":1622559830,"epoch_end":1649830836},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.2.126","label_long":"192.168.2.126","reference":"","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"blacklisted":"0","country":"DE","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"104.111.215.93"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/03/2019 02:00:00 - 05/05/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 106.51 KB | Client to Server Traffic: 8.34 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"01/06/2021 17:03:50","value":1622559830},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 1 records [3,924 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.25486946105957}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":27356936,"family":"flow","filter":{"bpf":"host 192.168.2.126 and host 104.111.215.93 and port 60174 and port 443","epoch_begin":1622559830,"epoch_end":1649916767},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689480653&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.2.126","label_long":"192.168.2.126","reference":"","value":"192.168.2.126"},"cli_port":"60174","srv_ip":{"blacklisted":"0","country":"DE","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"104.111.215.93"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/03/2019 02:00:00 - 05/05/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 106.51 KB | Client to Server Traffic: 8.34 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"01/06/2021 17:03:50","value":1622559830},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 1 records [4,033 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.24795532226562}}} diff --git a/tests/e2e/rest/result/v2/alert_tls_certificate_selfsigned.out b/tests/e2e/rest/result/v2/alert_tls_certificate_selfsigned.out index 7cea4adddd..e7cb1e3a7e 100644 --- a/tests/e2e/rest/result/v2/alert_tls_certificate_selfsigned.out +++ b/tests/e2e/rest/result/v2/alert_tls_certificate_selfsigned.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate Self-signed [Score: 100]
Application on Non-Standard Port [Score: 50]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"127.0.0.0/8","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60909264,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 51607 and port 3001","epoch_begin":1588921646,"epoch_end":1649830911},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"srv_port":"3001"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/10/2015 17:55:47 - 09/10/2016 17:55:47 ] [ Cipher State: safe ] [ Requested Server Name: localhost ] [ Main Direction: Server Client | Server to Client Traffic: 2.29 KB | Client to Server Traffic: 1.39 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"127.0.0.0/8","value":"0"},"tstamp":{"highlight":"#ff3231","label":"08/05/2020 09:07:26","value":1588921646},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 1 records [4,328 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.23102760314941}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"TLS Certificate Self-signed [Score: 100]
Application on Non-Standard Port [Score: 50]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"127.0.0.0/8","value":"0"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60995194,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 51607 and port 3001","epoch_begin":1588921646,"epoch_end":1649916841},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261499100&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"cli_port":"51607","srv_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"srv_port":"3001"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/10/2015 17:55:47 - 09/10/2016 17:55:47 ] [ Cipher State: safe ] [ Requested Server Name: localhost ] [ Main Direction: Server Client | Server to Client Traffic: 2.29 KB | Client to Server Traffic: 1.39 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ff3231","label":"250","value":250},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"127.0.0.0/8","value":"0"},"tstamp":{"highlight":"#ff3231","label":"08/05/2020 09:07:26","value":1588921646},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 1 records [4,975 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.20098686218262}}} diff --git a/tests/e2e/rest/result/v2/alert_web_mining.out b/tests/e2e/rest/result/v2/alert_web_mining.out index f302bd475e..1a47239ff9 100644 --- a/tests/e2e/rest/result/v2/alert_web_mining.out +++ b/tests/e2e/rest/result/v2/alert_web_mining.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":6,"recordsTotal":6,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348503125,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 188.165.213.169 and port 55317 and port 8333","epoch_begin":1301327937,"epoch_end":1649831063},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2102295093&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55317","srv_ip":{"blacklisted":"0","country":"FR","label":"188.165.213.169","label_long":"188.165.213.169","reference":"","value":"188.165.213.169"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 1.73 KB | Client to Server Traffic: 1.21 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:58:57","value":1301327937},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348502973,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 69.118.54.122 and port 55328 and port 8333","epoch_begin":1301328089,"epoch_end":1649831063},"flow":{"active_url":"/lua/flow_details.lua?flow_key=102688262&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55328","srv_ip":{"blacklisted":"0","country":"US","label":"69.118.54.122","label_long":"69.118.54.122","reference":"","value":"69.118.54.122"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:01:29","value":1301328089},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348502743,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 74.89.181.229 and port 55348 and port 8333","epoch_begin":1301328319,"epoch_end":1649831063},"flow":{"active_url":"/lua/flow_details.lua?flow_key=184711537&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55348","srv_ip":{"blacklisted":"0","country":"US","label":"74.89.181.229","label_long":"74.89.181.229","reference":"","value":"74.89.181.229"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 257 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:05:19","value":1301328319},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348502590,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 66.68.83.22 and port 55383 and port 8333","epoch_begin":1301328472,"epoch_end":1649831063},"flow":{"active_url":"/lua/flow_details.lua?flow_key=49101218&flow_hash_id=3","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55383","srv_ip":{"blacklisted":"0","country":"US","label":"66.68.83.22","label_long":"66.68.83.22","reference":"","value":"66.68.83.22"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:07:52","value":1301328472},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348502363,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 195.218.16.178 and port 55400 and port 8333","epoch_begin":1301328699,"epoch_end":1649831063},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2223179838&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55400","srv_ip":{"blacklisted":"0","country":"LU","label":"195.218.16.178","label_long":"195.218.16.178","reference":"","value":"195.218.16.178"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 257 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:11:39","value":1301328699},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348501758,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 184.58.165.119 and port 55487 and port 8333","epoch_begin":1301329304,"epoch_end":1649831063},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2028205059&flow_hash_id=5","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55487","srv_ip":{"blacklisted":"0","country":"US","label":"184.58.165.119","label_long":"184.58.165.119","reference":"","value":"184.58.165.119"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:21:44","value":1301329304},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 6 records [19,167 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.31304359436035}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":6,"recordsTotal":6,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348589053,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 188.165.213.169 and port 55317 and port 8333","epoch_begin":1301327937,"epoch_end":1649916991},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2102295093&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55317","srv_ip":{"blacklisted":"0","country":"FR","label":"188.165.213.169","label_long":"188.165.213.169","reference":"","value":"188.165.213.169"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 1.73 KB | Client to Server Traffic: 1.21 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"1","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 17:58:57","value":1301327937},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348588901,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 69.118.54.122 and port 55328 and port 8333","epoch_begin":1301328089,"epoch_end":1649916991},"flow":{"active_url":"/lua/flow_details.lua?flow_key=102688262&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55328","srv_ip":{"blacklisted":"0","country":"US","label":"69.118.54.122","label_long":"69.118.54.122","reference":"","value":"69.118.54.122"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"2","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:01:29","value":1301328089},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348588671,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 74.89.181.229 and port 55348 and port 8333","epoch_begin":1301328319,"epoch_end":1649916991},"flow":{"active_url":"/lua/flow_details.lua?flow_key=184711537&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55348","srv_ip":{"blacklisted":"0","country":"US","label":"74.89.181.229","label_long":"74.89.181.229","reference":"","value":"74.89.181.229"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 257 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"3","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:05:19","value":1301328319},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348588518,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 66.68.83.22 and port 55383 and port 8333","epoch_begin":1301328472,"epoch_end":1649916991},"flow":{"active_url":"/lua/flow_details.lua?flow_key=49101218&flow_hash_id=3","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55383","srv_ip":{"blacklisted":"0","country":"US","label":"66.68.83.22","label_long":"66.68.83.22","reference":"","value":"66.68.83.22"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"4","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:07:52","value":1301328472},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348588291,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 195.218.16.178 and port 55400 and port 8333","epoch_begin":1301328699,"epoch_end":1649916991},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2223179838&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55400","srv_ip":{"blacklisted":"0","country":"LU","label":"195.218.16.178","label_long":"195.218.16.178","reference":"","value":"195.218.16.178"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 257 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"5","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:11:39","value":1301328699},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]
Unsafe Protocol [Score: 10]"},"alert_id":{"label":" Web Mining","value":"27"},"alert_name":" Web Mining","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Web Mining [Score: 50]"},"duration":348587686,"family":"flow","filter":{"bpf":"host 192.168.1.142 and host 184.58.165.119 and port 55487 and port 8333","epoch_begin":1301329304,"epoch_end":1649916991},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2028205059&flow_hash_id=5","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.142","label_long":"192.168.1.142","reference":"","value":"192.168.1.142"},"cli_port":"55487","srv_ip":{"blacklisted":"0","country":"US","label":"184.58.165.119","label_long":"184.58.165.119","reference":"","value":"184.58.165.119"},"srv_port":"8333"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 171 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Mining","label":"TCP:Mining","value":"42"},"msg":{"configset_ref":" ","description":"Web Mining [Score: 50]","fullname":"Web Mining","name":"Web Mining","value":27},"proto":{"label":"TCP","value":"6"},"row_id":"6","score":{"color":"#ffc007","label":"70","value":70},"script_key":"web_mining","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"28/03/2011 18:21:44","value":1301329304},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 6 records [21,291 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.28181076049805}}} diff --git a/tests/e2e/rest/result/v2/get_alert_data_01.out b/tests/e2e/rest/result/v2/get_alert_data_01.out index 3ed16eb03d..9e8646b028 100644 --- a/tests/e2e/rest/result/v2/get_alert_data_01.out +++ b/tests/e2e/rest/result/v2/get_alert_data_01.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":178,"recordsTotal":178,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51409 and port 53","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571639&flow_hash_id=6","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"51409","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62064 and port 53","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546849&flow_hash_id=10","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"62064","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.28 and port 5353 and port 5353","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169623730&flow_hash_id=5","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"5353","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.28","label_long":"192.168.1.28","reference":"","value":"192.168.1.28"},"srv_port":"5353"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 320 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"MDNS","label":"UDP:MDNS","value":"8"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51784 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536569&flow_hash_id=52","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51784","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: partner.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 88 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57672 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536592&flow_hash_id=51","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 295 Bytes | Client to Server Traffic: 86 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64331 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169537386&flow_hash_id=18","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64331","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 230 Bytes | Client to Server Traffic: 72 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"6","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64210 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571945&flow_hash_id=53","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64210","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 98 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"7","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62168 and port 53","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169573473&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62168","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61604 and port 80","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267400252&flow_hash_id=74","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61604","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61567 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753284184&flow_hash_id=23","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61567","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 177.42 KB | Client to Server Traffic: 7.11 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61605 and port 80","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267400508&flow_hash_id=75","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61605","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"11","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56927 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169542477&flow_hash_id=57","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56927","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 129 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"12","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61611 and port 80","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402044&flow_hash_id=82","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61611","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"13","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.122 and port 61564 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465125838&flow_hash_id=19","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61564","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.kataweb.it","label_long":"oasjs.kataweb.it","name":"oasjs.kataweb.it","reference":"","value":"13.224.102.122"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 71.75 KB | Client to Server Traffic: 4.1 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"14","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.127 and port 61565 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465126099&flow_hash_id=20","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61565","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.kataweb.it","label_long":"scripts.kataweb.it","name":"scripts.kataweb.it","reference":"","value":"13.224.102.127"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.9 KB | Client to Server Traffic: 1.72 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.119 and port 61568 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465126859&flow_hash_id=26","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61568","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.repubblica.it","label_long":"scripts.repubblica.it","name":"scripts.repubblica.it","reference":"","value":"13.224.102.119"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.36 KB | Client to Server Traffic: 2.82 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 34.252.198.143 and port 61600 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3819316195&flow_hash_id=70","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61600","srv_ip":{"blacklisted":"0","country":"IE","label":"secure-it.imrworldwide.c…","label_long":"secure-it.imrworldwide.com","name":"secure-it.imrworldwide.com","reference":"","value":"34.252.198.143"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 21/01/2020 02:00:00 - 24/02/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.75 KB | Client to Server Traffic: 913 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54636 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169545796&flow_hash_id=48","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54636","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 186 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"18","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64109 and port 53","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546089&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64109","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"19","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.94 and port 61571 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465127602&flow_hash_id=30","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61571","srv_ip":{"blacklisted":"0","country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.94"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 28.32 KB | Client to Server Traffic: 11.77 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53871 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546561&flow_hash_id=76","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53871","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"21","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61592 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753290584&flow_hash_id=62","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61592","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: staticxx.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52340 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169547835&flow_hash_id=24","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52340","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"23","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61593 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753290840&flow_hash_id=63","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61593","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 907 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"24","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61561 and port 443","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488910256&flow_hash_id=11","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61561","srv_ip":{"blacklisted":"0","country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.64 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"25","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65014 and port 53","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169581164&flow_hash_id=7","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65014","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"26","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61562 and port 443","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488910512&flow_hash_id=12","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61562","srv_ip":{"blacklisted":"0","country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 102.97 KB | Client to Server Traffic: 5.49 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"27","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64119 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169548649&flow_hash_id=50","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64119","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"28","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61579 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689156813&flow_hash_id=39","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61579","srv_ip":{"blacklisted":"0","country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 105.32 KB | Client to Server Traffic: 4.02 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"29","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.22 and port 61586 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131370&flow_hash_id=55","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61586","srv_ip":{"blacklisted":"0","country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.22"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.13 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"30","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.122 and port 61587 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131726&flow_hash_id=56","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61587","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.kataweb.it","label_long":"oasjs.kataweb.it","name":"oasjs.kataweb.it","reference":"","value":"13.224.102.122"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.59 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"31","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.127 and port 61588 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131987&flow_hash_id=58","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61588","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.kataweb.it","label_long":"scripts.kataweb.it","name":"scripts.kataweb.it","reference":"","value":"13.224.102.127"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.25 KB | Client to Server Traffic: 905 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"32","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61563 and port 443","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584132&flow_hash_id=14","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61563","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"33","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61566 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584900&flow_hash_id=21","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61566","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"34","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.58 and port 61595 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465133710&flow_hash_id=65","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61595","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.repubblica.it","label_long":"oasjs.repubblica.it","name":"oasjs.repubblica.it","reference":"","value":"13.224.102.58"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.59 KB | Client to Server Traffic: 906 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"35","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61591 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689159885&flow_hash_id=61","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61591","srv_ip":{"blacklisted":"0","country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.39 KB | Client to Server Traffic: 835 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"36","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.116 and port 61596 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134024&flow_hash_id=66","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61596","srv_ip":{"blacklisted":"0","country":"CH","label":"data.kataweb.it","label_long":"data.kataweb.it","name":"data.kataweb.it","reference":"","value":"13.224.102.116"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 23/03/2020 13:22:07 - 21/06/2020 13:22:07 ] [ Cipher State: safe ] [ Requested Server Name: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.11 KB | Client to Server Traffic: 902 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"37","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61569 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585668&flow_hash_id=27","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61569","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"38","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61570 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585924&flow_hash_id=28","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61570","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"39","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61598 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134549&flow_hash_id=68","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61598","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.34 KB | Client to Server Traffic: 972 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"40","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61572 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169586436&flow_hash_id=31","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61572","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"41","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.103.79 and port 61599 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465135011&flow_hash_id=69","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61599","srv_ip":{"blacklisted":"0","country":"CH","label":"login.kataweb.it","label_long":"login.kataweb.it","name":"login.kataweb.it","reference":"","value":"13.224.103.79"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/04/2020 10:23:21 - 09/07/2020 10:23:21 ] [ Cipher State: safe ] [ Requested Server Name: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.12 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"42","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61573 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477362905&flow_hash_id=32","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61573","srv_ip":{"blacklisted":"0","country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 05/03/2020 02:00:00 - 06/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 5.32 KB | Client to Server Traffic: 2.29 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"43","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.8 and port 61602 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465135452&flow_hash_id=72","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61602","srv_ip":{"blacklisted":"0","country":"CH","label":"tvzap.kataweb.it","label_long":"tvzap.kataweb.it","name":"tvzap.kataweb.it","reference":"","value":"13.224.102.8"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 04/04/2020 14:21:29 - 03/07/2020 14:21:29 ] [ Cipher State: safe ] [ Requested Server Name: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.11 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"44","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61574 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477363161&flow_hash_id=33","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61574","srv_ip":{"blacklisted":"0","country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 26/03/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 4.89 KB | Client to Server Traffic: 2.15 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"45","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59920 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169522265&flow_hash_id=49","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59920","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 92 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"46","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61606 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465136597&flow_hash_id=77","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61606","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.03 KB | Client to Server Traffic: 582 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"47","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61580 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169588484&flow_hash_id=40","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61580","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"48","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62869 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556324&flow_hash_id=16","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62869","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"49","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62359 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556834&flow_hash_id=22","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62359","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 101 Bytes | Client to Server Traffic: 85 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"50","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 55707 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557832&flow_hash_id=34","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55707","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a771.dscq.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 112 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"51","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61589 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169590788&flow_hash_id=59","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61589","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"52","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65309 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169525614&flow_hash_id=54","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65309","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"53","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61590 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477367257&flow_hash_id=60","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61590","srv_ip":{"blacklisted":"0","country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 05/03/2020 02:00:00 - 06/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 4.14 KB | Client to Server Traffic: 800 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"54","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61594 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169592068&flow_hash_id=64","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61594","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"55","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63777 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169526632&flow_hash_id=46","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63777","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 143 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"56","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52650 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169561660&flow_hash_id=29","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 96 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"57","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61739 and port 53","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529184&flow_hash_id=15","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61739","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 128 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"58","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61607 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595396&flow_hash_id=78","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61607","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"59","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61608 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595652&flow_hash_id=79","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61608","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"60","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53807 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169530177&flow_hash_id=25","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53807","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 175 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"61","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61609 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595908&flow_hash_id=80","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61609","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 522 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"62","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61610 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169596164&flow_hash_id=81","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61610","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"63","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 213.92.16.78 and port 61597 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2516937378&flow_hash_id=67","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61597","srv_ip":{"blacklisted":"0","country":"IT","label":"adagiof3.repubblica.it","label_long":"adagiof3.repubblica.it","name":"adagiof3.repubblica.it","reference":"","value":"213.92.16.78"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 11/04/2020 09:21:29 - 10/07/2020 09:21:29 ] [ Cipher State: safe ] [ Requested Server Name: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 3.33 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"64","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62012 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169533537&flow_hash_id=17","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62012","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 163 Bytes | Client to Server Traffic: 74 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"65","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61601 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044720297&flow_hash_id=71","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61601","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/12/2019 16:36:04 - 19/01/2021 15:11:04 ] [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.15 KB | Client to Server Traffic: 935 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"66","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61575 and port 80","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267392828&flow_hash_id=35","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61575","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"67","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51263 and port 53","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534263&flow_hash_id=47","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51263","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 139 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"68","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54593 and port 53","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534788&flow_hash_id=13","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54593","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 182 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"69","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61581 and port 80","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394364&flow_hash_id=41","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61581","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"70","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61582 and port 80","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394620&flow_hash_id=42","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61582","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"71","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61583 and port 80","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394876&flow_hash_id=43","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61583","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"72","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61584 and port 80","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267395132&flow_hash_id=44","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61584","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"73","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61585 and port 80","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267395388&flow_hash_id=45","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61585","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"74","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 60368 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571418&flow_hash_id=98","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60368","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"75","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64080 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169538665&flow_hash_id=100","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64080","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 167 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"76","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61397 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169572702&flow_hash_id=92","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61397","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 184 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"77","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61612 and port 80","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402300&flow_hash_id=83","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61612","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"78","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61613 and port 80","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402556&flow_hash_id=84","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61613","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"79","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61614 and port 80","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402812&flow_hash_id=85","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61614","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"80","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57066 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169578061&flow_hash_id=93","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57066","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"81","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 49907 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169580337&flow_hash_id=101","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"49907","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 177 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"82","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52734 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169583164&flow_hash_id=95","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52734","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 136 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"83","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61641 and port 80","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267409724&flow_hash_id=127","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61641","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"84","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61642 and port 80","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267409980&flow_hash_id=128","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61642","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"85","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52367 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169554747&flow_hash_id=90","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52367","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"86","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59283 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169555798&flow_hash_id=99","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59283","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a221.g.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 109 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"87","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61626 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753299288&flow_hash_id=112","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61626","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: scontent.xx.fbcdn.net ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"88","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.208.170 and port 61633 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565099262&flow_hash_id=119","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61633","srv_ip":{"blacklisted":"0","country":"PT","label":"imasdk.googleapis.com","label_long":"imasdk.googleapis.com","name":"imasdk.googleapis.com","reference":"","value":"216.58.208.170"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 28/04/2020 09:51:28 - 21/07/2020 09:51:28 ] [ Cipher State: safe ] [ Requested Server Name: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 875 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"89","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58649 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524564&flow_hash_id=94","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58649","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 121 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"90","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.36 and port 61630 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753300344&flow_hash_id=116","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61630","srv_ip":{"blacklisted":"0","country":"IT","label":"www.facebook.com","label_long":"www.facebook.com","name":"www.facebook.com","reference":"","value":"31.13.86.36"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"91","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51226 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524791&flow_hash_id=97","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51226","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"92","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54170 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557570&flow_hash_id=91","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54170","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 105 Bytes | Client to Server Traffic: 89 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"93","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.8 and port 61631 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753300572&flow_hash_id=117","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61631","srv_ip":{"blacklisted":"0","country":"IT","label":"graph.facebook.com","label_long":"graph.facebook.com","name":"graph.facebook.com","reference":"","value":"31.13.86.8"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"94","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.115 and port 61615 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465138887&flow_hash_id=86","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61615","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.repubblica.it","label_long":"oasjs.repubblica.it","name":"oasjs.repubblica.it","reference":"","value":"13.224.102.115"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.77 KB | Client to Server Traffic: 2.55 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"95","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.103.79 and port 61616 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465139363&flow_hash_id=87","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61616","srv_ip":{"blacklisted":"0","country":"CH","label":"login.kataweb.it","label_long":"login.kataweb.it","name":"login.kataweb.it","reference":"","value":"13.224.103.79"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/04/2020 10:23:21 - 09/07/2020 10:23:21 ] [ Cipher State: safe ] [ Requested Server Name: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 7.53 KB | Client to Server Traffic: 2.21 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"96","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.119 and port 61618 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465139659&flow_hash_id=104","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61618","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.repubblica.it","label_long":"scripts.repubblica.it","name":"scripts.repubblica.it","reference":"","value":"13.224.102.119"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.25 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"97","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63273 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169528678&flow_hash_id=96","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63273","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"98","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64299 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529194&flow_hash_id=89","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64299","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 97 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"99","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61617 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488924592&flow_hash_id=103","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61617","srv_ip":{"blacklisted":"0","country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 6.8 KB | Client to Server Traffic: 1.96 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"100","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.59 and port 61638 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465144719&flow_hash_id=126","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61638","srv_ip":{"blacklisted":"0","country":"CH","label":"www.gelestatic.it","label_long":"www.gelestatic.it","name":"www.gelestatic.it","reference":"","value":"13.224.102.59"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/04/2020 04:21:56 - 02/07/2020 04:21:56 ] [ Cipher State: safe ] [ Requested Server Name: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 3.82 KB | Client to Server Traffic: 580 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"101","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61635 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689171149&flow_hash_id=121","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61635","srv_ip":{"blacklisted":"0","country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.39 KB | Client to Server Traffic: 839 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"102","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56374 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531979&flow_hash_id=102","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56374","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 176 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"103","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61619 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598468&flow_hash_id=105","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61619","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"104","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61620 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598724&flow_hash_id=106","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61620","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 517 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"105","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61621 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598980&flow_hash_id=107","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61621","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"106","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61622 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599236&flow_hash_id=108","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61622","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"107","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61623 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599492&flow_hash_id=109","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61623","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"108","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61624 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599748&flow_hash_id=110","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61624","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 526 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"109","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56898 and port 53","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169535053&flow_hash_id=88","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56898","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 94 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"110","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.83.123.49 and port 61636 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=687668357&flow_hash_id=122","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61636","srv_ip":{"blacklisted":"0","country":"IT","label":"socialize.us1.gigya.com","label_long":"socialize.us1.gigya.com","name":"socialize.us1.gigya.com","reference":"","value":"104.83.123.49"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 6.17 KB | Client to Server Traffic: 1.22 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"111","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Mismatch","value":"23"},"alert_name":" TLS Certificate Mismatch","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Mismatch [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 184.51.127.56 and port 61632 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2027748492&flow_hash_id=118","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61632","srv_ip":{"blacklisted":"0","country":"IT","label":"184.51.127.56","label_long":"184.51.127.56","reference":"","value":"184.51.127.56"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 13/08/2019 02:00:00 - 12/08/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.15 KB | Client to Server Traffic: 576 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Mismatch [Score: 100]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"112","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.83.123.49 and port 61637 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=687668613&flow_hash_id=125","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61637","srv_ip":{"blacklisted":"0","country":"IT","label":"socialize.us1.gigya.com","label_long":"socialize.us1.gigya.com","name":"socialize.us1.gigya.com","reference":"","value":"104.83.123.49"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 6.17 KB | Client to Server Traffic: 975 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"113","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.94 and port 61661 and port 443","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465150642&flow_hash_id=143","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61661","srv_ip":{"blacklisted":"0","country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.94"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 11.59 KB | Client to Server Traffic: 1.91 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"114","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61650 and port 443","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606404&flow_hash_id=132","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"115","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61651 and port 443","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606660&flow_hash_id=133","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61651","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"116","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61657 and port 443","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608196&flow_hash_id=139","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61657","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"117","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61664 and port 443","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609988&flow_hash_id=146","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61664","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"118","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61665 and port 443","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610244&flow_hash_id=147","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61665","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"119","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61667 and port 443","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610756&flow_hash_id=149","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61667","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"120","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61643 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410236&flow_hash_id=129","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61643","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"121","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61644 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410492&flow_hash_id=130","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61644","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"122","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61645 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410748&flow_hash_id=131","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61645","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"123","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61652 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267412540&flow_hash_id=134","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61652","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"124","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61653 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267412796&flow_hash_id=135","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61653","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"125","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61654 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413052&flow_hash_id=136","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61654","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"126","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61655 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413308&flow_hash_id=137","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61655","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"127","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61656 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413564&flow_hash_id=138","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61656","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"128","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61658 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267414076&flow_hash_id=140","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61658","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"129","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61659 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267414332&flow_hash_id=141","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61659","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"130","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61662 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267415100&flow_hash_id=144","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61662","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"131","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61666 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267416124&flow_hash_id=148","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61666","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"132","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61670 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267417148&flow_hash_id=150","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61670","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"133","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61625 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600004&flow_hash_id=111","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61625","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"134","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61627 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600516&flow_hash_id=113","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61627","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"135","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61628 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600772&flow_hash_id=114","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61628","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"136","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61629 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169601028&flow_hash_id=115","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61629","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"137","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.36 and port 61687 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753314936&flow_hash_id=170","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61687","srv_ip":{"blacklisted":"0","country":"IT","label":"www.facebook.com","label_long":"www.facebook.com","name":"www.facebook.com","reference":"","value":"31.13.86.36"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.facebook.com ] [ Main Direction: Client Server | Server to Client Traffic: 4.41 KB | Client to Server Traffic: 6.88 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"138","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 8.241.92.250 and port 61683 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3382381902&flow_hash_id=164","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61683","srv_ip":{"blacklisted":"0","country":"IT","label":"media.gedidigital.it","label_long":"media.gedidigital.it","name":"media.gedidigital.it","reference":"","value":"8.241.92.250"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 21/03/2020 13:21:56 - 19/06/2020 13:21:56 ] [ Cipher State: safe ] [ Requested Server Name: media.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 517.73 KB | Client to Server Traffic: 17.25 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"139","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 138.68.91.103 and port 61688 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1257115835&flow_hash_id=171","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61688","srv_ip":{"blacklisted":"0","country":"DE","label":"hits-i.iubenda.com","label_long":"hits-i.iubenda.com","name":"hits-i.iubenda.com","reference":"","value":"138.68.91.103"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/01/2020 02:00:00 - 31/01/2022 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 6 KB | Client to Server Traffic: 2.0 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"140","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 50013 and port 53","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169541938&flow_hash_id=162","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"50013","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: media.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 178 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"141","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56544 and port 53","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575499&flow_hash_id=172","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56544","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: fbc.wcfbc.net ] [ Main Direction: Server Client | Server to Client Traffic: 89 Bytes | Client to Server Traffic: 73 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"142","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61672 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612036&flow_hash_id=152","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"143","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61675 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612804&flow_hash_id=155","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61675","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"144","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61676 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613060&flow_hash_id=156","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61676","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"145","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61678 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613572&flow_hash_id=158","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61678","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"146","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61682 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169614596&flow_hash_id=163","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61682","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"147","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61677 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044739753&flow_hash_id=157","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61677","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/12/2019 16:36:04 - 19/01/2021 15:11:04 ] [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.94 KB | Client to Server Traffic: 4.09 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"148","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61671 and port 80","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267417404&flow_hash_id=151","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61671","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"149","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61673 and port 80","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267417916&flow_hash_id=153","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61673","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"150","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61679 and port 80","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267419452&flow_hash_id=159","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61679","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"151","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61680 and port 80","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267419708&flow_hash_id=160","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61680","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"152","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61681 and port 80","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267419964&flow_hash_id=161","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61681","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"153","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61686 and port 80","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267421244&flow_hash_id=168","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61686","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"154","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58163 and port 53","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531218&flow_hash_id=165","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58163","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: d.adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"155","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63928 and port 53","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169565288&flow_hash_id=169","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63928","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"156","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.45.75.18 and port 61684 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=685177958&flow_hash_id=166","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61684","srv_ip":{"blacklisted":"0","country":"NL","label":"d.adagiof3.repubblica.it","label_long":"d.adagiof3.repubblica.it","name":"d.adagiof3.repubblica.it","reference":"","value":"104.45.75.18"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/10/2019 14:51:03 - 09/12/2020 14:36:04 ] [ Cipher State: safe ] [ Requested Server Name: d.adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 6.28 KB | Client to Server Traffic: 3.79 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Azure","label":"TCP:TLS.Azure","value":"276"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"157","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.36 and port 61674 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753311608&flow_hash_id=154","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61674","srv_ip":{"blacklisted":"0","country":"IT","label":"www.facebook.com","label_long":"www.facebook.com","name":"www.facebook.com","reference":"","value":"31.13.86.36"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.89 KB | Client to Server Traffic: 2.65 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"158","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089273,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 172.217.21.67 and port 60856 and port 443","epoch_begin":1589741863,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1837271700&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60856","srv_ip":{"blacklisted":"0","country":"DE","label":"172.217.21.67","label_long":"172.217.21.67","reference":"","value":"172.217.21.67"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 264 Bytes | Client to Server Traffic: 341 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"159","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089267,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 138.68.91.103 and port 61690 and port 443","epoch_begin":1589741869,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1257116347&flow_hash_id=176","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61690","srv_ip":{"blacklisted":"0","country":"DE","label":"hits-i.iubenda.com","label_long":"hits-i.iubenda.com","name":"hits-i.iubenda.com","reference":"","value":"138.68.91.103"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/01/2020 02:00:00 - 31/01/2022 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 5.77 KB | Client to Server Traffic: 1.05 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"160","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089267,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 35.190.242.29 and port 55099 and port 4070","epoch_begin":1589741869,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3832026470&flow_hash_id=174","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55099","srv_ip":{"blacklisted":"0","country":"US","label":"35.190.242.29","label_long":"35.190.242.29","reference":"","value":"35.190.242.29"},"srv_port":"4070"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 363 Bytes | Client to Server Traffic: 1.01 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Google","label":"TCP:Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"161","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61660 and port 443","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608964&flow_hash_id=142","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61660","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"162","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60089269,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61663 and port 443","epoch_begin":1589741867,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609732&flow_hash_id=145","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61663","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"163","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089273,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.22.34.92 and port 60994 and port 443","epoch_begin":1589741863,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=683614638&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60994","srv_ip":{"blacklisted":"0","country":"US","label":"104.22.34.92","label_long":"104.22.34.92","reference":"","value":"104.22.34.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 180 Bytes | Client to Server Traffic: 293 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Cloudflare","label":"TCP:TLS.Cloudflare","value":"220"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"164","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.58 and port 61576 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465128846&flow_hash_id=36","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61576","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.repubblica.it","label_long":"oasjs.repubblica.it","name":"oasjs.repubblica.it","reference":"","value":"13.224.102.58"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 74 Bytes | Client to Server Traffic: 132 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"165","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.10 and port 61577 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465129054&flow_hash_id=37","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61577","srv_ip":{"blacklisted":"0","country":"CH","label":"13.224.102.10","label_long":"13.224.102.10","reference":"","value":"13.224.102.10"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 74 Bytes | Client to Server Traffic: 132 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"166","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.127 and port 61578 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465129427&flow_hash_id=38","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61578","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.kataweb.it","label_long":"scripts.kataweb.it","name":"scripts.kataweb.it","reference":"","value":"13.224.102.127"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 74 Bytes | Client to Server Traffic: 132 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"167","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089271,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.209.34 and port 61603 and port 443","epoch_begin":1589741865,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565091702&flow_hash_id=73","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61603","srv_ip":{"blacklisted":"0","country":"BG","label":"216.58.209.34","label_long":"216.58.209.34","reference":"","value":"216.58.209.34"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: partner.googleadservices.com ] [ Main Direction: Client Server | Server to Client Traffic: 497 Bytes | Client to Server Traffic: 976 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"168","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60089267,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61691 and port 443","epoch_begin":1589741869,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169616900&flow_hash_id=177","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61691","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 512 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"169","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089273,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.205.68 and port 60854 and port 443","epoch_begin":1589741863,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565095573&flow_hash_id=3","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60854","srv_ip":{"blacklisted":"0","country":"FR","label":"216.58.205.68","label_long":"216.58.205.68","reference":"","value":"216.58.205.68"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 264 Bytes | Client to Server Traffic: 341 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"170","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089273,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.208.131 and port 60858 and port 443","epoch_begin":1589741863,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565097428&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60858","srv_ip":{"blacklisted":"0","country":"PT","label":"216.58.208.131","label_long":"216.58.208.131","reference":"","value":"216.58.208.131"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 264 Bytes | Client to Server Traffic: 341 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"171","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS not carrying HTTPS","value":"46"},"alert_name":" TLS not carrying HTTPS","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"TLS not carrying HTTPS [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61685 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044741801&flow_hash_id=167","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61685","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Client Server | Server to Client Traffic: 1.88 KB | Client to Server Traffic: 2.0 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS not carrying HTTPS [Score: 10]","fullname":"TLS not carrying HTTPS","name":"TLS not carrying HTTPS","value":46},"proto":{"label":"TCP","value":"6"},"row_id":"172","score":{"color":"#5cd65c","label":"20","value":20},"script_key":"ndpi_tls_not_carrying_https","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089268,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.123 and port 61689 and port 443","epoch_begin":1589741868,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044742863&flow_hash_id=173","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61689","srv_ip":{"blacklisted":"0","country":"DE","label":"fbc.wcfbc.net","label_long":"fbc.wcfbc.net","name":"fbc.wcfbc.net","reference":"","value":"185.54.150.123"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 11/01/2018 15:08:01 - 11/01/2021 15:08:01 ] [ Cipher State: safe ] [ Requested Server Name: fbc.wcfbc.net ] [ Main Direction: Server Client | Server to Client Traffic: 6.62 KB | Client to Server Traffic: 1.79 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"173","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.208.170 and port 61634 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565099518&flow_hash_id=120","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61634","srv_ip":{"blacklisted":"0","country":"PT","label":"imasdk.googleapis.com","label_long":"imasdk.googleapis.com","name":"imasdk.googleapis.com","reference":"","value":"216.58.208.170"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 98.3 KB | Client to Server Traffic: 4.59 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"174","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089270,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 149.154.167.91 and port 55156 and port 443","epoch_begin":1589741866,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1447286934&flow_hash_id=124","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55156","srv_ip":{"blacklisted":"0","country":"GB","label":"149.154.167.91","label_long":"149.154.167.91","reference":"","value":"149.154.167.91"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 66 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Telegram","label":"TCP:TLS.Telegram","value":"185"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"175","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089267,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 35.186.224.53 and port 55114 and port 443","epoch_begin":1589741869,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3831752560&flow_hash_id=175","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55114","srv_ip":{"blacklisted":"0","country":"US","label":"35.186.224.53","label_long":"35.186.224.53","reference":"","value":"35.186.224.53"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 5.28 KB | Client to Server Traffic: 1.94 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleCloud","label":"TCP:TLS.GoogleCloud","value":"284"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"176","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089267,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61692 and port 80","epoch_begin":1589741869,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267422780&flow_hash_id=178","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61692","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"177","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60089272,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.28 and port 55148 and port 49152","epoch_begin":1589741864,"epoch_end":1649831137},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169532438&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55148","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.28","label_long":"192.168.1.28","reference":"","value":"192.168.1.28"},"srv_port":"49152"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 144 Bytes | Client to Server Traffic: 210 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Unknown","label":"TCP:Unknown","value":"0"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"178","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 178 records [68,753 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":2.5889873504639}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":178,"recordsTotal":178,"rsp":{"records":[{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51409 and port 53","epoch_begin":1589741864,"epoch_end":1649917066},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571639&flow_hash_id=6","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"51409","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 171 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62064 and port 53","epoch_begin":1589741864,"epoch_end":1649917066},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546849&flow_hash_id=10","cli_ip":{"blacklisted":"0","country":"","label":"192.168.1.93","label_long":"192.168.1.93","reference":"","value":"192.168.1.93"},"cli_port":"62064","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"2","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.28 and port 5353 and port 5353","epoch_begin":1589741864,"epoch_end":1649917066},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169623730&flow_hash_id=5","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"5353","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.28","label_long":"192.168.1.28","reference":"","value":"192.168.1.28"},"srv_port":"5353"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 320 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"MDNS","label":"UDP:MDNS","value":"8"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"UDP","value":"17"},"row_id":"3","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51784 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536569&flow_hash_id=52","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51784","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: partner.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 88 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"4","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57672 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169536592&flow_hash_id=51","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 295 Bytes | Client to Server Traffic: 86 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"5","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64331 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169537386&flow_hash_id=18","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64331","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 230 Bytes | Client to Server Traffic: 72 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"6","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64210 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571945&flow_hash_id=53","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64210","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 98 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"7","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175202,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62168 and port 53","epoch_begin":1589741864,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169573473&flow_hash_id=8","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62168","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"8","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61604 and port 80","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267400252&flow_hash_id=74","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61604","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"9","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61567 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753284184&flow_hash_id=23","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61567","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 177.42 KB | Client to Server Traffic: 7.11 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"10","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61605 and port 80","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267400508&flow_hash_id=75","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61605","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"11","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56927 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169542477&flow_hash_id=57","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56927","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 129 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"12","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61611 and port 80","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402044&flow_hash_id=82","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61611","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"13","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.122 and port 61564 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465125838&flow_hash_id=19","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61564","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.kataweb.it","label_long":"oasjs.kataweb.it","name":"oasjs.kataweb.it","reference":"","value":"13.224.102.122"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 71.75 KB | Client to Server Traffic: 4.1 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"14","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.127 and port 61565 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465126099&flow_hash_id=20","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61565","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.kataweb.it","label_long":"scripts.kataweb.it","name":"scripts.kataweb.it","reference":"","value":"13.224.102.127"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.9 KB | Client to Server Traffic: 1.72 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"15","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.119 and port 61568 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465126859&flow_hash_id=26","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61568","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.repubblica.it","label_long":"scripts.repubblica.it","name":"scripts.repubblica.it","reference":"","value":"13.224.102.119"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.36 KB | Client to Server Traffic: 2.82 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"16","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 34.252.198.143 and port 61600 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3819316195&flow_hash_id=70","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61600","srv_ip":{"blacklisted":"0","country":"IE","label":"secure-it.imrworldwide.c…","label_long":"secure-it.imrworldwide.com","name":"secure-it.imrworldwide.com","reference":"","value":"34.252.198.143"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 21/01/2020 02:00:00 - 24/02/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: secure-it.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.75 KB | Client to Server Traffic: 913 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"17","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54636 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169545796&flow_hash_id=48","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54636","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 186 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"18","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175202,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64109 and port 53","epoch_begin":1589741864,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546089&flow_hash_id=9","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64109","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 145 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"19","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.94 and port 61571 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465127602&flow_hash_id=30","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61571","srv_ip":{"blacklisted":"0","country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.94"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 28.32 KB | Client to Server Traffic: 11.77 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"20","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53871 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169546561&flow_hash_id=76","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53871","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"21","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61592 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753290584&flow_hash_id=62","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61592","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: staticxx.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"22","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52340 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169547835&flow_hash_id=24","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52340","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"23","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61593 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753290840&flow_hash_id=63","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61593","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 907 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"24","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175202,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61561 and port 443","epoch_begin":1589741864,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488910256&flow_hash_id=11","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61561","srv_ip":{"blacklisted":"0","country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.64 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"25","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175202,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65014 and port 53","epoch_begin":1589741864,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169581164&flow_hash_id=7","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65014","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"26","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175202,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61562 and port 443","epoch_begin":1589741864,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488910512&flow_hash_id=12","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61562","srv_ip":{"blacklisted":"0","country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 102.97 KB | Client to Server Traffic: 5.49 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"27","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64119 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169548649&flow_hash_id=50","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64119","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 140 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"28","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61579 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689156813&flow_hash_id=39","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61579","srv_ip":{"blacklisted":"0","country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 105.32 KB | Client to Server Traffic: 4.02 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"29","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.22 and port 61586 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131370&flow_hash_id=55","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61586","srv_ip":{"blacklisted":"0","country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.22"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.13 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"30","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.122 and port 61587 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131726&flow_hash_id=56","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61587","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.kataweb.it","label_long":"oasjs.kataweb.it","name":"oasjs.kataweb.it","reference":"","value":"13.224.102.122"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.59 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"31","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.127 and port 61588 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465131987&flow_hash_id=58","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61588","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.kataweb.it","label_long":"scripts.kataweb.it","name":"scripts.kataweb.it","reference":"","value":"13.224.102.127"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.25 KB | Client to Server Traffic: 905 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"32","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175202,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61563 and port 443","epoch_begin":1589741864,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584132&flow_hash_id=14","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61563","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"33","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61566 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169584900&flow_hash_id=21","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61566","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"34","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.58 and port 61595 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465133710&flow_hash_id=65","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61595","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.repubblica.it","label_long":"oasjs.repubblica.it","name":"oasjs.repubblica.it","reference":"","value":"13.224.102.58"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.59 KB | Client to Server Traffic: 906 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"35","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61591 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689159885&flow_hash_id=61","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61591","srv_ip":{"blacklisted":"0","country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.39 KB | Client to Server Traffic: 835 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"36","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.116 and port 61596 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134024&flow_hash_id=66","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61596","srv_ip":{"blacklisted":"0","country":"CH","label":"data.kataweb.it","label_long":"data.kataweb.it","name":"data.kataweb.it","reference":"","value":"13.224.102.116"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 23/03/2020 13:22:07 - 21/06/2020 13:22:07 ] [ Cipher State: safe ] [ Requested Server Name: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.11 KB | Client to Server Traffic: 902 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"37","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61569 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585668&flow_hash_id=27","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61569","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"38","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61570 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169585924&flow_hash_id=28","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61570","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"39","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61598 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465134549&flow_hash_id=68","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61598","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.34 KB | Client to Server Traffic: 972 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"40","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61572 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169586436&flow_hash_id=31","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61572","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"41","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.103.79 and port 61599 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465135011&flow_hash_id=69","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61599","srv_ip":{"blacklisted":"0","country":"CH","label":"login.kataweb.it","label_long":"login.kataweb.it","name":"login.kataweb.it","reference":"","value":"13.224.103.79"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/04/2020 10:23:21 - 09/07/2020 10:23:21 ] [ Cipher State: safe ] [ Requested Server Name: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.12 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"42","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61573 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477362905&flow_hash_id=32","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61573","srv_ip":{"blacklisted":"0","country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 05/03/2020 02:00:00 - 06/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 5.32 KB | Client to Server Traffic: 2.29 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"43","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.8 and port 61602 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465135452&flow_hash_id=72","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61602","srv_ip":{"blacklisted":"0","country":"CH","label":"tvzap.kataweb.it","label_long":"tvzap.kataweb.it","name":"tvzap.kataweb.it","reference":"","value":"13.224.102.8"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 04/04/2020 14:21:29 - 03/07/2020 14:21:29 ] [ Cipher State: safe ] [ Requested Server Name: tvzap.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.11 KB | Client to Server Traffic: 903 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"44","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61574 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477363161&flow_hash_id=33","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61574","srv_ip":{"blacklisted":"0","country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 26/03/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 4.89 KB | Client to Server Traffic: 2.15 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"45","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59920 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169522265&flow_hash_id=49","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59920","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 92 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"46","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate About To Expire","value":"69"},"alert_name":" TLS Certificate About To Expire","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate About To Expire [Score: 50]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.129 and port 61606 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465136597&flow_hash_id=77","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61606","srv_ip":{"blacklisted":"0","country":"CH","label":"video.repubblica.it","label_long":"video.repubblica.it","name":"video.repubblica.it","reference":"","value":"13.224.102.129"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/03/2020 16:14:10 - 15/06/2020 16:14:10 ] [ Cipher State: safe ] [ Requested Server Name: video.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.03 KB | Client to Server Traffic: 582 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"TLS Certificate About To Expire [Score: 50]","fullname":"TLS Certificate About To Expire","name":"TLS Certificate About To Expire","value":69},"proto":{"label":"TCP","value":"6"},"row_id":"47","score":{"color":"#ffc007","label":"60","value":60},"script_key":"ndpi_tls_certificate_about_to_expire","severity":{"color":"#ffc007","label":" ","value":4},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ffc007","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61580 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169588484&flow_hash_id=40","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61580","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"48","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62869 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556324&flow_hash_id=16","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62869","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"49","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62359 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169556834&flow_hash_id=22","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62359","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 101 Bytes | Client to Server Traffic: 85 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"50","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 55707 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557832&flow_hash_id=34","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55707","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a771.dscq.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 112 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"51","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61589 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169590788&flow_hash_id=59","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61589","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"52","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 65309 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169525614&flow_hash_id=54","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"65309","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 99 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"53","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 151.101.130.133 and port 61590 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1477367257&flow_hash_id=60","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61590","srv_ip":{"blacklisted":"0","country":"US","label":"cdn.krxd.net","label_long":"cdn.krxd.net","name":"cdn.krxd.net","reference":"","value":"151.101.130.133"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 05/03/2020 02:00:00 - 06/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 4.14 KB | Client to Server Traffic: 800 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"54","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61594 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169592068&flow_hash_id=64","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61594","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"55","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63777 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169526632&flow_hash_id=46","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63777","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 143 Bytes | Client to Server Traffic: 79 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"56","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52650 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169561660&flow_hash_id=29","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 96 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"57","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175202,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61739 and port 53","epoch_begin":1589741864,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529184&flow_hash_id=15","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61739","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: connect.facebook.net ] [ Main Direction: Server Client | Server to Client Traffic: 128 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"58","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61607 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595396&flow_hash_id=78","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61607","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"59","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61608 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595652&flow_hash_id=79","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61608","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"60","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 53807 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169530177&flow_hash_id=25","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"53807","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: consumer.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 175 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"61","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61609 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169595908&flow_hash_id=80","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61609","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 522 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"62","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61610 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169596164&flow_hash_id=81","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61610","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"63","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 213.92.16.78 and port 61597 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2516937378&flow_hash_id=67","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61597","srv_ip":{"blacklisted":"0","country":"IT","label":"adagiof3.repubblica.it","label_long":"adagiof3.repubblica.it","name":"adagiof3.repubblica.it","reference":"","value":"213.92.16.78"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 11/04/2020 09:21:29 - 10/07/2020 09:21:29 ] [ Cipher State: safe ] [ Requested Server Name: adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 3.33 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"64","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 62012 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169533537&flow_hash_id=17","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"62012","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 163 Bytes | Client to Server Traffic: 74 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"65","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61601 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044720297&flow_hash_id=71","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61601","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/12/2019 16:36:04 - 19/01/2021 15:11:04 ] [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.15 KB | Client to Server Traffic: 935 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"66","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61575 and port 80","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267392828&flow_hash_id=35","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61575","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"67","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51263 and port 53","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534263&flow_hash_id=47","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51263","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: data.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 139 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"68","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175202,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54593 and port 53","epoch_begin":1589741864,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169534788&flow_hash_id=13","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54593","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 182 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"69","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61581 and port 80","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394364&flow_hash_id=41","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61581","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"70","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61582 and port 80","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394620&flow_hash_id=42","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61582","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"71","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61583 and port 80","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267394876&flow_hash_id=43","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61583","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"72","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61584 and port 80","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267395132&flow_hash_id=44","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61584","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"73","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61585 and port 80","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267395388&flow_hash_id=45","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61585","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"74","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 60368 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169571418&flow_hash_id=98","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60368","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"75","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64080 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169538665&flow_hash_id=100","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64080","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 167 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"76","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 61397 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169572702&flow_hash_id=92","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61397","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 184 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"77","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61612 and port 80","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402300&flow_hash_id=83","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61612","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"78","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61613 and port 80","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402556&flow_hash_id=84","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61613","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"79","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61614 and port 80","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267402812&flow_hash_id=85","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61614","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"80","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 57066 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169578061&flow_hash_id=93","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"57066","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"81","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 49907 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169580337&flow_hash_id=101","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"49907","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 177 Bytes | Client to Server Traffic: 83 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"82","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52734 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169583164&flow_hash_id=95","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52734","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 136 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"83","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61641 and port 80","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267409724&flow_hash_id=127","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61641","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"84","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61642 and port 80","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267409980&flow_hash_id=128","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61642","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"85","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 52367 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169554747&flow_hash_id=90","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"52367","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Google","label":"UDP:DNS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"86","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 59283 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169555798&flow_hash_id=99","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"59283","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: a221.g.akamai.net ] [ Main Direction: Server Client | Server to Client Traffic: 109 Bytes | Client to Server Traffic: 77 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"87","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.4 and port 61626 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753299288&flow_hash_id=112","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61626","srv_ip":{"blacklisted":"0","country":"IT","label":"connect.facebook.net","label_long":"connect.facebook.net","name":"connect.facebook.net","reference":"","value":"31.13.86.4"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: scontent.xx.fbcdn.net ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"88","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.208.170 and port 61633 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565099262&flow_hash_id=119","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61633","srv_ip":{"blacklisted":"0","country":"PT","label":"imasdk.googleapis.com","label_long":"imasdk.googleapis.com","name":"imasdk.googleapis.com","reference":"","value":"216.58.208.170"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 28/04/2020 09:51:28 - 21/07/2020 09:51:28 ] [ Cipher State: safe ] [ Requested Server Name: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.37 KB | Client to Server Traffic: 875 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"89","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58649 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524564&flow_hash_id=94","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58649","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 121 Bytes | Client to Server Traffic: 76 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.Facebook","label":"UDP:DNS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"90","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.36 and port 61630 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753300344&flow_hash_id=116","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61630","srv_ip":{"blacklisted":"0","country":"IT","label":"www.facebook.com","label_long":"www.facebook.com","name":"www.facebook.com","reference":"","value":"31.13.86.36"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"91","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 51226 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169524791&flow_hash_id=97","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"51226","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"92","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 54170 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169557570&flow_hash_id=91","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"54170","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 105 Bytes | Client to Server Traffic: 89 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"93","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.8 and port 61631 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753300572&flow_hash_id=117","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61631","srv_ip":{"blacklisted":"0","country":"IT","label":"graph.facebook.com","label_long":"graph.facebook.com","name":"graph.facebook.com","reference":"","value":"31.13.86.8"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: graph.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.61 KB | Client to Server Traffic: 1.16 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"94","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.115 and port 61615 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465138887&flow_hash_id=86","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61615","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.repubblica.it","label_long":"oasjs.repubblica.it","name":"oasjs.repubblica.it","reference":"","value":"13.224.102.115"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/03/2020 20:22:14 - 29/06/2020 20:22:14 ] [ Cipher State: safe ] [ Requested Server Name: oasjs.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.77 KB | Client to Server Traffic: 2.55 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"95","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.103.79 and port 61616 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465139363&flow_hash_id=87","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61616","srv_ip":{"blacklisted":"0","country":"CH","label":"login.kataweb.it","label_long":"login.kataweb.it","name":"login.kataweb.it","reference":"","value":"13.224.103.79"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/04/2020 10:23:21 - 09/07/2020 10:23:21 ] [ Cipher State: safe ] [ Requested Server Name: login.kataweb.it ] [ Main Direction: Server Client | Server to Client Traffic: 7.53 KB | Client to Server Traffic: 2.21 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"96","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.119 and port 61618 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465139659&flow_hash_id=104","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61618","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.repubblica.it","label_long":"scripts.repubblica.it","name":"scripts.repubblica.it","reference":"","value":"13.224.102.119"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 06/04/2020 03:21:47 - 05/07/2020 03:21:47 ] [ Cipher State: safe ] [ Requested Server Name: scripts.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 4.25 KB | Client to Server Traffic: 908 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"97","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63273 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169528678&flow_hash_id=96","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63273","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 91 Bytes | Client to Server Traffic: 75 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"98","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 64299 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169529194&flow_hash_id=89","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"64299","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 97 Bytes | Client to Server Traffic: 81 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS.GoogleServices","label":"UDP:DNS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"99","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 92.122.247.92 and port 61617 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=488924592&flow_hash_id=103","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61617","srv_ip":{"blacklisted":"0","country":"IT","label":"www.repubblica.it","label_long":"www.repubblica.it","name":"www.repubblica.it","reference":"","value":"92.122.247.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 07/04/2020 02:00:00 - 05/06/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 6.8 KB | Client to Server Traffic: 1.96 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"100","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.59 and port 61638 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465144719&flow_hash_id=126","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61638","srv_ip":{"blacklisted":"0","country":"CH","label":"www.gelestatic.it","label_long":"www.gelestatic.it","name":"www.gelestatic.it","reference":"","value":"13.224.102.59"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 03/04/2020 04:21:56 - 02/07/2020 04:21:56 ] [ Cipher State: safe ] [ Requested Server Name: www.gelestatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 3.82 KB | Client to Server Traffic: 580 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"101","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.106.106.121 and port 61635 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=689171149&flow_hash_id=121","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61635","srv_ip":{"blacklisted":"0","country":"IT","label":"cdns.gigya.com","label_long":"cdns.gigya.com","name":"cdns.gigya.com","reference":"","value":"104.106.106.121"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdns.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.39 KB | Client to Server Traffic: 839 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"102","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56374 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531979&flow_hash_id=102","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56374","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 176 Bytes | Client to Server Traffic: 82 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"103","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61619 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598468&flow_hash_id=105","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61619","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: b.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 520 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"104","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61620 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598724&flow_hash_id=106","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61620","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 517 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"105","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61621 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169598980&flow_hash_id=107","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61621","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"106","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61622 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599236&flow_hash_id=108","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61622","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"107","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61623 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599492&flow_hash_id=109","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61623","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"108","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61624 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169599748&flow_hash_id=110","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61624","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: gruppoespresso01.webtrekk.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 526 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"109","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56898 and port 53","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169535053&flow_hash_id=88","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56898","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: ping.chartbeat.net ] [ Main Direction: Server Client | Server to Client Traffic: 94 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"110","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.83.123.49 and port 61636 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=687668357&flow_hash_id=122","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61636","srv_ip":{"blacklisted":"0","country":"IT","label":"socialize.us1.gigya.com","label_long":"socialize.us1.gigya.com","name":"socialize.us1.gigya.com","reference":"","value":"104.83.123.49"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: socialize.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 6.17 KB | Client to Server Traffic: 1.22 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"111","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Mismatch","value":"23"},"alert_name":" TLS Certificate Mismatch","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Mismatch [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 184.51.127.56 and port 61632 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2027748492&flow_hash_id=118","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61632","srv_ip":{"blacklisted":"0","country":"IT","label":"184.51.127.56","label_long":"184.51.127.56","reference":"","value":"184.51.127.56"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 13/08/2019 02:00:00 - 12/08/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: cdn.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 3.15 KB | Client to Server Traffic: 576 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Mismatch [Score: 100]","fullname":"TLS Certificate Mismatch","name":"TLS Certificate Mismatch","value":23},"proto":{"label":"TCP","value":"6"},"row_id":"112","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_certificate_mismatch","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.83.123.49 and port 61637 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=687668613&flow_hash_id=125","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61637","srv_ip":{"blacklisted":"0","country":"IT","label":"socialize.us1.gigya.com","label_long":"socialize.us1.gigya.com","name":"socialize.us1.gigya.com","reference":"","value":"104.83.123.49"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 27/01/2020 02:00:00 - 27/03/2021 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: comments.us1.gigya.com ] [ Main Direction: Server Client | Server to Client Traffic: 6.17 KB | Client to Server Traffic: 975 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"113","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.94 and port 61661 and port 443","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465150642&flow_hash_id=143","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61661","srv_ip":{"blacklisted":"0","country":"CH","label":"www.repstatic.it","label_long":"www.repstatic.it","name":"www.repstatic.it","reference":"","value":"13.224.102.94"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 01/04/2020 05:21:53 - 30/06/2020 05:21:53 ] [ Cipher State: safe ] [ Requested Server Name: www.repstatic.it ] [ Main Direction: Server Client | Server to Client Traffic: 11.59 KB | Client to Server Traffic: 1.91 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"114","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61650 and port 443","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606404&flow_hash_id=132","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61650","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"115","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61651 and port 443","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169606660&flow_hash_id=133","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61651","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"116","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61657 and port 443","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608196&flow_hash_id=139","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61657","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 659 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"117","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61664 and port 443","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609988&flow_hash_id=146","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61664","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"118","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61665 and port 443","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610244&flow_hash_id=147","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61665","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagmanager.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"119","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61667 and port 443","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169610756&flow_hash_id=149","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61667","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googleadservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 521 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"120","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61643 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410236&flow_hash_id=129","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61643","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"121","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61644 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410492&flow_hash_id=130","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61644","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"122","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61645 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267410748&flow_hash_id=131","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61645","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"123","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61652 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267412540&flow_hash_id=134","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61652","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"124","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61653 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267412796&flow_hash_id=135","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61653","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"125","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61654 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413052&flow_hash_id=136","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61654","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"126","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61655 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413308&flow_hash_id=137","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61655","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"127","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61656 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267413564&flow_hash_id=138","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61656","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"128","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61658 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267414076&flow_hash_id=140","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61658","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"129","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61659 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267414332&flow_hash_id=141","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61659","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"130","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61662 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267415100&flow_hash_id=144","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61662","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"131","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61666 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267416124&flow_hash_id=148","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61666","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"132","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61670 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267417148&flow_hash_id=150","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61670","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"133","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61625 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600004&flow_hash_id=111","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61625","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: sb.scorecardresearch.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"134","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61627 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600516&flow_hash_id=113","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61627","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"135","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61628 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169600772&flow_hash_id=114","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61628","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn.taboola.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"136","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61629 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169601028&flow_hash_id=115","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61629","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 653 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"137","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.36 and port 61687 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753314936&flow_hash_id=170","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61687","srv_ip":{"blacklisted":"0","country":"IT","label":"www.facebook.com","label_long":"www.facebook.com","name":"www.facebook.com","reference":"","value":"31.13.86.36"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.facebook.com ] [ Main Direction: Client Server | Server to Client Traffic: 4.41 KB | Client to Server Traffic: 6.88 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"138","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 8.241.92.250 and port 61683 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3382381902&flow_hash_id=164","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61683","srv_ip":{"blacklisted":"0","country":"IT","label":"media.gedidigital.it","label_long":"media.gedidigital.it","name":"media.gedidigital.it","reference":"","value":"8.241.92.250"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 21/03/2020 13:21:56 - 19/06/2020 13:21:56 ] [ Cipher State: safe ] [ Requested Server Name: media.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 517.73 KB | Client to Server Traffic: 17.25 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"139","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 138.68.91.103 and port 61688 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1257115835&flow_hash_id=171","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61688","srv_ip":{"blacklisted":"0","country":"DE","label":"hits-i.iubenda.com","label_long":"hits-i.iubenda.com","name":"hits-i.iubenda.com","reference":"","value":"138.68.91.103"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/01/2020 02:00:00 - 31/01/2022 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 6 KB | Client to Server Traffic: 2.0 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"140","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 50013 and port 53","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169541938&flow_hash_id=162","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"50013","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: media.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 178 Bytes | Client to Server Traffic: 80 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"141","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 56544 and port 53","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169575499&flow_hash_id=172","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"56544","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: fbc.wcfbc.net ] [ Main Direction: Server Client | Server to Client Traffic: 89 Bytes | Client to Server Traffic: 73 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"142","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61672 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612036&flow_hash_id=152","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61672","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"143","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61675 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169612804&flow_hash_id=155","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61675","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: www.googletagservices.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 654 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"144","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61676 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613060&flow_hash_id=156","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61676","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: cdn-gl.imrworldwide.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 652 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"145","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61678 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169613572&flow_hash_id=158","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61678","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: static.chartbeat.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 649 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"146","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61682 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169614596&flow_hash_id=163","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61682","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.08 KB | Client to Server Traffic: 644 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"147","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61677 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044739753&flow_hash_id=157","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61677","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 10/12/2019 16:36:04 - 19/01/2021 15:11:04 ] [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Server Client | Server to Client Traffic: 5.94 KB | Client to Server Traffic: 4.09 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"148","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61671 and port 80","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267417404&flow_hash_id=151","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61671","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"149","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61673 and port 80","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267417916&flow_hash_id=153","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61673","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"150","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61679 and port 80","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267419452&flow_hash_id=159","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61679","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"151","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61680 and port 80","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267419708&flow_hash_id=160","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61680","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"152","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61681 and port 80","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267419964&flow_hash_id=161","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61681","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 632 Bytes | Client to Server Traffic: 747 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"153","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61686 and port 80","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267421244&flow_hash_id=168","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61686","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Response Status Code: OK ] [ User Agent: trustd (unknown version) CFNetwork/902.6 Darwin/17.7.0 (x86_64) ] [ URL: ocsp.int-x3.letsencrypt.org/MFgwVqADAgEAME8wTTBLMAkGBSsOAwIaBQAEFH7maudymrP8%2BKIgZGwWoS1gcQhdBBSoSmpjBH3duubRObemRWXv86jsoQISAz5JqGV%2B4ao1EMKq6MZy01gX ] [ Main Direction: Client Server | Server to Client Traffic: 558 Bytes | Client to Server Traffic: 681 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"154","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 58163 and port 53","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169531218&flow_hash_id=165","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"58163","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: d.adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 100 Bytes | Client to Server Traffic: 84 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"155","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 192.168.1.1 [Score: 100]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.1 and port 63928 and port 53","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169565288&flow_hash_id=169","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"63928","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.1","label_long":"192.168.1.1","reference":"","value":"192.168.1.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 142 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 192.168.1.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"156","score":{"color":"#ff3231","label":"110","value":110},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.45.75.18 and port 61684 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=685177958&flow_hash_id=166","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61684","srv_ip":{"blacklisted":"0","country":"NL","label":"d.adagiof3.repubblica.it","label_long":"d.adagiof3.repubblica.it","name":"d.adagiof3.repubblica.it","reference":"","value":"104.45.75.18"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 17/10/2019 14:51:03 - 09/12/2020 14:36:04 ] [ Cipher State: safe ] [ Requested Server Name: d.adagiof3.repubblica.it ] [ Main Direction: Server Client | Server to Client Traffic: 6.28 KB | Client to Server Traffic: 3.79 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Azure","label":"TCP:TLS.Azure","value":"276"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"157","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 31.13.86.36 and port 61674 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3753311608&flow_hash_id=154","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61674","srv_ip":{"blacklisted":"0","country":"IT","label":"www.facebook.com","label_long":"www.facebook.com","name":"www.facebook.com","reference":"","value":"31.13.86.36"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 15/04/2020 02:00:00 - 14/07/2020 14:00:00 ] [ Cipher State: safe ] [ Requested Server Name: www.facebook.com ] [ Main Direction: Server Client | Server to Client Traffic: 4.89 KB | Client to Server Traffic: 2.65 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Facebook","label":"TCP:TLS.Facebook","value":"119"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"158","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175203,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 172.217.21.67 and port 60856 and port 443","epoch_begin":1589741863,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1837271700&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60856","srv_ip":{"blacklisted":"0","country":"DE","label":"172.217.21.67","label_long":"172.217.21.67","reference":"","value":"172.217.21.67"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 264 Bytes | Client to Server Traffic: 341 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"159","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175197,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 138.68.91.103 and port 61690 and port 443","epoch_begin":1589741869,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1257116347&flow_hash_id=176","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61690","srv_ip":{"blacklisted":"0","country":"DE","label":"hits-i.iubenda.com","label_long":"hits-i.iubenda.com","name":"hits-i.iubenda.com","reference":"","value":"138.68.91.103"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 31/01/2020 02:00:00 - 31/01/2022 01:59:59 ] [ Cipher State: safe ] [ Requested Server Name: hits-i.iubenda.com ] [ Main Direction: Server Client | Server to Client Traffic: 5.77 KB | Client to Server Traffic: 1.05 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"160","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175197,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 35.190.242.29 and port 55099 and port 4070","epoch_begin":1589741869,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3832026470&flow_hash_id=174","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55099","srv_ip":{"blacklisted":"0","country":"US","label":"35.190.242.29","label_long":"35.190.242.29","reference":"","value":"35.190.242.29"},"srv_port":"4070"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 363 Bytes | Client to Server Traffic: 1.01 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Google","label":"TCP:Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"161","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61660 and port 443","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169608964&flow_hash_id=142","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61660","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: www.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"162","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" Obsolete TLS Version","value":"24"},"alert_name":" Obsolete TLS Version","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Obsolete TLS Version [Version: TLSv1] [Score: 100]"},"duration":60175199,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61663 and port 443","epoch_begin":1589741867,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169609732&flow_hash_id=145","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61663","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ Requested Server Name: ssl.google-analytics.com ] [ Main Direction: Client Server | Server to Client Traffic: 345 Bytes | Client to Server Traffic: 607 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Obsolete TLS Version [Version: TLSv1] [Score: 100]","fullname":"Obsolete TLS Version","name":"Obsolete TLS Version","value":24},"proto":{"label":"TCP","value":"6"},"row_id":"163","score":{"color":"#ff3231","label":"110","value":110},"script_key":"tls_old_protocol_version","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:47","value":1589741867},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175203,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 104.22.34.92 and port 60994 and port 443","epoch_begin":1589741863,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=683614638&flow_hash_id=2","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60994","srv_ip":{"blacklisted":"0","country":"US","label":"104.22.34.92","label_long":"104.22.34.92","reference":"","value":"104.22.34.92"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 180 Bytes | Client to Server Traffic: 293 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Cloudflare","label":"TCP:TLS.Cloudflare","value":"220"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"164","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.58 and port 61576 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465128846&flow_hash_id=36","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61576","srv_ip":{"blacklisted":"0","country":"CH","label":"oasjs.repubblica.it","label_long":"oasjs.repubblica.it","name":"oasjs.repubblica.it","reference":"","value":"13.224.102.58"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 74 Bytes | Client to Server Traffic: 132 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"165","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.10 and port 61577 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465129054&flow_hash_id=37","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61577","srv_ip":{"blacklisted":"0","country":"CH","label":"13.224.102.10","label_long":"13.224.102.10","reference":"","value":"13.224.102.10"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 74 Bytes | Client to Server Traffic: 132 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"166","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 13.224.102.127 and port 61578 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3465129427&flow_hash_id=38","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61578","srv_ip":{"blacklisted":"0","country":"CH","label":"scripts.kataweb.it","label_long":"scripts.kataweb.it","name":"scripts.kataweb.it","reference":"","value":"13.224.102.127"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 74 Bytes | Client to Server Traffic: 132 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.AmazonAWS","label":"TCP:TLS.AmazonAWS","value":"265"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"167","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175201,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.209.34 and port 61603 and port 443","epoch_begin":1589741865,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565091702&flow_hash_id=73","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61603","srv_ip":{"blacklisted":"0","country":"BG","label":"216.58.209.34","label_long":"216.58.209.34","reference":"","value":"216.58.209.34"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: partner.googleadservices.com ] [ Main Direction: Client Server | Server to Client Traffic: 497 Bytes | Client to Server Traffic: 976 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"168","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:45","value":1589741865},"vlan_id":"0"},{"additional_alerts":{"descr":"TLS Certificate Mismatch [Score: 100]
Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS Certificate Expired","value":"22"},"alert_name":" TLS Certificate Expired","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS Certificate Expired [Score: 100]"},"duration":60175197,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.176 and port 61691 and port 443","epoch_begin":1589741869,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169616900&flow_hash_id=177","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61691","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.176","label_long":"192.168.1.176","reference":"","value":"192.168.1.176"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 24/08/2019 20:04:13 - 22/11/2019 20:04:13 ] [ Cipher State: safe ] [ Requested Server Name: beacon.krxd.net ] [ Main Direction: Server Client | Server to Client Traffic: 2.02 KB | Client to Server Traffic: 512 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.ntop","label":"TCP:TLS.ntop","value":"26"},"msg":{"configset_ref":" ","description":"TLS Certificate Expired [Score: 100]","fullname":"TLS Certificate Expired","name":"TLS Certificate Expired","value":22},"proto":{"label":"TCP","value":"6"},"row_id":"169","score":{"color":"#ff3231","label":"210","value":210},"script_key":"tls_certificate_expired","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175203,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.205.68 and port 60854 and port 443","epoch_begin":1589741863,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565095573&flow_hash_id=3","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60854","srv_ip":{"blacklisted":"0","country":"FR","label":"216.58.205.68","label_long":"216.58.205.68","reference":"","value":"216.58.205.68"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 264 Bytes | Client to Server Traffic: 341 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"170","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175203,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.208.131 and port 60858 and port 443","epoch_begin":1589741863,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565097428&flow_hash_id=1","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"60858","srv_ip":{"blacklisted":"0","country":"PT","label":"216.58.208.131","label_long":"216.58.208.131","reference":"","value":"216.58.208.131"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 264 Bytes | Client to Server Traffic: 341 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Google","label":"TCP:TLS.Google","value":"126"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"171","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:43","value":1589741863},"vlan_id":"0"},{"additional_alerts":{"descr":"Remote to Remote [Score: 10]"},"alert_id":{"label":" TLS not carrying HTTPS","value":"46"},"alert_name":" TLS not carrying HTTPS","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"TLS not carrying HTTPS [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.85 and port 61685 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044741801&flow_hash_id=167","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61685","srv_ip":{"blacklisted":"0","country":"DE","label":"a.gedidigital.it","label_long":"a.gedidigital.it","name":"a.gedidigital.it","reference":"","value":"185.54.150.85"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: a.gedidigital.it ] [ Main Direction: Client Server | Server to Client Traffic: 1.88 KB | Client to Server Traffic: 2.0 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"TLS not carrying HTTPS [Score: 10]","fullname":"TLS not carrying HTTPS","name":"TLS not carrying HTTPS","value":46},"proto":{"label":"TCP","value":"6"},"row_id":"172","score":{"color":"#5cd65c","label":"20","value":20},"script_key":"ndpi_tls_not_carrying_https","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175198,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 185.54.150.123 and port 61689 and port 443","epoch_begin":1589741868,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2044742863&flow_hash_id=173","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61689","srv_ip":{"blacklisted":"0","country":"DE","label":"fbc.wcfbc.net","label_long":"fbc.wcfbc.net","name":"fbc.wcfbc.net","reference":"","value":"185.54.150.123"},"srv_port":"443"},"flow_related_info":{"descr":" [ TLS Certificate Validity: 11/01/2018 15:08:01 - 11/01/2021 15:08:01 ] [ Cipher State: safe ] [ Requested Server Name: fbc.wcfbc.net ] [ Main Direction: Server Client | Server to Client Traffic: 6.62 KB | Client to Server Traffic: 1.79 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS","label":"TCP:TLS","value":"91"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"173","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:48","value":1589741868},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 216.58.208.170 and port 61634 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2565099518&flow_hash_id=120","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61634","srv_ip":{"blacklisted":"0","country":"PT","label":"imasdk.googleapis.com","label_long":"imasdk.googleapis.com","name":"imasdk.googleapis.com","reference":"","value":"216.58.208.170"},"srv_port":"443"},"flow_related_info":{"descr":" [ Cipher State: safe ] [ Requested Server Name: imasdk.googleapis.com ] [ Main Direction: Server Client | Server to Client Traffic: 98.3 KB | Client to Server Traffic: 4.59 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleServices","label":"TCP:TLS.GoogleServices","value":"239"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"174","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175200,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 149.154.167.91 and port 55156 and port 443","epoch_begin":1589741866,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=1447286934&flow_hash_id=124","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55156","srv_ip":{"blacklisted":"0","country":"GB","label":"149.154.167.91","label_long":"149.154.167.91","reference":"","value":"149.154.167.91"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 66 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.Telegram","label":"TCP:TLS.Telegram","value":"185"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"175","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:46","value":1589741866},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175197,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 35.186.224.53 and port 55114 and port 443","epoch_begin":1589741869,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3831752560&flow_hash_id=175","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55114","srv_ip":{"blacklisted":"0","country":"US","label":"35.186.224.53","label_long":"35.186.224.53","reference":"","value":"35.186.224.53"},"srv_port":"443"},"flow_related_info":{"descr":" [ Main Direction: Server Client | Server to Client Traffic: 5.28 KB | Client to Server Traffic: 1.94 KB ]"},"l7_proto":{"l4_label":"TCP","l7_label":"TLS.GoogleCloud","label":"TCP:TLS.GoogleCloud","value":"284"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"176","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175197,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 2.23.155.233 and port 61692 and port 80","epoch_begin":1589741869,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=3267422780&flow_hash_id=178","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"61692","srv_ip":{"blacklisted":"0","country":"IT","label":"ocsp.int-x3.letsencrypt.…","label_long":"ocsp.int-x3.letsencrypt.org","name":"ocsp.int-x3.letsencrypt.org","reference":"","value":"2.23.155.233"},"srv_port":"80"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 0 Bytes | Client to Server Traffic: 78 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"HTTP","label":"TCP:HTTP","value":"7"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"177","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:49","value":1589741869},"vlan_id":"0"},{"additional_alerts":{"descr":""},"alert_id":{"label":" Remote to Remote","value":"16"},"alert_name":" Remote to Remote","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"count":1,"description":{"descr":"Remote to Remote [Score: 10]"},"duration":60175202,"family":"flow","filter":{"bpf":"host 192.168.1.93 and host 192.168.1.28 and port 55148 and port 49152","epoch_begin":1589741864,"epoch_end":1649917067},"flow":{"active_url":"/lua/flow_details.lua?flow_key=2169532438&flow_hash_id=4","cli_ip":{"blacklisted":"0","country":"","label":"lucas imac","label_long":"lucas imac","name":"lucas imac","reference":"","value":"192.168.1.93"},"cli_port":"55148","srv_ip":{"blacklisted":"0","country":"","label":"192.168.1.28","label_long":"192.168.1.28","reference":"","value":"192.168.1.28"},"srv_port":"49152"},"flow_related_info":{"descr":" [ Main Direction: Client Server | Server to Client Traffic: 144 Bytes | Client to Server Traffic: 210 Bytes ]"},"l7_proto":{"l4_label":"TCP","l7_label":"Unknown","label":"TCP:Unknown","value":"0"},"msg":{"configset_ref":" ","description":"Remote to Remote [Score: 10]","fullname":"Remote to Remote","name":"Remote to Remote","value":16},"proto":{"label":"TCP","value":"6"},"row_id":"178","score":{"color":"#5cd65c","label":"10","value":10},"script_key":"remote_to_remote","severity":{"color":"#5cd65c","label":" ","value":3},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#5cd65c","label":"17/05/2020 20:57:44","value":1589741864},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 178 records [57,306 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":3.1061172485352}}} diff --git a/tests/e2e/rest/result/v2/get_alert_data_02.out b/tests/e2e/rest/result/v2/get_alert_data_02.out index 691f6705e7..99974a1126 100644 --- a/tests/e2e/rest/result/v2/get_alert_data_02.out +++ b/tests/e2e/rest/result/v2/get_alert_data_02.out @@ -1,2 +1,2 @@ {"success":true} -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"DNS Packet Larger Than 512 bytes [Score: 50]
Malformed packet [Score: 10]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":"65535"},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 127.0.0.1 [Score: 100]"},"duration":58279515,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 50435 and port 53","epoch_begin":1591551760,"epoch_end":1649831276},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261427416&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"cli_port":"50435","srv_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.xt.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.79 KB | Client to Server Traffic: 70 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 127.0.0.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"170","value":170},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":"65535"},"tstamp":{"highlight":"#ff3231","label":"07/06/2020 19:42:40","value":1591551760},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 1 records [4,448 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.22482872009277}}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","recordsFiltered":1,"recordsTotal":1,"rsp":{"records":[{"additional_alerts":{"descr":"DNS Packet Larger Than 512 bytes [Score: 50]
Malformed packet [Score: 10]
Remote to Remote [Score: 10]"},"alert_id":{"label":" Unexpected DNS server found","value":"33"},"alert_name":" Unexpected DNS server found","cli_host_pool_id":{"label":"Default","value":"0"},"cli_network":{"label":"","value":""},"cli_role":{"label":"Is Attacker","tag_label":"Is Attacker","value":"attacker"},"count":1,"description":{"descr":"Unexpected DNS server found: 127.0.0.1 [Score: 100]"},"duration":58365446,"family":"flow","filter":{"bpf":"host 127.0.0.1 and host 127.0.0.1 and port 50435 and port 53","epoch_begin":1591551760,"epoch_end":1649917207},"flow":{"active_url":"/lua/flow_details.lua?flow_key=4261427416&flow_hash_id=0","cli_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"cli_port":"50435","srv_ip":{"blacklisted":"0","country":"","label":"localhost","label_long":"localhost","name":"localhost","reference":"","value":"127.0.0.1"},"srv_port":"53"},"flow_related_info":{"descr":" [ Query Type: A ] [ Return Code: NOERROR ] [ URL: www.xt.com ] [ Main Direction: Server Client | Server to Client Traffic: 2.79 KB | Client to Server Traffic: 70 Bytes ]"},"l7_proto":{"l4_label":"UDP","l7_label":"DNS","label":"UDP:DNS","value":"5"},"msg":{"configset_ref":" ","description":"Unexpected DNS server found: 127.0.0.1 [Score: 100]","fullname":"Unexpected DNS server found","name":"Unexpected DNS server found","value":33},"proto":{"label":"UDP","value":"17"},"row_id":"1","score":{"color":"#ff3231","label":"170","value":170},"script_key":"unexpected_dns","severity":{"color":"#ff3231","label":" ","value":5},"srv_host_pool_id":{"label":"Default","value":"0"},"srv_network":{"label":"","value":""},"tstamp":{"highlight":"#ff3231","label":"07/06/2020 19:42:40","value":1591551760},"vlan_id":"0"}],"stats":{"num_records_processed":"Processed 1 records [4,609 records/sec]","query":" SELECT 4 entity_id, (tstamp_end - tstamp) duration, *, hex(alerts_map) alerts_map FROM `flow_alerts` WHERE 1 = 1 ","query_duration_msec":0.21696090698242}}} diff --git a/tests/e2e/rest/result/v2/get_host_data_01.out b/tests/e2e/rest/result/v2/get_host_data_01.out index 5fe22fd007..bdf3e326b7 100644 --- a/tests/e2e/rest/result/v2/get_host_data_01.out +++ b/tests/e2e/rest/result/v2/get_host_data_01.out @@ -1 +1 @@ -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"ICMPv4":[],"active_alerted_flows":45,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":45,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":18,"contacts.as_server":1,"continent":"","countries_contacts":{"value":3},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":57672503,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"luca’s imac","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":4095,"score.as_client":4095,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3471,"upper_bound":4196,"value":4095},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1647414365,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.050607152283192,"throughput_pps":6.153713184176e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":45,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"ICMPv4":[],"active_alerted_flows":40,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":40,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":53,"contacts.as_server":1,"continent":"","countries_contacts":{"value":2},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":60176174,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"luca’s imac","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":3645,"score.as_client":3645,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3063,"upper_bound":3740,"value":3645},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1649918036,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.04850160703063,"throughput_pps":5.8976838772651e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":40,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0}} diff --git a/tests/e2e/rest/result/v2/get_host_data_02.out b/tests/e2e/rest/result/v2/get_host_data_02.out index 9c9899998d..99d918e98d 100644 --- a/tests/e2e/rest/result/v2/get_host_data_02.out +++ b/tests/e2e/rest/result/v2/get_host_data_02.out @@ -1 +1 @@ -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"ICMPv4":[],"active_alerted_flows":45,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":45,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":18,"contacts.as_server":1,"continent":"","countries_contacts":{"value":3},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":57672580,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"luca’s imac","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":4095,"score.as_client":4095,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3471,"upper_bound":4196,"value":4095},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1647414442,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.050607081502676,"throughput_pps":6.1537044530269e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":45,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"ICMPv4":[],"active_alerted_flows":40,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":40,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":53,"contacts.as_server":1,"continent":"","countries_contacts":{"value":2},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":60176249,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"luca’s imac","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":3645,"score.as_client":3645,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3063,"upper_bound":3740,"value":3645},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1649918111,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.048501547425985,"throughput_pps":5.8976762375096e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":40,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0}} diff --git a/tests/e2e/rest/result/v2/get_interface_data_01.out b/tests/e2e/rest/result/v2/get_interface_data_01.out index 9d647839eb..d4c6297aaa 100644 --- a/tests/e2e/rest/result/v2/get_interface_data_01.out +++ b/tests/e2e/rest/result/v2/get_interface_data_01.out @@ -1 +1 @@ -{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"active_discovery_active":false,"alerted_flows":45,"alerted_flows_error":42,"alerted_flows_notice":1,"alerted_flows_warning":2,"bytes":3744757,"bytes_download":3744757,"bytes_upload":0,"download_upload_chart":{"download":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"upload":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"dropped_alerts":0,"drops":0,"engaged_alerts":0,"engaged_alerts_error":0,"engaged_alerts_notice":0,"engaged_alerts_warning":0,"epoch":1643802730,"flow_dropped_alerts":0,"flows_pctg":1,"host_dropped_alerts":0,"hosts_pctg":1,"ifid":"0","ifname":"test_01.pcap","is_view":false,"local2remote":185214,"localtime":"12:52:10 +0100","macs_pctg":1,"num_devices":4,"num_flows":179,"num_hosts":42,"num_live_captures":0,"num_local_hosts":4,"num_local_hosts_anomalies":0,"num_remote_hosts_anomalies":0,"other_dropped_alerts":0,"packets":5000,"packets_download":5000,"packets_upload":0,"periodic_stats_update_frequency_secs":5,"profiles":[],"remote2local":3332878,"remote_bps":0,"remote_pps":0,"speed":1000,"system_host_stats":{"alerts_queries":51,"alerts_stats":{"alert_queues":{"internal_alerts_queue":{"pct_not_enqueued":0}}},"cpu_load":0.49000000953674,"cpu_states":{"guest":0,"guest_nice":0,"idle":95.894526034713,"iowait":0.033377837116155,"irq":0,"nice":0,"softirq":0.016688918558077,"steal":0,"system":0.56742323097463,"user":3.4879839786382},"dropped_alerts":0,"mem_buffers":1710216,"mem_cached":8324844,"mem_free":1231780,"mem_ntopng_resident":528784,"mem_ntopng_virtual":21475361800,"mem_shmem":0,"mem_sreclaimable":953524,"mem_total":32724896,"mem_used":20504532,"written_alerts":0},"tcpPacketStats":{"lost":0,"out_of_order":0,"retransmissions":10},"throughput":{"download":{"bps":0,"pps":0},"upload":{"bps":0,"pps":0}},"throughput_bps":0,"throughput_pps":0,"uptime":"00:24 sec"}} +{"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":{"active_discovery_active":false,"alerted_flows":40,"alerted_flows_error":37,"alerted_flows_notice":1,"alerted_flows_warning":2,"bytes":3744757,"bytes_download":3744757,"bytes_upload":0,"download_upload_chart":{"download":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"upload":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"dropped_alerts":0,"drops":0,"engaged_alerts":0,"engaged_alerts_error":0,"engaged_alerts_notice":0,"engaged_alerts_warning":0,"epoch":1649918715,"flow_dropped_alerts":0,"flows_pctg":1,"host_dropped_alerts":0,"hosts_pctg":1,"ifid":"0","ifname":"test_01.pcap","is_view":false,"local2remote":185214,"localtime":"08:45:15 +0200","macs_pctg":1,"num_devices":4,"num_flows":179,"num_hosts":42,"num_live_captures":0,"num_local_hosts":4,"num_local_hosts_anomalies":0,"num_remote_hosts_anomalies":0,"other_dropped_alerts":0,"packets":5000,"packets_download":5000,"packets_upload":0,"periodic_stats_update_frequency_secs":5,"profiles":[],"remote2local":3332878,"remote_bps":0,"remote_pps":0,"speed":1000,"system_host_stats":{"alerts_queries":49,"alerts_stats":{"alert_queues":{"internal_alerts_queue":{"pct_not_enqueued":0}}},"cpu_load":0.30000001192093,"cpu_states":{"guest":0,"guest_nice":0,"idle":95.872801082544,"iowait":0.06765899864682,"irq":0,"nice":0,"softirq":0.93031123139378,"steal":0,"system":0.71041948579161,"user":2.4188092016238},"dropped_alerts":0,"mem_buffers":1229140,"mem_cached":14210148,"mem_free":266984,"mem_ntopng_resident":481796,"mem_ntopng_virtual":21475370852,"mem_shmem":0,"mem_sreclaimable":1488808,"mem_total":32724536,"mem_used":15529456,"written_alerts":0},"tcpPacketStats":{"lost":0,"out_of_order":0,"retransmissions":10},"throughput":{"download":{"bps":0,"pps":0},"upload":{"bps":0,"pps":0}},"throughput_bps":0,"throughput_pps":0,"uptime":"00:24 sec"}} diff --git a/tests/e2e/rest/result/v2/set_host_alias_01.out b/tests/e2e/rest/result/v2/set_host_alias_01.out index 7b9359823a..99620351da 100644 --- a/tests/e2e/rest/result/v2/set_host_alias_01.out +++ b/tests/e2e/rest/result/v2/set_host_alias_01.out @@ -1,2 +1,2 @@ {"rc":0,"rc_str":"OK","rc_str_hr":"Success","rsp":[]} -{"ICMPv4":[],"active_alerted_flows":45,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":45,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":18,"contacts.as_server":1,"continent":"","countries_contacts":{"value":3},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":57674380,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"charles","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":4095,"score.as_client":4095,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3471,"upper_bound":4196,"value":4095},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1647416242,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.05060550570488,"throughput_pps":6.1535123677459e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":45,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0} +{"ICMPv4":[],"active_alerted_flows":40,"active_flows.as_client":178,"active_flows.as_server":1,"active_flows_behaviour":{"as_client":{"anomaly":false,"lower_bound":155,"upper_bound":182,"value":178},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":2,"value":1},"tot_num_anomalies":0},"active_http_hosts":0,"alerted_flows.as_client":40,"alerted_flows.as_server":0,"asn":0,"asname":"","broadcast_domain_host":false,"bytes.ndpi.unknown":5204,"bytes.rcvd":3412029,"bytes.rcvd.anomaly_index":0,"bytes.sent":212728,"bytes.sent.anomaly_index":0,"bytes_ratio":-0.88262498378754,"cardinality":{"num_contacted_hosts_as_client":37,"num_contacted_ports_as_client":4,"num_contacted_services_as_client":45,"num_host_contacted_ports_as_server":1,"num_host_contacts_as_server":1},"city":"","contacted_hosts_behaviour":{"anomaly":false,"lower_bound":16,"upper_bound":20,"value":17.342973709106},"contacts.as_client":53,"contacts.as_server":1,"continent":"","countries_contacts":{"value":2},"country":"","crawlerBotScannerHost":false,"devtype":0,"dhcpHost":false,"dns":{"rcvd":{"num_queries":0,"num_replies_error":0,"num_replies_ok":45,"queries":{"num_a":0,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}},"sent":{"num_queries":45,"num_replies_error":0,"num_replies_ok":0,"queries":{"num_a":45,"num_aaaa":0,"num_any":0,"num_cname":0,"num_mx":0,"num_ns":0,"num_other":0,"num_ptr":0,"num_soa":0,"num_txt":0}}},"dscp":{"cs0":{"bytes.rcvd":3412029,"bytes.sent":212728,"packets.rcvd":3008,"packets.sent":1992}},"duration":60178069,"flows.as_client":178,"flows.as_server":1,"hassh_fingerprint":[],"hiddenFromTop":false,"hits.flow_flood_attacker":23,"host_pool_id":0,"host_services_bitmap":0,"host_unreachable_flows.as_client":0,"host_unreachable_flows.as_server":0,"http":{"receiver":{"query":{"num_get":0,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":0},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":33,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":33}},"sender":{"query":{"num_get":33,"num_head":0,"num_other":0,"num_post":0,"num_put":0,"total":33},"rate":{"query":{"get":0,"head":0,"other":0,"post":0,"put":0},"response":{"1xx":0,"2xx":0,"3xx":0,"4xx":0,"5xx":0}},"response":{"num_1xx":0,"num_2xx":0,"num_3xx":0,"num_4xx":0,"num_5xx":0,"total":0}},"virtual_hosts":[]},"icmp.bytes.rcvd":0,"icmp.bytes.rcvd.anomaly_index":0,"icmp.bytes.sent":0,"icmp.bytes.sent.anomaly_index":0,"icmp.packets.rcvd":0,"icmp.packets.sent":0,"ifid":0,"ip":"192.168.1.93","ipkey":3232235869,"is_blacklisted":false,"is_broadcast":false,"is_multicast":false,"ja3_fingerprint":{"43fb797519e1a449ff3b09bda3556c17":{"app_name":"","is_malicious":false,"num_uses":3},"7570245c781d7d7a68e31419177e728d":{"app_name":"","is_malicious":false,"num_uses":22},"a69708a64f853c3bcc214c2c5faf84f3":{"app_name":"","is_malicious":false,"num_uses":59},"d78489b860c8bf7838a6ff0b4d131541":{"app_name":"","is_malicious":false,"num_uses":2},"ee4ced3f2d15de4b5cb6fb0a894fec9f":{"app_name":"","is_malicious":false,"num_uses":1}},"latitude":0,"local_network_id":0,"local_network_name":"192.168.1.0/24","localhost":true,"longitude":0,"mac":"28:37:37:00:6D:C8","name":"Charles","names":{"mdns":"luca’s imac"},"ndpi":{"AmazonAWS":{"breed":"Acceptable","bytes.rcvd":348959,"bytes.sent":53026,"duration":10,"num_flows":8,"packets.rcvd":408,"packets.sent":448},"Azure":{"breed":"Acceptable","bytes.rcvd":6433,"bytes.sent":3886,"duration":5,"num_flows":0,"packets.rcvd":9,"packets.sent":11},"DNS":{"breed":"Acceptable","bytes.rcvd":5998,"bytes.sent":3578,"duration":5,"num_flows":38,"packets.rcvd":45,"packets.sent":45},"Facebook":{"breed":"Fun","bytes.rcvd":209668,"bytes.sent":22403,"duration":5,"num_flows":5,"packets.rcvd":203,"packets.sent":170},"Google":{"breed":"Acceptable","bytes.rcvd":18259,"bytes.sent":7426,"duration":5,"num_flows":12,"packets.rcvd":54,"packets.sent":66},"GoogleCloud":{"breed":"Acceptable","bytes.rcvd":5411,"bytes.sent":1983,"duration":5,"num_flows":0,"packets.rcvd":10,"packets.sent":10},"GoogleServices":{"breed":"Acceptable","bytes.rcvd":121178,"bytes.sent":10804,"duration":5,"num_flows":6,"packets.rcvd":125,"packets.sent":111},"HTTP":{"breed":"Acceptable","bytes.rcvd":18932,"bytes.sent":22857,"duration":5,"num_flows":25,"packets.rcvd":172,"packets.sent":204},"MDNS":{"breed":"Acceptable","bytes.rcvd":0,"bytes.sent":320,"duration":5,"num_flows":0,"packets.rcvd":0,"packets.sent":1},"TLS":{"breed":"Safe","bytes.rcvd":2647954,"bytes.sent":75078,"duration":10,"num_flows":37,"packets.rcvd":1897,"packets.sent":816},"Unknown":{"breed":"Unrated","bytes.rcvd":1701,"bytes.sent":3503,"duration":10,"num_flows":1,"packets.rcvd":23,"packets.sent":37},"ntop":{"breed":"Safe","bytes.rcvd":27536,"bytes.sent":7864,"duration":10,"num_flows":0,"packets.rcvd":62,"packets.sent":73}},"ndpi_categories":{"Advertisement":{"bytes":41083,"bytes.rcvd":29755,"bytes.sent":11328,"category":101,"duration":5},"Cloud":{"bytes":419698,"bytes.rcvd":360803,"bytes.sent":58895,"category":13,"duration":10},"Network":{"bytes":7246,"bytes.rcvd":4489,"bytes.sent":2757,"category":14,"duration":5},"SocialNetwork":{"bytes":232690,"bytes.rcvd":210053,"bytes.sent":22637,"category":6,"duration":5},"Unspecified":{"bytes":5204,"bytes.rcvd":1701,"bytes.sent":3503,"category":0,"duration":10},"Web":{"bytes":2918836,"bytes.rcvd":2805228,"bytes.sent":113608,"category":5,"duration":10}},"num_alerts":0,"num_blacklisted_flows":{"as_client":0,"as_server":0,"tot_as_client":0,"tot_as_server":0},"num_flow_alerts":0,"observation_point_id":0,"os":0,"os_detail":"","other_ip.bytes.rcvd":0,"other_ip.bytes.rcvd.anomaly_index":0,"other_ip.bytes.sent":0,"other_ip.bytes.sent.anomaly_index":0,"other_ip.packets.rcvd":0,"other_ip.packets.sent":0,"packets.rcvd":3008,"packets.rcvd.anomaly_index":0,"packets.sent":1992,"packets.sent.anomaly_index":0,"pktStats.recv":{"size":{"above9000":0,"upTo1024":102,"upTo128":559,"upTo1518":2174,"upTo2500":0,"upTo256":71,"upTo512":100,"upTo64":3,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":73,"rst":0,"syn":0,"synack":130}},"pktStats.sent":{"size":{"above9000":0,"upTo1024":26,"upTo128":1700,"upTo1518":12,"upTo2500":0,"upTo256":129,"upTo512":119,"upTo64":5,"upTo6500":0,"upTo9000":0},"tcp_flags":{"finack":83,"rst":3,"syn":124,"synack":0}},"pkts_ratio":-0.20319999754429,"privatehost":true,"score":3645,"score.as_client":3645,"score.as_server":0,"score_behaviour":{"as_client":{"anomaly":false,"lower_bound":3063,"upper_bound":3740,"value":3645},"as_server":{"anomaly":false,"lower_bound":0,"upper_bound":1,"value":0},"tot_num_anomalies":0},"score_pct":{"score_breakdown_client":{"0":0,"1":100},"score_breakdown_server":{"0":0,"1":0}},"seen.first":1589741863,"seen.last":1649919931,"server_contacts":{"dns":1,"domain_names":42,"ntp":0,"smtp":0},"systemhost":false,"tcp.bytes.rcvd":3406031,"tcp.bytes.rcvd.anomaly_index":0,"tcp.bytes.sent":208830,"tcp.bytes.sent.anomaly_index":0,"tcp.packets.rcvd":2963,"tcp.packets.sent":1946,"tcp.packets.seq_problems":true,"tcpPacketStats.rcvd":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":8},"tcpPacketStats.sent":{"keep_alive":0,"lost":0,"out_of_order":0,"retransmissions":2},"throughput_bps":0.048500079661608,"throughput_pps":5.897497976548e-05,"throughput_trend_bps":1,"throughput_trend_pps":1,"total_activity_time":15,"total_alerts":40,"total_flows.as_client":178,"total_flows.as_server":1,"tskey":"192.168.1.93","udp.bytes.rcvd":5998,"udp.bytes.rcvd.anomaly_index":0,"udp.bytes.sent":3898,"udp.bytes.sent.anomaly_index":0,"udp.packets.rcvd":45,"udp.packets.sent":46,"udpBytesSent.non_unicast":0,"udpBytesSent.unicast":3898,"unreachable_flows.as_client":0,"unreachable_flows.as_server":0,"vlan":0}