diff --git a/packages/cloudflare/_dev/build/build.yml b/packages/cloudflare/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/cloudflare/_dev/build/build.yml +++ b/packages/cloudflare/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index 87991ee0d77..8db73b92603 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "1.3.2" changes: - description: Add documentation for multi-fields diff --git a/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index c55a6719281..1822380658d 100644 --- a/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -9,7 +9,7 @@ }, "@timestamp": "2021-11-30T20:19:48.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -60,7 +60,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344039179Z", "original": "{\"action\":{\"result\":true,\"type\":\"token_create\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"73fd39ed-5aab-4a2a-b93c-c9a4abf0c425\",\"interface\":\"\",\"metadata\":{\"token_name\":\"test\",\"token_tag\":\"b7261c49a793a82678d12285f0bc1401\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-11-30T20:19:48Z\"}", "kind": "event", "action": "token_create", @@ -90,7 +89,7 @@ }, "@timestamp": "2021-11-30T20:19:27.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -143,7 +142,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344041494Z", "original": "{\"action\":{\"result\":true,\"type\":\"token_revoke\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"9929d149-1c4e-4524-87b5-bb81e83b5c84\",\"interface\":\"\",\"metadata\":{\"new_token_status\":\"deleted\",\"old_token_status\":\"active\",\"token_name\":\"test\",\"token_tag\":\"70b6abc4efe977131126486cdd1c00c5\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-11-30T20:19:27Z\"}", "kind": "event", "action": "token_revoke", @@ -173,7 +171,7 @@ }, "@timestamp": "2021-11-30T20:18:43.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -220,7 +218,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344042432Z", "original": "{\"action\":{\"result\":true,\"type\":\"API_key_view\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"de577d32-d81a-4fe9-95bc-3cff46d9759e\",\"interface\":\"\",\"metadata\":{},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"user\"},\"when\":\"2021-11-30T20:18:43Z\"}", "kind": "event", "action": "api_key_view", @@ -250,7 +247,7 @@ }, "@timestamp": "2021-11-30T13:42:17.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -297,7 +294,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344043306Z", "original": "{\"action\":{\"result\":true,\"type\":\"API_key_view\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"dc0b470f-17b0-4bff-9113-a4fba3bf052c\",\"interface\":\"\",\"metadata\":{},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"user\"},\"when\":\"2021-11-30T13:42:17Z\"}", "kind": "event", "action": "api_key_view", @@ -327,7 +323,7 @@ }, "@timestamp": "2021-11-30T13:42:04.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -374,7 +370,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344044118Z", "original": "{\"action\":{\"info\":\"key digest: c6b5d100d7ce492d24c5b13160fce1cc0092ce7e8d8430e9f5cf5468868be6f6\",\"result\":true,\"type\":\"rotate_API_key\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"8d3396e8-c903-5a66-9421-00fc34570550\",\"interface\":\"\",\"metadata\":{},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-11-30T13:42:04Z\"}", "kind": "event", "action": "rotate_api_key", @@ -404,7 +399,7 @@ }, "@timestamp": "2021-11-30T13:42:04.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -451,7 +446,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344044876Z", "original": "{\"action\":{\"result\":true,\"type\":\"API_key_created\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"9320d713-8466-595e-a9f6-73891f89e8a3\",\"interface\":\"\",\"metadata\":{},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"c6b5d100d7ce492d24c5b13160fce1cc0092ce7e8d8430e9f5cf5468868be6f6\",\"type\":\"api_key\"},\"when\":\"2021-11-30T13:42:04Z\"}", "kind": "event", "action": "api_key_created", @@ -481,7 +475,7 @@ }, "@timestamp": "2021-11-30T13:36:45.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -532,7 +526,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344045642Z", "original": "{\"action\":{\"result\":true,\"type\":\"token_create\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"ceced925-a34c-4a3e-a3ae-5f35c00cf6c8\",\"interface\":\"\",\"metadata\":{\"token_name\":\"test\",\"token_tag\":\"70b6abc4efe977131126486cdd1c00c5\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-11-30T13:36:45Z\"}", "kind": "event", "action": "token_create", @@ -562,7 +555,7 @@ }, "@timestamp": "2021-11-30T13:34:03.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -609,7 +602,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344046392Z", "original": "{\"action\":{\"result\":true,\"type\":\"login\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"1034b2fe-abcc-523e-ab47-3d3ea14516fa\",\"interface\":\"\",\"metadata\":{},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-11-30T13:34:03Z\"}", "kind": "event", "action": "login", @@ -639,7 +631,7 @@ }, "@timestamp": "2021-10-17T10:13:46.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -689,7 +681,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344047145Z", "original": "{\"action\":{\"result\":true,\"type\":\"purge\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"2fedadd2-dda6-5357-9b08-c231baf1a172\",\"interface\":\"\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"type\":\"zone\"},\"when\":\"2021-10-17T10:13:46Z\"}", "kind": "event", "action": "purge", @@ -719,7 +710,7 @@ }, "@timestamp": "2021-10-10T10:13:46.214Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -727,7 +718,6 @@ ] }, "event": { - "ingested": "2021-12-30T04:25:39.344048024Z", "original": "{\"action\":{\"result\":true,\"type\":\"tls_settings_deployed\"},\"actor\":{\"id\":\"1\",\"type\":\"system\"},\"id\":\"2ce6e0db-5527-4870-8f66-8ede1cd38791\",\"interface\":\"\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"ciphers\":\"\",\"early_hints\":\"Default\",\"http_2\":\"Enabled\",\"min_tls_version\":\"TLSv1.0\",\"quic\":\"Default\",\"session_tickets\":\"Enabled\",\"tls_13\":\"Default\",\"zero_rtt\":\"Default\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"type\":\"zone\"},\"when\":\"2021-10-10T10:13:46.214209Z\"}", "kind": "event", "action": "tls_settings_deployed", @@ -782,7 +772,7 @@ }, "@timestamp": "2021-10-10T10:13:44.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -832,7 +822,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344048797Z", "original": "{\"action\":{\"result\":true,\"type\":\"delete\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"79ffe165-ebc7-502e-bf57-2bdba27ab100\",\"interface\":\"\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"type\":\"zone\"},\"when\":\"2021-10-10T10:13:44Z\"}", "kind": "event", "action": "delete", @@ -862,7 +851,7 @@ }, "@timestamp": "2021-08-09T10:38:04.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -915,7 +904,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344049739Z", "original": "{\"action\":{\"result\":true,\"type\":\"token_revoke\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"085982b3-dd56-43cd-97f9-68bfd672eacd\",\"interface\":\"\",\"metadata\":{\"new_token_status\":\"deleted\",\"old_token_status\":\"active\",\"token_name\":\"Read analytics and logs\",\"token_tag\":\"3015871186ce9ce13abf200d2fdd39bb\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-08-09T10:38:04Z\"}", "kind": "event", "action": "token_revoke", @@ -945,7 +933,7 @@ }, "@timestamp": "2021-08-09T10:38:01.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -998,7 +986,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344050510Z", "original": "{\"action\":{\"result\":true,\"type\":\"token_revoke\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"1d6bb655-9645-495b-bebe-f4537c2f7eaa\",\"interface\":\"\",\"metadata\":{\"new_token_status\":\"deleted\",\"old_token_status\":\"active\",\"token_name\":\"Read all resources\",\"token_tag\":\"57baa252c3f0a4b1082848000a969b2b\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-08-09T10:38:01Z\"}", "kind": "event", "action": "token_revoke", @@ -1028,7 +1015,7 @@ }, "@timestamp": "2021-08-09T10:36:30.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1081,7 +1068,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344051272Z", "original": "{\"action\":{\"result\":true,\"type\":\"token_roll\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"2fc845f5-9180-44c2-b67d-154bce5b220e\",\"interface\":\"\",\"metadata\":{\"new_token_hash\":\"3feb599ff44fa121eeb4989ffdf725cbdfae12ffb73e65131e42290da0dfb45b\",\"old_token_hash\":\"a2c8f6ae8f72f9e46c1448a0d8be12e0946c85c408ce6a55c81f41b78df584c6\",\"token_name\":\"Read all resources\",\"token_tag\":\"57baa252c3f0a4b1082848000a969b2b\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-08-09T10:36:30Z\"}", "kind": "event", "action": "token_roll", @@ -1111,7 +1097,7 @@ }, "@timestamp": "2021-08-09T10:33:55.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1162,7 +1148,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344052109Z", "original": "{\"action\":{\"result\":true,\"type\":\"token_create\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"fc13c1d1-22ff-4574-a01f-7a3506b93d3a\",\"interface\":\"\",\"metadata\":{\"token_name\":\"Read analytics and logs\",\"token_tag\":\"3015871186ce9ce13abf200d2fdd39bb\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-08-09T10:33:55Z\"}", "kind": "event", "action": "token_create", @@ -1192,7 +1177,7 @@ }, "@timestamp": "2021-08-09T10:20:00.289Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1252,7 +1237,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344052875Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"46256ba8-2188-432c-8f55-21cfd2caf7d6\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"null\",\"oldValue\":\"null\",\"oldValueJson\":{\"content\":\"firebase=frc-scout\",\"id\":\"920a5b813ec88edce032f0303684ec4b\",\"name\":\"example.com\",\"proxied\":false,\"ttl\":1,\"type\":\"TXT\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065315\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:20:00.289876Z\"}", "provider": "UI", "kind": "event", @@ -1283,7 +1267,7 @@ }, "@timestamp": "2021-08-09T10:19:58.237Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1343,7 +1327,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344053766Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"67a29a10-e567-4123-8453-65ddcc95a411\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"null\",\"oldValue\":\"null\",\"oldValueJson\":{\"content\":\"v=spf1 include:_spf.firebasemail.com ~all\",\"id\":\"5235557990af5ef6c7e5efa6a55cbb6a\",\"name\":\"example.com\",\"proxied\":false,\"ttl\":1,\"type\":\"TXT\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065318\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:19:58.237877Z\"}", "provider": "UI", "kind": "event", @@ -1374,7 +1357,7 @@ }, "@timestamp": "2021-08-09T10:19:55.959Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1434,7 +1417,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344054521Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"c61e6039-6c53-42e8-8f30-24812d5d83dc\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"oldValueJson\":{\"content\":\"xClZppVPmuzSwaAIv-asdfasdfasdfa\",\"id\":\"6d1f29371601a520a621880746bfc754\",\"name\":\"_acme-challenge.example.com\",\"proxied\":false,\"ttl\":1,\"type\":\"TXT\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065321\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:19:55.959347Z\"}", "provider": "UI", "kind": "event", @@ -1465,7 +1447,7 @@ }, "@timestamp": "2021-08-09T10:19:53.671Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1526,7 +1508,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344055271Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"db70fb89-0070-4591-8dbd-1b4277a056fc\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"oldValueJson\":{\"content\":\"gmr-smtp-in.l.google.com\",\"id\":\"0032abba95117ec00ea9e80443ec4328\",\"name\":\"example.com\",\"priority\":5,\"proxied\":false,\"ttl\":1,\"type\":\"MX\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065324\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:19:53.671977Z\"}", "provider": "UI", "kind": "event", @@ -1557,7 +1538,7 @@ }, "@timestamp": "2021-08-09T10:19:51.321Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1618,7 +1599,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344056040Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"d135d737-3a93-4a99-8ba3-8eaf8a149daf\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"oldValueJson\":{\"content\":\"alt1.gmr-smtp-in.l.google.com\",\"id\":\"c84049638d49a7569dcd2e29592f7f64\",\"name\":\"example.com\",\"priority\":10,\"proxied\":false,\"ttl\":1,\"type\":\"MX\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065330\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:19:51.321861Z\"}", "provider": "UI", "kind": "event", @@ -1649,7 +1629,7 @@ }, "@timestamp": "2021-08-09T10:19:48.875Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1710,7 +1690,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344056808Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"c6eca550-2e5b-43da-8125-4857d928899e\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"oldValueJson\":{\"content\":\"alt2.gmr-smtp-in.l.google.com\",\"id\":\"f83d5eb5f7f93c67d57e008d848ee3d1\",\"name\":\"example.com\",\"priority\":20,\"proxied\":false,\"ttl\":1,\"type\":\"MX\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065333\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:19:48.87573Z\"}", "provider": "UI", "kind": "event", @@ -1741,7 +1720,7 @@ }, "@timestamp": "2021-08-09T10:19:46.609Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1802,7 +1781,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344057578Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"df20e4be-09f1-44b2-b1ee-3d44b7eca81e\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"oldValueJson\":{\"content\":\"alt3.gmr-smtp-in.l.google.com\",\"id\":\"5cf70e1b541a242428ece2af214889b2\",\"name\":\"example.com\",\"priority\":30,\"proxied\":false,\"ttl\":1,\"type\":\"MX\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065336\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:19:46.609249Z\"}", "provider": "UI", "kind": "event", @@ -1833,7 +1811,7 @@ }, "@timestamp": "2021-08-09T10:19:44.409Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1894,7 +1872,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344058354Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"ab8dd3c6-fecd-4360-a3e2-6177520a428b\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"oldValueJson\":{\"content\":\"alt4.gmr-smtp-in.l.google.com\",\"id\":\"e80fa3d2167cfcaf172201e46c79c004\",\"name\":\"example.com\",\"priority\":40,\"proxied\":false,\"ttl\":1,\"type\":\"MX\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065339\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:19:44.409826Z\"}", "provider": "UI", "kind": "event", @@ -1925,7 +1902,7 @@ }, "@timestamp": "2021-08-09T10:19:41.639Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1985,7 +1962,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344059224Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"99461ef3-1cfc-4cc9-9430-6ec2fa7a597f\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"oldValueJson\":{\"content\":\"connect.domains.google.com\",\"id\":\"a56b790a1293bdb5b4aeb88e23f1679a\",\"name\":\"_domainconnect.example.com\",\"proxied\":true,\"ttl\":1,\"type\":\"CNAME\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065345\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:19:41.639476Z\"}", "provider": "UI", "kind": "event", @@ -2016,7 +1992,7 @@ }, "@timestamp": "2021-08-09T10:19:33.480Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2076,7 +2052,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344059989Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"7e104142-b328-4e8f-94a1-ed0f1ffa87fb\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"oldValueJson\":{\"content\":\"89.160.20.156\",\"id\":\"95627e007af5aa70fe6c96fb6667a803\",\"name\":\"test.example.com\",\"proxied\":true,\"ttl\":1,\"type\":\"A\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065342\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:19:33.480205Z\"}", "provider": "UI", "kind": "event", @@ -2107,7 +2082,7 @@ }, "@timestamp": "2021-08-09T10:19:27.804Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2167,7 +2142,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344060756Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"1c2275b1-3d4d-46bf-8bb9-28c37f37976c\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"oldValueJson\":{\"content\":\"89.160.20.156\",\"id\":\"f25062e118b2ae5a7380b94b7144cca4\",\"name\":\"test2.example.com\",\"proxied\":true,\"ttl\":1,\"type\":\"A\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065354\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:19:27.804305Z\"}", "provider": "UI", "kind": "event", @@ -2198,7 +2172,7 @@ }, "@timestamp": "2021-08-09T10:19:23.918Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2258,7 +2232,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344061523Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_del\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"ee6731f1-6c28-43b6-a711-ea035d622a83\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"oldValueJson\":{\"content\":\"89.160.20.156\",\"id\":\"18d1bbe795d5803f63ce12332c989074\",\"name\":\"another.example.com\",\"proxied\":true,\"ttl\":1,\"type\":\"A\",\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065351\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:19:23.918098Z\"}", "provider": "UI", "kind": "event", @@ -2289,7 +2262,7 @@ }, "@timestamp": "2021-08-09T10:14:17.883Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2348,7 +2321,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344062275Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"9d043524-edf8-4693-8262-56578930d98a\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"89.160.20.156\",\"id\":\"f25062e118b2ae5a7380b94b7144cca4\",\"name\":\"asdf.example.com\",\"proxied\":true,\"ttl\":1,\"type\":\"A\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065354\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.883896Z\"}", "provider": "UI", "kind": "event", @@ -2379,7 +2351,7 @@ }, "@timestamp": "2021-08-09T10:14:17.883Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2438,7 +2410,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344063064Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"086acb98-9d2b-4c3b-9c6b-9cb00c04a995\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"89.160.20.156\",\"id\":\"18d1bbe795d5803f63ce12332c989074\",\"name\":\"tbh.example.com\",\"proxied\":true,\"ttl\":1,\"type\":\"A\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065351\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.883815Z\"}", "provider": "UI", "kind": "event", @@ -2469,7 +2440,7 @@ }, "@timestamp": "2021-08-09T10:14:17.883Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2528,7 +2499,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344063813Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"706053a5-7283-47da-b070-681a38d42e74\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"89.160.20.156\",\"id\":\"1a04a1819461ae1c88f910631c5bc3e3\",\"name\":\"stuff.example.com\",\"proxied\":true,\"ttl\":1,\"type\":\"A\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065348\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.883723Z\"}", "provider": "UI", "kind": "event", @@ -2559,7 +2529,7 @@ }, "@timestamp": "2021-08-09T10:14:17.883Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2618,7 +2588,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344064571Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"1b3c5168-31ee-41ce-a8a3-0a99198ba8c9\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"connect.domains.google.com\",\"id\":\"a56b790a1293bdb5b4aeb88e23f1679a\",\"name\":\"_domainconnect.example.com\",\"proxied\":true,\"ttl\":1,\"type\":\"CNAME\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065345\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.883628Z\"}", "provider": "UI", "kind": "event", @@ -2649,7 +2618,7 @@ }, "@timestamp": "2021-08-09T10:14:17.883Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2708,7 +2677,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344065334Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"455dfac9-4a49-41dd-93d3-63a5aee919b1\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"89.160.20.156\",\"id\":\"95627e007af5aa70fe6c96fb6667a803\",\"name\":\"bob.example.com\",\"proxied\":true,\"ttl\":1,\"type\":\"A\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065342\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.883551Z\"}", "provider": "UI", "kind": "event", @@ -2739,7 +2707,7 @@ }, "@timestamp": "2021-08-09T10:14:17.883Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2799,7 +2767,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344066084Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"ea28df9c-e0bd-4a3d-b56e-3861ee1d1a8a\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"alt4.gmr-smtp-in.l.google.com\",\"id\":\"e80fa3d2167cfcaf172201e46c79c004\",\"name\":\"example.com\",\"priority\":40,\"proxied\":false,\"ttl\":1,\"type\":\"MX\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065339\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.883448Z\"}", "provider": "UI", "kind": "event", @@ -2830,7 +2797,7 @@ }, "@timestamp": "2021-08-09T10:14:17.883Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2890,7 +2857,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344066922Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"5eea2e02-ae52-400c-855a-d48c92590133\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"alt3.gmr-smtp-in.l.google.com\",\"id\":\"5cf70e1b541a242428ece2af214889b2\",\"name\":\"example.com\",\"priority\":30,\"proxied\":false,\"ttl\":1,\"type\":\"MX\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065336\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.883312Z\"}", "provider": "UI", "kind": "event", @@ -2921,7 +2887,7 @@ }, "@timestamp": "2021-08-09T10:14:17.883Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -2981,7 +2947,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344067793Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"7fb1c2e8-01fc-4fbf-977d-04bf96780ed0\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"alt2.gmr-smtp-in.l.google.com\",\"id\":\"f83d5eb5f7f93c67d57e008d848ee3d1\",\"name\":\"example.com\",\"priority\":20,\"proxied\":false,\"ttl\":1,\"type\":\"MX\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065333\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.883214Z\"}", "provider": "UI", "kind": "event", @@ -3012,7 +2977,7 @@ }, "@timestamp": "2021-08-09T10:14:17.883Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3072,7 +3037,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344068540Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"90dc929c-2e08-4a79-85ff-7120db4900fd\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"alt1.gmr-smtp-in.l.google.com\",\"id\":\"c84049638d49a7569dcd2e29592f7f64\",\"name\":\"example.com\",\"priority\":10,\"proxied\":false,\"ttl\":1,\"type\":\"MX\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065330\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.883111Z\"}", "provider": "UI", "kind": "event", @@ -3103,7 +3067,7 @@ }, "@timestamp": "2021-08-09T10:14:17.883Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3163,7 +3127,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344069342Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"a9df3f63-7393-4d5f-b944-e26f14ff7004\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"gmr-smtp-in.l.google.com\",\"id\":\"0032abba95117ec00ea9e80443ec4328\",\"name\":\"example.com\",\"priority\":5,\"proxied\":false,\"ttl\":1,\"type\":\"MX\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065324\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.883012Z\"}", "provider": "UI", "kind": "event", @@ -3194,7 +3157,7 @@ }, "@timestamp": "2021-08-09T10:14:17.882Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3253,7 +3216,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344070098Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"56350016-6e66-4b42-9d33-decff087bb41\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"xClZppVPmuzSwaAIvasdffPmsr3hzfV0kd04M\",\"id\":\"6d1f29371601a520a621880746bfc754\",\"name\":\"_acme-challenge.example.com\",\"proxied\":false,\"ttl\":1,\"type\":\"TXT\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065321\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.882912Z\"}", "provider": "UI", "kind": "event", @@ -3284,7 +3246,7 @@ }, "@timestamp": "2021-08-09T10:14:17.882Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3343,7 +3305,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344070933Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"39f4f90b-60f4-4448-92b2-50b92a6cdce2\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"v=spf1 include:_spf.firebasemail.com ~all\",\"id\":\"5235557990af5ef6c7e5efa6a55cbb6a\",\"name\":\"example.com\",\"proxied\":false,\"ttl\":1,\"type\":\"TXT\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065318\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.882783Z\"}", "provider": "UI", "kind": "event", @@ -3374,7 +3335,7 @@ }, "@timestamp": "2021-08-09T10:14:17.882Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3433,7 +3394,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344071696Z", "original": "{\"action\":{\"result\":true,\"type\":\"rec_add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"6f53cfdd-79e2-4b11-9549-5701147985d8\",\"interface\":\"UI\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"content\":\"firebase=frc-scout\",\"id\":\"920a5b813ec88edce032f0303684ec4b\",\"name\":\"example.com\",\"proxied\":false,\"ttl\":1,\"type\":\"TXT\",\"zone_name\":\"example.com\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"10715065315\",\"type\":\"DNS_record\"},\"when\":\"2021-08-09T10:14:17.882594Z\"}", "provider": "UI", "kind": "event", @@ -3464,7 +3424,7 @@ }, "@timestamp": "2021-08-09T10:14:10.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3515,7 +3475,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344072455Z", "original": "{\"action\":{\"result\":true,\"type\":\"pending\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"e84686bd-25b7-5b1a-9ef0-a41346d9335a\",\"interface\":\"UI\",\"metadata\":{\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\",\"type\":\"account\"},\"when\":\"2021-08-09T10:14:10Z\"}", "provider": "UI", "kind": "event", @@ -3546,7 +3505,7 @@ }, "@timestamp": "2021-08-09T10:13:45.956Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3554,7 +3513,6 @@ ] }, "event": { - "ingested": "2021-12-30T04:25:39.344073206Z", "original": "{\"action\":{\"result\":true,\"type\":\"tls_settings_deployed\"},\"actor\":{\"id\":\"1\",\"type\":\"system\"},\"id\":\"b657cc36-1919-4b4d-86f0-277bb05d479a\",\"interface\":\"\",\"metadata\":{\"zone_name\":\"example.com\"},\"newValue\":\"\",\"newValueJson\":{\"ciphers\":\"\",\"http_2\":\"Enabled\",\"min_tls_version\":\"TLSv1.0\",\"quic\":\"Default\",\"session_tickets\":\"Enabled\",\"tls_13\":\"Default\",\"zero_rtt\":\"Default\"},\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"type\":\"zone\"},\"when\":\"2021-08-09T10:13:45.956041Z\"}", "kind": "event", "action": "tls_settings_deployed", @@ -3608,7 +3566,7 @@ }, "@timestamp": "2021-08-09T10:13:42.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3659,7 +3617,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344074026Z", "original": "{\"action\":{\"result\":true,\"type\":\"add\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"0704d600-dcea-5f07-82b5-08aef2cf22fe\",\"interface\":\"UI\",\"metadata\":{\"zone_id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\",\"type\":\"account\"},\"when\":\"2021-08-09T10:13:42Z\"}", "provider": "UI", "kind": "event", @@ -3690,7 +3647,7 @@ }, "@timestamp": "2021-08-09T10:13:42.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3743,7 +3700,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344074775Z", "original": "{\"action\":{\"result\":true,\"type\":\"change_setting\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"557dd5f0-829e-5567-9007-e5c5aeba7393\",\"interface\":\"UI\",\"metadata\":{\"name\":\"IPv6\",\"type\":\"network\",\"value\":true,\"zone_name\":\"example.com\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"eojhfbg334i88zs2pr2rd7wr82jf2h95\"},\"resource\":{\"id\":\"u3fp685o1wjk5zq6hxa6a53oh49u3ek2\",\"type\":\"zone\"},\"when\":\"2021-08-09T10:13:42Z\"}", "provider": "UI", "kind": "event", @@ -3774,7 +3730,7 @@ }, "@timestamp": "2021-08-09T10:06:47.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3825,7 +3781,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344075558Z", "original": "{\"action\":{\"result\":true,\"type\":\"token_create\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"5f96da3a-5e9f-4660-b171-fc9c5555e429\",\"interface\":\"\",\"metadata\":{\"token_name\":\"Read all resources\",\"token_tag\":\"57baa252c3f0a4b1082848000a969b2b\"},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-08-09T10:06:47Z\"}", "kind": "event", "action": "token_create", @@ -3855,7 +3810,7 @@ }, "@timestamp": "2021-08-09T10:03:16.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3902,7 +3857,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344076315Z", "original": "{\"action\":{\"result\":true,\"type\":\"login\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"89.160.20.156\",\"type\":\"user\"},\"id\":\"441c9104-05e7-5992-9da1-ae5c13536a44\",\"interface\":\"\",\"metadata\":{},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-08-09T10:03:16Z\"}", "kind": "event", "action": "login", @@ -3932,7 +3886,7 @@ }, "@timestamp": "2021-05-10T12:26:19.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -3970,7 +3924,6 @@ } }, "event": { - "ingested": "2021-12-30T04:25:39.344077070Z", "original": "{\"action\":{\"result\":true,\"type\":\"login\"},\"actor\":{\"email\":\"user@example.com\",\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"ip\":\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\",\"type\":\"user\"},\"id\":\"0c4c5855-e752-55df-8705-26baac6ac0ac\",\"interface\":\"\",\"metadata\":{},\"newValue\":\"\",\"oldValue\":\"\",\"owner\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\"},\"resource\":{\"id\":\"enl3j9du8rnx2swwd9l32qots7l54t9s\",\"type\":\"account\"},\"when\":\"2021-05-10T12:26:19Z\"}", "kind": "event", "action": "login", diff --git a/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index ca73dbae649..7970b6597d5 100644 --- a/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1,12 +1,9 @@ --- description: Pipeline for parsing cloudflare audit logs processors: -- set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare/data_stream/audit/sample_event.json b/packages/cloudflare/data_stream/audit/sample_event.json index f1ff324dcd7..f3bfb9f88d8 100644 --- a/packages/cloudflare/data_stream/audit/sample_event.json +++ b/packages/cloudflare/data_stream/audit/sample_event.json @@ -33,7 +33,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json b/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json index 1390fbb57b0..47bebec6bda 100644 --- a/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json +++ b/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json @@ -129,7 +129,7 @@ }, "@timestamp": "2019-08-02T15:29:08.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "http": { "request": { @@ -174,7 +174,6 @@ }, "event": { "duration": 0, - "ingested": "2021-12-30T04:25:53.365518980Z", "original": "{\"CacheCacheStatus\":\"unknown\",\"CacheResponseBytes\":0,\"CacheResponseStatus\":0,\"CacheTieredFill\":false,\"ClientASN\":15169,\"ClientCountry\":\"us\",\"ClientDeviceType\":\"desktop\",\"ClientIP\":\"89.160.20.156\",\"ClientIPClass\":\"noRecord\",\"ClientRequestBytes\":2577,\"ClientRequestHost\":\"cf-analytics.com\",\"ClientRequestMethod\":\"POST\",\"ClientRequestPath\":\"/wp-cron.php\",\"ClientRequestProtocol\":\"HTTP/1.1\",\"ClientRequestReferer\":\"https://cf-analytics.com/wp-cron.php?doing_wp_cron=1564759748.3962020874023437500000\",\"ClientRequestURI\":\"/wp-cron.php?doing_wp_cron=1564759748.3962020874023437500000\",\"ClientRequestUserAgent\":\"WordPress/5.2.2;https://cf-analytics.com\",\"ClientSSLCipher\":\"ECDHE-ECDSA-AES128-GCM-SHA256\",\"ClientSSLProtocol\":\"TLSv1.2\",\"ClientSrcPort\":55028,\"EdgeColoID\":14,\"EdgeEndTimestamp\":\"2019-08-02T15:29:08Z\",\"EdgePathingOp\":\"chl\",\"EdgePathingSrc\":\"filterBasedFirewall\",\"EdgePathingStatus\":\"captchaNew\",\"EdgeRateLimitAction\":\"\",\"EdgeRateLimitID\":0,\"EdgeRequestHost\":\"\",\"EdgeResponseBytes\":2848,\"EdgeResponseCompressionRatio\":2.64,\"EdgeResponseContentType\":\"text/html\",\"EdgeResponseStatus\":403,\"EdgeServerIP\":\"\",\"EdgeStartTimestamp\":\"2019-08-02T15:29:08Z\",\"FirewallMatchesActions\":[\"simulate\",\"challenge\"],\"FirewallMatchesSources\":[\"firewallRules\",\"firewallRules\"],\"FirewallMatchesRuleIDs\":[\"094b71fea25d4860a61fa0c6fbbd8d8b\",\"e454fd4a0ce546b3a9a462536613692c\"],\"OriginIP\":\"\",\"OriginResponseBytes\":0,\"OriginResponseHTTPExpires\":\"\",\"OriginResponseHTTPLastModified\":\"\",\"OriginResponseStatus\":0,\"OriginResponseTime\":0,\"OriginSSLProtocol\":\"unknown\",\"ParentRayID\":\"00\",\"RayID\":\"500115ec386354d8\",\"SecurityLevel\":\"med\",\"WAFAction\":\"unknown\",\"WAFFlags\":\"0\",\"WAFMatchedVar\":\"\",\"WAFProfile\":\"unknown\",\"WAFRuleID\":\"\",\"WAFRuleMessage\":\"\",\"WorkerCPUTime\":0,\"WorkerStatus\":\"unknown\",\"WorkerSubrequest\":false,\"WorkerSubrequestCount\":0,\"ZoneID\":155978002}", "kind": "event", "start": "2019-08-02T15:29:08.000Z", @@ -320,7 +319,7 @@ }, "@timestamp": "2021-07-08T14:02:38.812Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "http": { "request": { @@ -360,7 +359,6 @@ }, "event": { "duration": 63000000, - "ingested": "2021-12-30T04:25:53.365521557Z", "original": "{\"CacheCacheStatus\":\"hit\",\"CacheResponseBytes\":26888,\"CacheResponseStatus\":200,\"CacheTieredFill\":true,\"ClientASN\":1136,\"ClientCountry\":\"nl\",\"ClientDeviceType\":\"desktop\",\"ClientIP\":\"89.160.20.156\",\"ClientIPClass\":\"noRecord\",\"ClientRequestBytes\":5324,\"ClientRequestHost\":\"eqlplayground.io\",\"ClientRequestMethod\":\"GET\",\"ClientRequestPath\":\"/40865/bundles/plugin/securitySolution/8.0.0/securitySolution.chunk.9.js\",\"ClientRequestProtocol\":\"HTTP/1.1\",\"ClientRequestReferer\":\"https://eqlplayground.io/s/eqldemo/app/security/timelines/default?sourcerer=(default:!(.siem-signals-eqldemo))\u0026timerange=(global:(linkTo:!(),timerange:(from:%272021-03-03T19:55:15.519Z%27,fromStr:now-24h,kind:relative,to:%272021-03-04T19:55:15.519Z%27,toStr:now)),timeline:(linkTo:!(),timerange:(from:%272020-03-04T19:55:28.684Z%27,fromStr:now-1y,kind:relative,to:%272021-03-04T19:55:28.692Z%27,toStr:now)))\u0026timeline=(activeTab:eql,graphEventId:%27%27,id:%2769f93840-7d23-11eb-866c-79a0609409ba%27,isOpen:!t)\",\"ClientRequestURI\":\"/40865/bundles/plugin/securitySolution/8.0.0/securitySolution.chunk.9.js\",\"ClientRequestUserAgent\":\"Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/91.0.4472.124Safari/537.36\",\"ClientSSLCipher\":\"NONE\",\"ClientSSLProtocol\":\"none\",\"ClientSrcPort\":0,\"ClientXRequestedWith\":\"\",\"EdgeColoCode\":\"33.147.138.217\",\"EdgeColoID\":20,\"EdgeEndTimestamp\":1625752958875000000,\"EdgePathingOp\":\"wl\",\"EdgePathingSrc\":\"macro\",\"EdgePathingStatus\":\"nr\",\"EdgeRateLimitAction\":\"\",\"EdgeRateLimitID\":0,\"EdgeRequestHost\":\"eqlplayground.io\",\"EdgeResponseBytes\":24743,\"EdgeResponseCompressionRatio\":0,\"EdgeResponseContentType\":\"application/javascript\",\"EdgeResponseStatus\":200,\"EdgeServerIP\":\"89.160.20.156\",\"EdgeStartTimestamp\":1625752958812000000,\"FirewallMatchesActions\":[],\"FirewallMatchesRuleIDs\":[],\"FirewallMatchesSources\":[],\"OriginIP\":\"\",\"OriginResponseBytes\":0,\"OriginResponseHTTPExpires\":\"\",\"OriginResponseHTTPLastModified\":\"\",\"OriginResponseStatus\":0,\"OriginResponseTime\":0,\"OriginSSLProtocol\":\"unknown\",\"ParentRayID\":\"66b9d9f88b5b4c4f\",\"RayID\":\"66b9d9f890ae4c4f\",\"SecurityLevel\":\"off\",\"WAFAction\":\"unknown\",\"WAFFlags\":\"0\",\"WAFMatchedVar\":\"\",\"WAFProfile\":\"unknown\",\"WAFRuleID\":\"\",\"WAFRuleMessage\":\"\",\"WorkerCPUTime\":0,\"WorkerStatus\":\"unknown\",\"WorkerSubrequest\":true,\"WorkerSubrequestCount\":0,\"ZoneID\":393347122}", "kind": "event", "start": "2021-07-08T14:02:38.812Z", @@ -513,7 +511,7 @@ }, "@timestamp": "2021-07-08T14:24:24.676Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "http": { "request": { @@ -557,7 +555,6 @@ }, "event": { "duration": 8000000, - "ingested": "2021-12-30T04:25:53.365522491Z", "original": "{\"CacheCacheStatus\":\"unknown\",\"CacheResponseBytes\":0,\"CacheResponseStatus\":0,\"CacheTieredFill\":false,\"ClientASN\":1136,\"ClientCountry\":\"nl\",\"ClientDeviceType\":\"desktop\",\"ClientIP\":\"89.160.20.156\",\"ClientIPClass\":\"noRecord\",\"ClientRequestBytes\":2520,\"ClientRequestHost\":\"eqlplayground.io\",\"ClientRequestMethod\":\"GET\",\"ClientRequestPath\":\"/s/eqldemo/security/account\",\"ClientRequestProtocol\":\"HTTP/2\",\"ClientRequestReferer\":\"\",\"ClientRequestURI\":\"/s/eqldemo/security/account\",\"ClientRequestUserAgent\":\"Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/91.0.4472.124Safari/537.36\",\"ClientSSLCipher\":\"AEAD-AES128-GCM-SHA256\",\"ClientSSLProtocol\":\"TLSv1.3\",\"ClientSrcPort\":61593,\"ClientXRequestedWith\":\"\",\"EdgeColoCode\":\"AMS\",\"EdgeColoID\":20,\"EdgeEndTimestamp\":1625754264684000000,\"EdgePathingOp\":\"ban\",\"EdgePathingSrc\":\"filterBasedFirewall\",\"EdgePathingStatus\":\"nr\",\"EdgeRateLimitAction\":\"\",\"EdgeRateLimitID\":0,\"EdgeRequestHost\":\"183.53.30.34\",\"EdgeResponseBytes\":2066,\"EdgeResponseCompressionRatio\":2.45,\"EdgeResponseContentType\":\"text/html\",\"EdgeResponseStatus\":403,\"EdgeServerIP\":\"\",\"EdgeStartTimestamp\":1625754264676000000,\"FirewallMatchesActions\":[\"block\"],\"FirewallMatchesRuleIDs\":[\"391eb601201e4f2a81038910f2b63f6d\"],\"FirewallMatchesSources\":[\"firewallRules\"],\"OriginIP\":\"89.160.20.156\",\"OriginResponseBytes\":0,\"OriginResponseHTTPExpires\":\"\",\"OriginResponseHTTPLastModified\":\"\",\"OriginResponseStatus\":0,\"OriginResponseTime\":0,\"OriginSSLProtocol\":\"unknown\",\"ParentRayID\":\"00\",\"RayID\":\"66b9f9da396e4c01\",\"SecurityLevel\":\"unk\",\"WAFAction\":\"unknown\",\"WAFFlags\":\"0\",\"WAFMatchedVar\":\"\",\"WAFProfile\":\"unknown\",\"WAFRuleID\":\"\",\"WAFRuleMessage\":\"\",\"WorkerCPUTime\":0,\"WorkerStatus\":\"unknown\",\"WorkerSubrequest\":false,\"WorkerSubrequestCount\":0,\"ZoneID\":393347122}", "kind": "event", "start": "2021-07-08T14:24:24.676Z", diff --git a/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml index 1e651b4d38c..943c1f1fb8b 100644 --- a/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml @@ -1,12 +1,9 @@ --- description: Pipeline for parsing cloudflare logs processors: -- set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare/data_stream/logpull/sample_event.json b/packages/cloudflare/data_stream/logpull/sample_event.json index 3339bfc7c44..798d1c9b58e 100644 --- a/packages/cloudflare/data_stream/logpull/sample_event.json +++ b/packages/cloudflare/data_stream/logpull/sample_event.json @@ -103,7 +103,7 @@ "bytes": 2848 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/docs/README.md b/packages/cloudflare/docs/README.md index a49d89558ba..95493dca86c 100644 --- a/packages/cloudflare/docs/README.md +++ b/packages/cloudflare/docs/README.md @@ -126,7 +126,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", @@ -487,7 +487,7 @@ An example event for `logpull` looks as following: "bytes": 2848 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/cloudflare/manifest.yml b/packages/cloudflare/manifest.yml index 5d82ba21116..0e678d0fa7a 100644 --- a/packages/cloudflare/manifest.yml +++ b/packages/cloudflare/manifest.yml @@ -1,6 +1,6 @@ name: cloudflare title: Cloudflare -version: 1.3.2 +version: 1.4.0 release: ga description: Collect and parse logs from Cloudflare API with Elastic Agent. type: integration diff --git a/packages/crowdstrike/_dev/build/build.yml b/packages/crowdstrike/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/crowdstrike/_dev/build/build.yml +++ b/packages/crowdstrike/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index e3b4fa7bc94..369d7c9876e 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "1.2.7" changes: - description: Move invalid field value diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json index b6092e3a1e1..6b37db9c714 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -152,7 +152,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -259,7 +259,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -322,7 +322,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "user_activity_audit_event", @@ -382,7 +382,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -436,7 +436,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -550,7 +550,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -604,7 +604,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -658,7 +658,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -729,7 +729,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "user_activity_audit_event", diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json index 32a39d7870e..78827833d93 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Prevention, process killed.", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "incident", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "user_activity_audit_event", diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json index 7b10c312156..f7bd095f687 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json @@ -46,7 +46,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -121,7 +121,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "incident", @@ -183,7 +183,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "user_activity_audit_event", @@ -290,7 +290,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -356,7 +356,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": [ @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "Detection, process would have been blocked if related prevention policy setting was enabled.", diff --git a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml index 2884f6e94da..2a94af718b5 100644 --- a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Ingest pipeline for normalizing CrowdStrike Falcon logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/crowdstrike/data_stream/falcon/sample_event.json b/packages/crowdstrike/data_stream/falcon/sample_event.json index f0fb683bfc4..04c94c8fff7 100644 --- a/packages/crowdstrike/data_stream/falcon/sample_event.json +++ b/packages/crowdstrike/data_stream/falcon/sample_event.json @@ -52,7 +52,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json b/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json index e9e528479ce..d78eed69296 100644 --- a/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json +++ b/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json @@ -18,7 +18,7 @@ "name": "SyntheticProcessRollup2MacV3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SyntheticProcessRollup2", @@ -119,7 +119,7 @@ "name": "EndOfProcessMacV15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EndOfProcess", @@ -206,7 +206,7 @@ "port": 546 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RawBindIP6", @@ -298,7 +298,7 @@ "name": "ProcessRollup2StatsMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ProcessRollup2Stats", @@ -397,7 +397,7 @@ "name": "SensorHeartbeatMacV4" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SensorHeartbeat", @@ -469,7 +469,7 @@ "name": "ProcessRollup2MacV5" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ProcessRollup2", @@ -581,7 +581,7 @@ "port": 53 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkReceiveAcceptIP4", @@ -670,7 +670,7 @@ "port": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RawBindIP4", @@ -769,7 +769,7 @@ "port": 50626 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkConnectIP6", @@ -858,7 +858,7 @@ "name": "ProcessRollup2LinV6" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ProcessRollup2", @@ -963,7 +963,7 @@ "port": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkConnectIP6", @@ -1043,7 +1043,7 @@ "name": "OoxmlFileWrittenMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "OoxmlFileWritten", @@ -1139,7 +1139,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkConnectIP4", @@ -1235,7 +1235,7 @@ "name": "ChannelVersionRequiredLinV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ChannelVersionRequired", @@ -1293,7 +1293,7 @@ "name": "LocalIpAddressIP6LinV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LocalIpAddressIP6", @@ -1379,7 +1379,7 @@ "name": "ChannelVersionRequiredMacV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ChannelVersionRequired", @@ -1439,7 +1439,7 @@ "name": "SensorHeartbeatLinV4" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SensorHeartbeat", @@ -1503,7 +1503,7 @@ "name": "JavaClassFileWrittenMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "JavaClassFileWritten", @@ -1600,7 +1600,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkConnectIP4", @@ -1690,7 +1690,7 @@ "type": "query" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DnsRequest", @@ -1760,7 +1760,7 @@ "name": "NewScriptWrittenMacV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NewScriptWritten", @@ -1839,7 +1839,7 @@ "name": "LocalIpAddressRemovedIP6LinV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LocalIpAddressRemovedIP6", @@ -1922,7 +1922,7 @@ "name": "DirectoryCreateMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DirectoryCreate", @@ -2023,7 +2023,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkCloseIP4", @@ -2144,7 +2144,7 @@ "name": "FsVolumeMountedMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "FsVolumeMounted", @@ -2216,7 +2216,7 @@ "name": "LocalIpAddressIP4LinV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LocalIpAddressIP4", @@ -2300,7 +2300,7 @@ "name": "LocalIpAddressRemovedIP6MacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LocalIpAddressRemovedIP6", @@ -2395,7 +2395,7 @@ "name": "LocalIpAddressIP6MacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LocalIpAddressIP6", @@ -2483,7 +2483,7 @@ "port": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkListenIP4", @@ -2562,7 +2562,7 @@ "name": "ExecutableDeletedMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ExecutableDeleted", @@ -2638,7 +2638,7 @@ "name": "GzipFileWrittenMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GzipFileWritten", @@ -2711,7 +2711,7 @@ "name": "IOServiceRegisterMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "IOServiceRegister", @@ -2776,7 +2776,7 @@ "name": "PtyCreatedMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "PtyCreated", @@ -2848,7 +2848,7 @@ "name": "LocalIpAddressRemovedIP4MacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LocalIpAddressRemovedIP4", @@ -2936,7 +2936,7 @@ "port": 9 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkCloseIP6", @@ -3022,7 +3022,7 @@ "name": "ConfigStateUpdateLinV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ConfigStateUpdate", @@ -3087,7 +3087,7 @@ "name": "SuspiciousDnsRequestMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SuspiciousDnsRequest", @@ -3163,7 +3163,7 @@ "name": "ErrorEventLinV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ErrorEvent", @@ -3256,7 +3256,7 @@ "name": "ConfigStateUpdateMacV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ConfigStateUpdate", @@ -3321,7 +3321,7 @@ "name": "KextLoadMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "KextLoad", @@ -3392,7 +3392,7 @@ "name": "ChannelVersionRequiredLinV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ChannelVersionRequired", @@ -3452,7 +3452,7 @@ "name": "ProcessRollup2StatsLinV3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ProcessRollup2Stats", @@ -3541,7 +3541,7 @@ "name": "UserIdentityMacV4" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UserIdentity", @@ -3625,7 +3625,7 @@ "name": "DeliverLocalFXToCloudMacV4" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DeliverLocalFXToCloud", @@ -3682,7 +3682,7 @@ "name": "CreateProcessArgsMac" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CreateProcessArgs", @@ -3780,7 +3780,7 @@ "name": "PdfFileWrittenMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "PdfFileWritten", @@ -3860,7 +3860,7 @@ "name": "GroupIdentityMacV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GroupIdentity", @@ -3929,7 +3929,7 @@ "name": "MachOFileWrittenMacV3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MachOFileWritten", @@ -4019,7 +4019,7 @@ "port": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkListenIP6", @@ -4220,7 +4220,7 @@ "name": "CurrentSystemTagsMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CurrentSystemTags", @@ -4285,7 +4285,7 @@ "name": "NewExecutableWrittenMacV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NewExecutableWritten", @@ -4490,7 +4490,7 @@ "name": "LfoUploadDataCompleteMacV3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LfoUploadDataComplete", @@ -4563,7 +4563,7 @@ "name": "LightningLatencyInfoMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LightningLatencyInfo", @@ -4655,7 +4655,7 @@ "name": "NeighborListIP4MacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NeighborListIP4", @@ -4720,7 +4720,7 @@ "name": "ZipFileWrittenMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ZipFileWritten", @@ -4821,7 +4821,7 @@ "name": "AgentOnlineMacV13" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "AgentOnline", @@ -4899,7 +4899,7 @@ "name": "CriticalFileAccessedMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CriticalFileAccessed", @@ -4988,7 +4988,7 @@ "name": "OsVersionInfoMacV3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "OsVersionInfo", @@ -5070,7 +5070,7 @@ "name": "ConfigStateUpdateLinV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ConfigStateUpdate", @@ -5134,7 +5134,7 @@ "name": "LFODownloadConfirmationLinV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LFODownloadConfirmation", @@ -5215,7 +5215,7 @@ "name": "TarFileWrittenMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TarFileWritten", @@ -5304,7 +5304,7 @@ "name": "AgentConnectMacV5" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "AgentConnect", @@ -5372,7 +5372,7 @@ "name": "LFODownloadConfirmationMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LFODownloadConfirmation", @@ -5455,7 +5455,7 @@ "name": "AsepFileChangeMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "AsepFileChange", @@ -5533,7 +5533,7 @@ "name": "TerminateProcessLinV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TerminateProcess", @@ -5604,7 +5604,7 @@ "name": "FirewallEnabledMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "FirewallEnabled", @@ -5673,7 +5673,7 @@ "name": "FsVolumeUnmountedMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "FsVolumeUnmounted", @@ -5744,7 +5744,7 @@ "port": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkListenIP4", @@ -5824,7 +5824,7 @@ "name": "ELFFileWrittenMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ELFFileWritten", @@ -5915,7 +5915,7 @@ "name": "OsVersionInfoLinV4" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "OsVersionInfo", @@ -5982,7 +5982,7 @@ "name": "CriticalFileModifiedMacV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CriticalFileModified", @@ -6071,7 +6071,7 @@ "name": "NeighborListIP6MacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NeighborListIP6", @@ -6137,7 +6137,7 @@ "name": "NewScriptWrittenMacV3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NewScriptWritten", @@ -6232,7 +6232,7 @@ "name": "SystemCapacityMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SystemCapacity", @@ -6302,7 +6302,7 @@ "name": "FirmwareAnalysisStatusMacV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "FirmwareAnalysisStatus", @@ -6381,7 +6381,7 @@ "name": "LocalIpAddressIP4MacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LocalIpAddressIP4", @@ -6471,7 +6471,7 @@ "name": "ProcessRollup2LinV5" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ProcessRollup2", @@ -6579,7 +6579,7 @@ "name": "EndOfProcessMacV14" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EndOfProcess", @@ -6709,7 +6709,7 @@ "name": "EndOfProcessV15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EndOfProcess", @@ -6806,7 +6806,7 @@ "name": "EndOfProcessMacV12" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EndOfProcess", @@ -6899,7 +6899,7 @@ "name": "ProcessRollup2V17" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ProcessRollup2", @@ -6997,7 +6997,7 @@ "type": "query" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DnsRequest", @@ -7067,7 +7067,7 @@ "name": "CriticalFileAccessedLinV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CriticalFileAccessed", @@ -7160,7 +7160,7 @@ "name": "ProcessRollup2MacV3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ProcessRollup2", @@ -7266,7 +7266,7 @@ "name": "NewScriptWrittenV7" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NewScriptWritten", @@ -7362,7 +7362,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkConnectIP4", @@ -7463,7 +7463,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkConnectIP4", @@ -7564,7 +7564,7 @@ "name": "UserLogonV8" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UserLogon", @@ -7656,7 +7656,7 @@ "name": "PeFileWrittenV14" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "PeFileWritten", @@ -7752,7 +7752,7 @@ "name": "UserLogoffV3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UserLogoff", @@ -7839,7 +7839,7 @@ "name": "NewExecutableWrittenV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NewExecutableWritten", @@ -7924,7 +7924,7 @@ "port": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkListenIP4", @@ -8030,7 +8030,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UserLogonFailed2", @@ -8115,7 +8115,7 @@ "name": "ExecutableDeletedV3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ExecutableDeleted", @@ -8207,7 +8207,7 @@ "name": "EndOfProcessMacV11" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EndOfProcess", @@ -8283,7 +8283,7 @@ "name": "RegisterRawInputDevicesEtwV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RegisterRawInputDevicesEtw", @@ -8357,7 +8357,7 @@ "name": "LFODownloadConfirmationV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "LFODownloadConfirmation", @@ -8446,7 +8446,7 @@ "name": "NewExecutableRenamedV6" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NewExecutableRenamed", @@ -8535,7 +8535,7 @@ "name": "DirectoryCreateV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DirectoryCreate", @@ -8620,7 +8620,7 @@ "name": "ServiceStartedV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ServiceStarted", @@ -8711,7 +8711,7 @@ "port": 2181 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkConnectIP6", @@ -8805,7 +8805,7 @@ "name": "UserIdentityV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UserIdentity", @@ -8917,7 +8917,7 @@ "name": "ProcessRollup2V16" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ProcessRollup2", @@ -9020,7 +9020,7 @@ "name": "RansomwareOpenFileV4" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RansomwareOpenFile", @@ -9152,7 +9152,7 @@ "name": "EndOfProcessV14" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EndOfProcess", @@ -9245,7 +9245,7 @@ "name": "OoxmlFileWrittenV11" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "OoxmlFileWritten", @@ -9331,7 +9331,7 @@ "port": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkListenIP6", @@ -9424,7 +9424,7 @@ "name": "AsepFileChangeMacV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "AsepFileChange", @@ -9507,7 +9507,7 @@ "name": "UserLogonFailedV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UserLogonFailed", @@ -9600,7 +9600,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkConnectIP6", @@ -9690,7 +9690,7 @@ "name": "NewExecutableRenamedMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NewExecutableRenamed", @@ -9778,7 +9778,7 @@ "port": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkListenIP6", @@ -9860,7 +9860,7 @@ "name": "SuspiciousDnsRequestV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SuspiciousDnsRequest", @@ -9942,7 +9942,7 @@ "name": "FsVolumeMountedV6" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "FsVolumeMounted", @@ -10018,7 +10018,7 @@ "port": 0 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "NetworkListenIP4", @@ -10108,7 +10108,7 @@ "name": "HostedServiceStartedV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "HostedServiceStarted", @@ -10184,7 +10184,7 @@ "name": "HostedServiceStoppedV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "HostedServiceStopped", @@ -10262,7 +10262,7 @@ "name": "PdfFileWrittenV11" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "PdfFileWritten", @@ -10360,7 +10360,7 @@ "name": "ProcessRollup2V18" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ProcessRollup2", @@ -10452,7 +10452,7 @@ "name": "UserIdentityMacV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UserIdentity", @@ -10533,7 +10533,7 @@ "name": "HostInfoV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "HostInfo", @@ -10607,7 +10607,7 @@ "name": "GenericFileWrittenV11" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GenericFileWritten", @@ -10686,7 +10686,7 @@ "name": "FsVolumeUnmountedV2" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "FsVolumeUnmounted", @@ -10755,7 +10755,7 @@ "name": "FirewallDisabledMacV1" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "FirewallDisabled", @@ -10832,7 +10832,7 @@ "cid": "ffffffff30a3407dae27d0503611022ff" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "original": "{\"AgentLoadFlags\":\"0\",\"AgentLocalTime\":\"1636436839.9529998\",\"AgentTimeOffset\":\"125.319\",\"AgentVersion\":\"6.31.14404.0\",\"BiosManufacturer\":\"Apple Inc.\",\"BiosVersion\":\"1554.140.20.0.0 (iBridge: 18.16.14759.0.1,0)\",\"ChassisType\":\"Laptop\",\"City\":\"San Francisco\",\"ComputerName\":\"mac1\",\"ConfigBuild\":\"1007.4.0014404.1\",\"ConfigIDBuild\":\"14404\",\"Continent\":\"North America\",\"Country\":\"United States\",\"FalconGroupingTags\":\"-\",\"FirstSeen\":\"1625682391.0\",\"HostHiddenStatus\":\"Visible\",\"MachineDomain\":\"none\",\"OU\":\"none\",\"PointerSize\":\"none\",\"ProductType\":\"1\",\"SensorGroupingTags\":\"-\",\"ServicePackMajor\":\"none\",\"SiteName\":\"none\",\"SystemManufacturer\":\"Apple Inc.\",\"SystemProductName\":\"MacBookPro16,2\",\"Time\":\"1636448427.3539999\",\"Timezone\":\"America/Los_Angeles\",\"Version\":\"Big Sur (11.0)\",\"aid\":\"fffffffffffaaaaaaaaabbbbbbbb\",\"aip\":\"67.43.156.14\",\"cid\":\"ffffffff30a3407dae27d0503611022ff\",\"event_platform\":\"Mac\"}" diff --git a/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml index f32974173fe..d941404854f 100644 --- a/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml @@ -48,7 +48,7 @@ processors: ## ECS fields. - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" ## Categorization. - script: diff --git a/packages/crowdstrike/data_stream/fdr/sample_event.json b/packages/crowdstrike/data_stream/fdr/sample_event.json index efc1ec886b5..dc428437b57 100644 --- a/packages/crowdstrike/data_stream/fdr/sample_event.json +++ b/packages/crowdstrike/data_stream/fdr/sample_event.json @@ -31,7 +31,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/crowdstrike/docs/README.md b/packages/crowdstrike/docs/README.md index 3f992b94e50..9ecd33a6da3 100644 --- a/packages/crowdstrike/docs/README.md +++ b/packages/crowdstrike/docs/README.md @@ -278,7 +278,7 @@ An example event for `falcon` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", @@ -836,7 +836,7 @@ for more details. | process.parent.entity_id | Unique identifier for the process. The implementation of this is specified by the data source, but some examples of what could be used here are a process-generated UUID, Sysmon Process GUIDs, or a hash of some uniquely identifying components of a process. Constructing a globally unique identifier is a common practice to mitigate PID reuse as well as to identify a specific process over time, across multiple monitored hosts. | keyword | | process.parent.name | Process name. Sometimes called program name or similar. | keyword | | process.parent.name.text | Multi-field of `process.parent.name`. | match_only_text | -| process.pgid | Identifier of the group of processes the process belongs to. | long | +| process.pgid | Deprecated for removal in next major version release. This field is superseded by `process.group_leader.pid`. Identifier of the group of processes the process belongs to. | long | | process.pid | Process id. | long | | process.start | The time the process started. | date | | process.thread.id | Thread ID. | long | @@ -922,7 +922,7 @@ An example event for `fdr` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml index 3b40a3c6f45..870b25aeb05 100644 --- a/packages/crowdstrike/manifest.yml +++ b/packages/crowdstrike/manifest.yml @@ -1,6 +1,6 @@ name: crowdstrike title: CrowdStrike Logs -version: 1.2.7 +version: 1.3.0 description: Collect and parse falcon logs from Crowdstrike products with Elastic Agent. type: integration format_version: 1.0.0 diff --git a/packages/cyberarkpas/_dev/build/build.yml b/packages/cyberarkpas/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/cyberarkpas/_dev/build/build.yml +++ b/packages/cyberarkpas/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/cyberarkpas/changelog.yml b/packages/cyberarkpas/changelog.yml index 4842bfaa2e0..62b5602470c 100644 --- a/packages/cyberarkpas/changelog.yml +++ b/packages/cyberarkpas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "2.3.2" changes: - description: Fix error ingesting events with a single entry in the CAProperties field diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json index d668b484cad..615d22ceed8 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json @@ -25,7 +25,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add file category", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add file category", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add file category", @@ -222,7 +222,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add file category", @@ -289,7 +289,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add file category", @@ -357,7 +357,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json index 2aa02e5e530..bfa18116f8c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json @@ -25,7 +25,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update file category", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update file category", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update file category", @@ -222,7 +222,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update file category", @@ -290,7 +290,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update file category", @@ -358,7 +358,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json index 2022782fd8c..53fc13cb09f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json @@ -26,7 +26,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json index d58ef3f0085..6200a51d3f8 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "rename file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json index 1cf1d9534d8..23e7b7113e1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "rename file (cont.)", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json index 58a54ee60d0..285f1b0706c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "unlock file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json index 89e2590eb26..65de2e39e05 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json @@ -43,7 +43,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm disable password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json index 878f14741cc..191b7d116f9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "get user's details", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json index 3f28500a2d4..82c40895064 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", @@ -95,7 +95,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", @@ -173,7 +173,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", @@ -251,7 +251,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", @@ -329,7 +329,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", @@ -407,7 +407,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", @@ -485,7 +485,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", @@ -564,7 +564,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", @@ -643,7 +643,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", @@ -722,7 +722,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", @@ -801,7 +801,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", @@ -880,7 +880,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add user", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json index c24735d63bd..70b4ce1cdb6 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json index 60ed9e9c800..668678b5628 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add safe", @@ -80,7 +80,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json index 37f3b4253b6..770a65977ca 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add folder", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add folder", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json index 0b63dd8926e..aafa94978d6 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "full gateway connection", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "full gateway connection", @@ -198,7 +198,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "full gateway connection", @@ -289,7 +289,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "full gateway connection", @@ -370,7 +370,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "full gateway connection", @@ -462,7 +462,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "full gateway connection", @@ -554,7 +554,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "full gateway connection", @@ -637,7 +637,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "full gateway connection", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "full gateway connection", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json index 0c1d69783d3..2148786e9b2 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "partial gateway connection", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json index 3dbd24212b0..304c669f4ee 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "old backup files deletion start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json index 1aeb353e586..ab798ac45fb 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "old backup files deletion end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json index 02c6a3ab6e0..5b3de040105 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json index 0629a4dbc42..3d6e070f512 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "action on closed safe", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "action on closed safe", @@ -136,7 +136,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "action on closed safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json index 344652e6d30..ee4780fa908 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json @@ -42,7 +42,7 @@ "domain": "radiussrv.cyberark.local" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm change password", @@ -136,7 +136,7 @@ "domain": "components" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm change password", @@ -239,7 +239,7 @@ "domain": "components" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm change password", @@ -343,7 +343,7 @@ "domain": "components" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm change password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json index 99150378ce1..b7d933673b1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add/update group", @@ -79,7 +79,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add/update group", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add/update group", @@ -203,7 +203,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add/update group", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json index f39c58907c1..56a8f135248 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -144,7 +144,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -207,7 +207,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -333,7 +333,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -396,7 +396,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -459,7 +459,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -522,7 +522,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -586,7 +586,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -650,7 +650,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -714,7 +714,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -778,7 +778,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", @@ -842,7 +842,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add group member", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json index 51a82097dfc..a9da765eef7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "remove group member", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "remove group member", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json index b883797c36a..6ba58f8acd7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "remove owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json index c64b2c8f9e4..e65fb5a99d1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add rule", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json index d31e6c648b1..f736e3c9c68 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "auto clear users history start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "auto clear users history start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json index b2cfaed910f..674f760cb0d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "auto clear users history end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "auto clear users history end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json index e3ce6412c8a..e90b99eccf1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "auto clear safes history start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json index d450f795b01..84739b27c1c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "auto clear safes history end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json index 425105efbf1..96411f314c0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json @@ -28,7 +28,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store password", @@ -90,7 +90,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store password", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store password", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store password", @@ -296,7 +296,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store password", @@ -362,7 +362,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store password", @@ -449,7 +449,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store password", @@ -517,7 +517,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store password", @@ -596,7 +596,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store password", @@ -674,7 +674,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json index 41438268f28..64b841b474a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -219,7 +219,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -324,7 +324,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -410,7 +410,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -510,7 +510,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -600,7 +600,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -694,7 +694,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -803,7 +803,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -889,7 +889,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -979,7 +979,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -1073,7 +1073,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json index 7843e939f2c..4644d59516d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json @@ -47,7 +47,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -387,7 +387,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -621,7 +621,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -861,7 +861,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -992,7 +992,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -1121,7 +1121,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -1250,7 +1250,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -1379,7 +1379,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -1504,7 +1504,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -1629,7 +1629,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -1763,7 +1763,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -1897,7 +1897,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", @@ -2031,7 +2031,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm connect", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json index 65eee3ee787..bc8c11f13e3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json @@ -48,7 +48,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -156,7 +156,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -275,7 +275,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -394,7 +394,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -513,7 +513,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -632,7 +632,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -751,7 +751,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -876,7 +876,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -1009,7 +1009,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -1140,7 +1140,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -1271,7 +1271,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -1402,7 +1402,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -1529,7 +1529,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -1656,7 +1656,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -1792,7 +1792,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", @@ -1928,7 +1928,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm disconnect", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json index 1ab0b5b07ef..11d884e9926 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "psm upload recording", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json index 54c187801d8..2504ae675c8 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "use password", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "use password", @@ -244,7 +244,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "use password", @@ -351,7 +351,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "use password", @@ -458,7 +458,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "use password", @@ -565,7 +565,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "use password", @@ -672,7 +672,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "use password", @@ -784,7 +784,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "use password", @@ -902,7 +902,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "use password", @@ -1025,7 +1025,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "use password", @@ -1148,7 +1148,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "use password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json index e68734ee6ab..30896ed6d29 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json @@ -21,7 +21,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_failure", @@ -95,7 +95,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_failure", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_failure", @@ -254,7 +254,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_failure", @@ -338,7 +338,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_failure", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json index 6e1a22d3583..91cd276d2ea 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json @@ -44,7 +44,7 @@ "domain": "dbserver.cyberark.local" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm reconcile password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json index a46626fc88e..e50d49885e0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "monitor dr replication start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "monitor dr replication start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json index f9ff68fa42c..7641c9d82e9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "monitor dr replication end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "monitor dr replication end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json index 17f18a45fd0..3fbb19fc0b8 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "reset user password detailed information", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json index b1a592c5cdd..a3c6d33eb7f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "reset user password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json index 349758ec7bd..6e18fb7a9b3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -179,7 +179,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -260,7 +260,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -341,7 +341,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -422,7 +422,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -503,7 +503,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -584,7 +584,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -665,7 +665,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -746,7 +746,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -827,7 +827,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -908,7 +908,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -989,7 +989,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -1070,7 +1070,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -1151,7 +1151,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", @@ -1232,7 +1232,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json index 8603c93a5db..63482dee92a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm auto-detection start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json index f888ac2456a..65b68fe2e44 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm auto-detection end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json index 92a5875e82a..5381eb6a043 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update owner", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update owner", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update owner", @@ -261,7 +261,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update owner", @@ -342,7 +342,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update owner", @@ -423,7 +423,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update owner", @@ -505,7 +505,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json index a6a5bdfc80e..10f0f71ce25 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "monitor license expiration date start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json index a719b1ea145..5a7ef679b16 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "monitor license expiration date end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json index dcdf515d33e..20ce62c255b 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "monitor fw rules start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "monitor fw rules start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json index 2f0d5e24263..e2dc4666514 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "monitor fw rules end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "monitor fw rules end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json index fa370bc02c7..52a9e55649e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sql command", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sql command", @@ -294,7 +294,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sql command", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sql command", @@ -530,7 +530,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sql command", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sql command", @@ -766,7 +766,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sql command", @@ -884,7 +884,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sql command", @@ -1002,7 +1002,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sql command", @@ -1120,7 +1120,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sql command", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json index d72333d4977..2e354b68a63 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "keystroke logging", @@ -164,7 +164,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "keystroke logging", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "keystroke logging", @@ -426,7 +426,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "keystroke logging", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "keystroke logging", @@ -693,7 +693,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "keystroke logging", @@ -829,7 +829,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "keystroke logging", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json index d88e3b7bbc8..6144f3c24a7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json @@ -57,7 +57,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -294,7 +294,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -413,7 +413,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -532,7 +532,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -640,7 +640,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -749,7 +749,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -858,7 +858,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -967,7 +967,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -1076,7 +1076,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -1188,7 +1188,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -1300,7 +1300,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -1412,7 +1412,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -1527,7 +1527,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", @@ -1646,7 +1646,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json index b92aa3cd34d..3a9c8f2a993 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json @@ -23,7 +23,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blservice audit record", @@ -86,7 +86,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blservice audit record", @@ -149,7 +149,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blservice audit record", @@ -212,7 +212,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blservice audit record", @@ -275,7 +275,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "blservice audit record", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json index 844dc83b2b2..660aa444158 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_failure", @@ -96,7 +96,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_failure", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json index b37dcf02efa..be017936874 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json @@ -56,7 +56,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "window title", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json index c9155a177cd..365d8c4e2a6 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json @@ -57,7 +57,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "keystroke logging", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json index 74707607496..bd3871b1af1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm verify ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json index 7d2035507fa..11deb9423f1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json index af3c4605757..5b9aefde0f0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve ssh key", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve ssh key", @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json index 7b104fbfef1..1635cff6950 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "create discovery succeeded", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json index a7dffcdb3d4..9ce892c55e9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "general audit", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "general audit", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "general audit", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json index a4abeeb335a..6b03445799d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "the component public key for jwt authentication was updated", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json index 16c4a139653..555626db96e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "security warning - the signature hash algorithm of the vault certificate is sha1.", @@ -67,7 +67,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "security warning - the signature hash algorithm of the vault certificate is sha1.", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json index c1e3fec5522..76420ff3646 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "update existing add account bulk operation succeeded", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json index fe6a1b15f71..6568c0af109 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store file", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store file", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store file", @@ -198,7 +198,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store file", @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store file", @@ -337,7 +337,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "store file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json index 10b29789963..ae8b5873f1e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve file", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve file", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json index 43c85740c08..4b2bc7da32b 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json @@ -31,7 +31,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete file", @@ -106,7 +106,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete file", @@ -167,7 +167,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete file", @@ -225,7 +225,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete file", @@ -301,7 +301,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete file", @@ -372,7 +372,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete file", @@ -445,7 +445,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete file", @@ -518,7 +518,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete file", @@ -595,7 +595,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete file", @@ -672,7 +672,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json index 440715f1d77..32d817759f7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json @@ -54,7 +54,7 @@ "domain": "rhel7.cybr.com" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm change password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json index a2a8556d13f..d3e5875c2b3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "clear safe history", @@ -68,7 +68,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "clear safe history", @@ -116,7 +116,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "clear safe history", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json index 5f903d09149..d039ec2997e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json @@ -54,7 +54,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm reconcile password failed", @@ -172,7 +172,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm reconcile password failed", @@ -288,7 +288,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm reconcile password failed", @@ -406,7 +406,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm reconcile password failed", @@ -524,7 +524,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm reconcile password failed", @@ -641,7 +641,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm reconcile password failed", @@ -760,7 +760,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm reconcile password failed", @@ -877,7 +877,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm reconcile password failed", @@ -997,7 +997,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "cpm reconcile password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json index 3c994ed87e6..339bb3e27e0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "create file version", @@ -84,7 +84,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "create file version", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "create file version", @@ -216,7 +216,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "create file version", @@ -283,7 +283,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "create file version", @@ -341,7 +341,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "create file version", @@ -413,7 +413,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "create file version", @@ -474,7 +474,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "create file version", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json index 1793d33f6d8..b0f51356eec 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json @@ -21,7 +21,7 @@ "ip": "10.2.0.3" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -280,7 +280,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -346,7 +346,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -417,7 +417,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -492,7 +492,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -576,7 +576,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -655,7 +655,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -730,7 +730,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -805,7 +805,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json index 84cdd8aca95..15508e8ed0a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -280,7 +280,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -346,7 +346,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -487,7 +487,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -562,7 +562,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -637,7 +637,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -727,7 +727,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -812,7 +812,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -883,7 +883,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -959,7 +959,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", @@ -1049,7 +1049,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logoff", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json index 240ee979e92..92f77155448 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -68,7 +68,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -118,7 +118,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -217,7 +217,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -269,7 +269,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -330,7 +330,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -391,7 +391,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -452,7 +452,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -513,7 +513,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -635,7 +635,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -697,7 +697,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -759,7 +759,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -821,7 +821,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -883,7 +883,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -945,7 +945,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", @@ -1007,7 +1007,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "set password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json index 8b48e210aaf..a82dfe94c52 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "open file (write only)", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "open file (write only)", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "open file (write only)", @@ -213,7 +213,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "open file (write only)", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json index 255d6b16e2a..dba5e1a5a36 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "open file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json index 28dc15641d9..645bbc653c9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json index c70ca05ad8f..3567eb9e2cb 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "retrieve file", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "authentication_success", diff --git a/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 845c3cc4b87..c12922ca45e 100644 --- a/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,11 +3,11 @@ description: Pipeline for CyberArk PAS processors: # - # Set ECS version and event.ingested + # Set ECS version. # - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # # Set event.original from message, unless reindexing. diff --git a/packages/cyberarkpas/data_stream/audit/sample_event.json b/packages/cyberarkpas/data_stream/audit/sample_event.json index 66d187f6c8b..fd888f6521c 100644 --- a/packages/cyberarkpas/data_stream/audit/sample_event.json +++ b/packages/cyberarkpas/data_stream/audit/sample_event.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/cyberarkpas/docs/README.md b/packages/cyberarkpas/docs/README.md index c925b414b3c..21b6c5fe40f 100644 --- a/packages/cyberarkpas/docs/README.md +++ b/packages/cyberarkpas/docs/README.md @@ -69,7 +69,7 @@ An example event for `audit` looks as following: } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/cyberarkpas/manifest.yml b/packages/cyberarkpas/manifest.yml index f364177e43a..5ad51e71e92 100644 --- a/packages/cyberarkpas/manifest.yml +++ b/packages/cyberarkpas/manifest.yml @@ -1,6 +1,6 @@ name: cyberarkpas title: CyberArk Privileged Access Security Logs -version: 2.3.2 +version: 2.4.0 release: ga description: Collect audit logs from Cyberark Vault servers with Elastic Agent. type: integration diff --git a/packages/cylance/_dev/build/build.yml b/packages/cylance/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/cylance/_dev/build/build.yml +++ b/packages/cylance/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/cylance/changelog.yml b/packages/cylance/changelog.yml index df8d35f0e8a..b25716532da 100644 --- a/packages/cylance/changelog.yml +++ b/packages/cylance/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "0.7.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json index 0581a11a3b8..b1f596ede7c 100644 --- a/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/cylance/data_stream/protect/_dev/test/pipeline/test-generated.log-expected.json @@ -2,10 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178265691Z" + "version": "8.2.0" }, "message": "29-January-2016 06:09:59 high boNemoe4402.www.invalid dolore \u003c\u003csequa\u003eabo 2016-1-29T6:09:59.squira nostrud4819.mail.test CylancePROTECT mqui nci [billoi] Event Type: AuditLog, Event Name: ZoneAdd, Message: Policy Assigned:orev; Devices: pisciv , User: uii umexe (estlabo)", "tags": [ @@ -14,10 +11,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178269206Z" + "version": "8.2.0" }, "message": "2016-2-12T1:12:33.olupt volup208.invalid CylancePROTECT eosquir orsi [nulapari] Event Type: AuditLog, Event Name: LoginSuccess, Message: Devices: vol, User: luptat isiutal (moenimi)", "tags": [ @@ -26,10 +20,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178270320Z" + "version": "8.2.0" }, "message": "26-Feb-2016 8:15:08 very-high anonnu410.internal.home aqu \u003c\u003cutper\u003esquame 26T20:15:08.ntex eius6159.www5.localhost CylancePROTECT Event Name:Alert, Device Message: Device: aer User: ),lupt (tia oloremqu Zone Names: temvel Device Id: iatu", "tags": [ @@ -38,10 +29,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178271371Z" + "version": "8.2.0" }, "message": "2016-3-12T3:17:42.ceroinBC ratvolup497.www.corp CylancePROTECT ionofde con [uia] Event Type: AuditLog, Event Name: SystemSecurity, Message: ommodic, User: mipsu consec (taliquip)", "tags": [ @@ -50,10 +38,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178272336Z" + "version": "8.2.0" }, "message": "2016-3-26T10:20:16.gelit tatno5625.api.local CylancePROTECT taev roidents [oluptas] Event Type: AuditLog, Event Name: Alert, Message: Source: taliqu; SHA256: ommod; Reason: failure, User: tur aperi (iveli)", "tags": [ @@ -62,10 +47,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178273302Z" + "version": "8.2.0" }, "message": "uatDuis 2016-4-9T5:22:51.ude maveniam1399.mail.lan CylancePROTECT siutaliq exercit [tempor] Event Type: omnis, Event Name: SystemSecurity, Device Name: eip, Agent Version: lupta, IP Address: (10.124.61.119), MAC Address: (01:00:5e:dc:bb:8b), Logged On Users: (occ), OS: ect Zone Names: reetdolo", "tags": [ @@ -74,10 +56,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178274292Z" + "version": "8.2.0" }, "message": "24-Apr-2016 12:25:25 low lor340.mail.local natura \u003c\u003caboris\u003eima 24T00:25:25.tanimi nimadmin6499.local CylancePROTECT Event Name:Device Policy Assigned, Device Message: Device: dexe User: ),urerep (aquaeab liqu Zone Names: lorem Device Id: emq", "tags": [ @@ -86,10 +65,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178275292Z" + "version": "8.2.0" }, "message": "ari 2016-5-8T7:27:59.equun suntinc4934.www5.test CylancePROTECT ipis gelits [tatevel] Event Type: AuditLog, Event Name: ThreatUpdated, Message: Policy: uptatev; SHA256: uovol, User: )dmi (olab mquisnos", "tags": [ @@ -98,10 +74,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178276245Z" + "version": "8.2.0" }, "message": "22-May-2016 14:30:33 medium tvol457.internal.local inim \u003c\u003cema\u003eroinBCSe 2016-5-22T2:30:33.onse tae1382.mail.localhost CylancePROTECT oluptate ofdeF tion Event Type: orsitame, Event Name: threat_quarantined, Threat Class: lit, Threat Subclass: iam, SHA256: qua, MD5: umdo", "tags": [ @@ -110,10 +83,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178277198Z" + "version": "8.2.0" }, "message": "2016-6-5T9:33:08.eniam reetdolo2451.www.example CylancePROTECT rumet oll [erc] Event Type: ScriptControl, Event Name: SystemSecurity, Device Name: llam, File Path: aspern, Interpreter: itlabori, Interpreter Version: 1.2344, Zone Names: ollit, User Name: usan", "tags": [ @@ -122,10 +92,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178278144Z" + "version": "8.2.0" }, "message": "olo 2016-6-20T4:35:42.uaera sitas4259.mail.corp CylancePROTECT atquovo iumto aboreetd Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Zone: dun; Policy: enim; Value: saute, User: vel quu (undeo)", "tags": [ @@ -134,10 +101,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178279361Z" + "version": "8.2.0" }, "message": "2016-7-4T11:38:16.isqu uis7612.www5.domain CylancePROTECT llumquid tation [ips] Event Type: emeumfug, Event Name: Registration, emporinc", "tags": [ @@ -146,10 +110,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178280354Z" + "version": "8.2.0" }, "message": "cup 2016-7-18T6:40:50.boNemoen uid7309.api.domain CylancePROTECT uradi aborumSe luptat Event Type: AuditLog, Event Name: SyslogSettingsSave, Message: Policy: antiumto, User: strude ctetura (usmod)", "tags": [ @@ -158,10 +119,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178281333Z" + "version": "8.2.0" }, "message": "2-Aug-2016 1:43:25 high fugit7668.www5.invalid lupt \u003c\u003cxea\u003equa 2T01:43:25.luptatev admi3749.api.lan CylancePROTECT Event Name:DeviceRemove, Device Message: Device: tinvol; Zones Removed: dolore; Zones Added: abor, User: iqui etc (etM), Zone Names:nimadmin Device Id: ditautfu", "tags": [ @@ -170,10 +128,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178282316Z" + "version": "8.2.0" }, "message": "2016-8-16T8:45:59.ostr rudexerc703.internal.host CylancePROTECT itaut imaven [liqua] Event Type: ScriptControl, Event Name: fullaccess, Device Name: onproide, File Path: Nemoen, Interpreter: tfug, Interpreter Version: 1.5383 (ccu), Zone Names: urE, User Name: isaute", "tags": [ @@ -182,10 +137,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178283310Z" + "version": "8.2.0" }, "message": "eomnisis 2016-8-30T3:48:33.mqui civeli370.www5.local CylancePROTECT sunt stl tdolorem Event Type: AuditLog, Event Name: Alert, Message: The Device: picia was auto assigned to the Zone: IP Address: Fake Devices, User: mUtenima emaperi ()tame", "tags": [ @@ -194,10 +146,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178284420Z" + "version": "8.2.0" }, "message": "September 2016/09/13 22:51:07 ivelits712.api.example CylancePROTECT Event Type: AppControl, etdolo inv [agnaali] Event Type: AppControl, Event Name: threat_found, Device Name: sequatur, IP Address: (10.199.98.186), Action: cancel, Action Type: nihi, File Path: Lor, SHA256: itecto, Zone Names: erc", "tags": [ @@ -206,10 +155,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178285400Z" + "version": "8.2.0" }, "message": "olupt 2016-9-28T5:53:42.modoco estqu1709.internal.example CylancePROTECT ostrume molest [upt] Event Type: Threat, Event Name: LoginSuccess, Device Name: uasia, IP Address: (10.64.70.5), File Name: ici, Path: giatquov, Drive Type: eritquii, SHA256: dexeac, MD5: iscinge, Status: atvol, Cylance Score: 145.898000, Found Date: uames, File Type: tati, Is Running: utaliqu, Auto Run: oriosamn, Detected By: deFinibu, Zone Names: iadese, Is Malware: imidest, Is Unique To Cylance: emagnama, Threat Classification: eprehend", "tags": [ @@ -218,10 +164,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178286363Z" + "version": "8.2.0" }, "message": "2016-10-12T12:56:16.suntinc xeac7155.www.localdomain CylancePROTECT taliq intoccae [ents] Event Type: pida, Event Name: Alert, Device Name: idolor, Agent Version: emeumfu, IP Address: (10.143.239.210), MAC Address: (01:00:5e:93:1c:9f), Logged On Users: (oinBCSe), OS: mnisist Zone Names: sedd", "tags": [ @@ -230,10 +173,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178287317Z" + "version": "8.2.0" }, "message": "ipitla 2016-10-26T7:58:50.quae maccusa5126.api.domain CylancePROTECT idex xerci [aqu] Event Type: ExploitAttempt, Event Name: Alert, Device Name: olorema, IP Address: (10.32.143.134), Action: accept, Process ID: 2289, Process Name: aliqu.exe, User Name: olupta, Violation Type: mipsumd, Zone Names: eFinib", "tags": [ @@ -242,10 +182,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178288303Z" + "version": "8.2.0" }, "message": "10-Nov-2016 3:01:24 low eav3687.internal.local siar \u003c\u003corev\u003eiamquis 10T03:01:24.quirat llu4718.localhost CylancePROTECT Event Name:DeviceEdit, Device Name:conseq, External Device Type:oidentsu, External Device Vendor ID:atiset, External Device Name:atu, External Device Product ID:umexerci, External Device Serial Number:ern, Zone Names:psaquae", "tags": [ @@ -254,10 +191,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178289303Z" + "version": "8.2.0" }, "message": "Nov 24 10:03:59 doloremi7402.www.test CylancePROTECT Event Type:stquidol, Event Name:DeviceRemove, Device Message: Device: leumiu; Policy Changed: namali to 'taevit', User: rinrepre etconse (tincu), Zone Names:ari, Device Id: exercit", "tags": [ @@ -266,10 +200,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178290272Z" + "version": "8.2.0" }, "message": "8-December-2016 17:06:33 very-high occae1180.internal.localhost aquaeabi \u003c\u003clita\u003eadeseru 2016-12-8T5:06:33.emoe eaq908.api.home CylancePROTECT itame intoc [oluptas] Event Type: tNequepo, Event Name: ZoneAddDevice, Device Name: luptasn, Zone Names:equat", "tags": [ @@ -278,10 +209,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178291399Z" + "version": "8.2.0" }, "message": "ihilmole 2016-12-23T12:09:07.eriamea amre146.mail.host CylancePROTECT pisciv iquidex radipisc Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Policy: nti; SHA256: abi; Category: sectetur, User: )uioffi (oru temqu", "tags": [ @@ -290,10 +218,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178292370Z" + "version": "8.2.0" }, "message": "ommodico 2017-1-6T7:11:41.quatD mcolab379.internal.home CylancePROTECT tsedqu agnid [proide] Event Type: ScriptControl, Event Name: DeviceRemove, Device Name: tper, File Path: olor, Interpreter: Neque, Interpreter Version: 1.4129 (xerc), Zone Names: iutali, User Name: fdeFi", "tags": [ @@ -302,10 +227,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178293314Z" + "version": "8.2.0" }, "message": "Jan 20 2:14:16 tasuntex5037.www.corp CylancePROTECT Event Type:boN, Event Name:threat_quarantined, Device Name:ectio, Agent Version:dutper, IP Address: (10.237.205.140), MAC Address: (01:00:5e:3f:c4:6c), Logged On Users: (uames), OS:iduntu, Zone Names:veniam", "tags": [ @@ -314,10 +236,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178294280Z" + "version": "8.2.0" }, "message": "3-Feb-2017 9:16:50 very-high reme622.mail.example isnisiu \u003c\u003cbore\u003etsu 3T21:16:50.tcons sciun4694.api.lan CylancePROTECT Event Name:LoginSuccess, Device Message: Device: nsect User: ),idata (rumwritt magnid Zone Names: enderit Device Id: untex", "tags": [ @@ -326,10 +245,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178295234Z" + "version": "8.2.0" }, "message": "paquioff 2017-2-18T4:19:24.mquisnos maven3758.www.invalid CylancePROTECT labor didunt uptatema Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: udan, IP Address: (10.74.104.215), Action: cancel, Process ID: 7410, Process Name: mveleu.exe, User Name: nofdeFin, Violation Type: sequam, Zone Names: temvel", "tags": [ @@ -338,10 +254,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178296228Z" + "version": "8.2.0" }, "message": "4-Mar-2017 11:21:59 medium tvolu3997.mail.home eiu \u003c\u003cntiumdo\u003eautfu 4T11:21:59.gnaaliq mni7200.mail.localdomain CylancePROTECT Event Name:pechange, Device Name:idolor, Zone Names:uisau, Device Id: eleum", "tags": [ @@ -350,10 +263,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178297185Z" + "version": "8.2.0" }, "message": "Mar 18 6:24:33 ate4627.localdomain CylancePROTECT Event Type:officiad, Event Name:Device Policy Assigned, Message: The Device:quinescwas auto assigned to Zone:madmi, User:tur", "tags": [ @@ -362,10 +272,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178298139Z" + "version": "8.2.0" }, "message": "2-April-2017 01:27:07 very-high orem6702.invalid tev \u003c\u003csaute\u003entocca 2017-4-2T1:27:07.ostru ntoccae1705.internal.invalid CylancePROTECT temquiav equatu [upta] Event Type: ScriptControl, Event Name: Alert, Device Name: sBon, File Path: orro, Interpreter: tae, Interpreter Version: 1.3212, Zone Names: tlab, User Name: aperiame", "tags": [ @@ -374,10 +281,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178299124Z" + "version": "8.2.0" }, "message": "16-Apr-2017 8:29:41 high tobea2364.internal.localhost itinvol \u003c\u003ceavolup\u003efugiatn 16T08:29:41.docon etconsec6708.internal.invalid CylancePROTECT Event Name:PolicyAdd, Device Name:ersp, External Device Type:tquov, External Device Vendor ID:diconseq, External Device Name:inven, External Device Product ID:osquira, External Device Serial Number:tes, Zone Names:mquame", "tags": [ @@ -386,10 +290,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178300085Z" + "version": "8.2.0" }, "message": "2017-4-30T3:32:16.squirati Sedutp7428.internal.home CylancePROTECT utlabor itessequ [porro] Event Type: AuditLog, Event Name: PolicyAdd, Message: Zone: iquipe; Policy: itempor; Value: quin, User: upida tvolupt (eufugi)", "tags": [ @@ -398,10 +299,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178301053Z" + "version": "8.2.0" }, "message": "uamni 2017-5-14T10:34:50.ctet ati4639.www5.home CylancePROTECT archite loreme [untu] Event Type: AuditLog, Event Name: Alert, Message: Device: ven; User: con nisist (usmodte)", "tags": [ @@ -410,10 +308,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178302230Z" + "version": "8.2.0" }, "message": "2017-5-29T5:37:24.eturadi torever662.www5.home CylancePROTECT quam sumdolor [meaqueip] Event Type: AuditLog, Event Name: PolicyAdd, Message: The Device: pexe was auto assigned to the Zone: IP Address: 10.70.168.240, User: amcol adeser ()oin", "tags": [ @@ -422,10 +317,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178303201Z" + "version": "8.2.0" }, "message": "12-June-2017 12:39:58 medium meius3932.internal.example ccaeca \u003c\u003cumdolo\u003euptate 2017-6-12T12:39:58.amc cusant1701.api.localdomain CylancePROTECT siutaliq dutp psaquaea Event Type: taevita, Event Name: DeviceRemove, Device Name: siut, Agent Version: tconsect, IP Address: (10.190.175.158), MAC Address: (01:00:5e:45:8b:97), Logged On Users: (ditemp), OS: edqui", "tags": [ @@ -434,10 +326,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178304166Z" + "version": "8.2.0" }, "message": "26-June-2017 19:42:33 very-high rnatu2805.www.home enderi \u003c\u003cmquisno\u003eodoconse 2017-6-26T7:42:33.quamqua eacommod1930.internal.lan CylancePROTECT tpersp stla uptatema Event Type: AuditLog, Event Name: fullaccess, Message: Device: uradi; SHA256: tot; Category: llamco, User: )nea (psum tasnulap", "tags": [ @@ -446,10 +335,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178305114Z" + "version": "8.2.0" }, "message": "2017-7-11T2:45:07.oremipsu emeumfug4387.internal.lan CylancePROTECT uidol litani [utodita] Event Type: AuditLog, Event Name: Alert, Message: Device: untincul; SHA256: iduntu, User: )ccaeca (niamq lapariat", "tags": [ @@ -458,10 +344,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178306068Z" + "version": "8.2.0" }, "message": "uat 2017-7-25T9:47:41.tiaec rumwrit764.www5.local CylancePROTECT edquiac urerepr [eseru] Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: etMal, External Device Type: qua, External Device Vendor ID: rsita, External Device Name: ate, External Device Product ID: ipsamvo, External Device Serial Number: onula, Zone Names: miu", "tags": [ @@ -470,10 +353,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178307023Z" + "version": "8.2.0" }, "message": "Aug 8 4:50:15 mex2054.mail.corp CylancePROTECT Event Type:luptat, Event Name:SyslogSettingsSave, Message: Provider:ica, Source IP:10.13.66.97, User: dicta taedicta (ritt)#015", "tags": [ @@ -482,10 +362,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178307996Z" + "version": "8.2.0" }, "message": "2017-8-22T11:52:50.dictasun veniamqu7284.mail.invalid CylancePROTECT nte mvel nof Event Type: AuditLog, Event Name: DeviceEdit, Message: The Device: tetur was auto assigned to the Zone: IP Address: Fake Devices, User: ()xce", "tags": [ @@ -494,10 +371,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178308969Z" + "version": "8.2.0" }, "message": "6-September-2017 06:55:24 high isiu5733.api.domain etdolor \u003c\u003clupta\u003exeaco 2017-9-6T6:55:24.nvolupt oremi1485.api.localhost CylancePROTECT iosa boNemoe [onsequ] Event Type: AuditLog, Event Name: threat_quarantined, Message: SHA256: amvolupt; Reason: success, User: atisund xea (ites)", "tags": [ @@ -506,10 +380,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178309988Z" + "version": "8.2.0" }, "message": "eri 2017-9-20T1:57:58.quunt olori416.api.test CylancePROTECT elit cidunt plica Event Type: ExploitAttempt, Event Name: Alert, Device Name: exeaco, IP Address: (10.31.190.145), Action: cancel, Process ID: 5530, Process Name: accusant.exe, User Name: onse, Violation Type: admin, Zone Names: stenatu", "tags": [ @@ -518,10 +389,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178310955Z" + "version": "8.2.0" }, "message": "4-Oct-2017 9:00:32 high nvol6269.internal.local tla \u003c\u003citem\u003enimid 4T21:00:32.dat periam126.api.host CylancePROTECT Event Name:threat_found, Threat Class:rExc, Threat Subclass:iusmo, SHA256:tame, MD5:naaliq", "tags": [ @@ -530,10 +398,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178311931Z" + "version": "8.2.0" }, "message": "19-October-2017 04:03:07 medium toccaec7645.www5.home psaqua \u003c\u003cullamcor\u003eitationu 2017-10-19T4:03:07.proident maliquam2147.internal.home CylancePROTECT lores ritati orisni Event Type: DeviceControl, Event Name: PolicyAdd, Device Name: estl, External Device Type: sitam, External Device Vendor ID: orem, External Device Name: rcit, External Device Product ID: llamco, External Device Serial Number: atu, Zone Names: untincul", "tags": [ @@ -542,10 +407,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178312884Z" + "version": "8.2.0" }, "message": "iuntNe 2017-11-2T11:05:41.atise tate6578.api.localdomain CylancePROTECT emvele isnost [olorem] Event Type: Threat, Event Name: PolicyAdd, Device Name: yCiceroi, IP Address: (10.252.165.146), File Name: iquamqua, Path: sit, Drive Type: rumSect, SHA256: ita, MD5: vitaed, Status: exeaco, Cylance Score: 51.523000, Found Date: mven, File Type: olorsit, Is Running: tore, Auto Run: elits, Detected By: consequa, Zone Names: turadip, Is Malware: tatevel, Is Unique To Cylance: boreetdo, Threat Classification: undeom", "tags": [ @@ -554,10 +416,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178313846Z" + "version": "8.2.0" }, "message": "2017-11-16T6:08:15.uov itlab6956.mail.local CylancePROTECT loremqu tetur amvo Event Type: siuta, Event Name: threat_changed, Device Name: ommodo, Agent Version: uptat, IP Address: (10.105.46.101, tatione), MAC Address: (01:00:5e:de:32:2c, ori), Logged On Users: (tconsect), OS: rum", "tags": [ @@ -566,10 +425,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178314807Z" + "version": "8.2.0" }, "message": "2017-12-1T1:10:49.ugiatn midestl1919.host CylancePROTECT cingel modocon [ipsu] Event Type: ntNeq, Event Name: Device Policy Assigned, Device Name: aUt, Agent Version: boNem, IP Address: (10.124.88.222), MAC Address: (01:00:5e:f9:78:c2), Logged On Users: (onu), OS: liquaUte", "tags": [ @@ -578,10 +434,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178315768Z" + "version": "8.2.0" }, "message": "ria 2017-12-15T8:13:24.atDu nsec923.internal.local CylancePROTECT agnaaliq tlaboree norumet Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: mod, IP Address: (10.28.120.149), Action: deny, Process ID: 3916, Process Name: tinvolup.exe, User Name: tsed, Violation Type: inv, Zone Names: rroq", "tags": [ @@ -590,10 +443,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178316720Z" + "version": "8.2.0" }, "message": "2017-12-29T3:15:58.mipsamvo eiusmod3517.internal.invalid CylancePROTECT oreveri ehende [eaqueip] Event Type: AuditLog, Event Name: ZoneAddDevice, Message: Device: olup; SHA256: labor, User: )dol (sciun metcons", "tags": [ @@ -602,10 +452,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178317823Z" + "version": "8.2.0" }, "message": "12-January-2018 22:18:32 high asnu3806.api.lan tamet \u003c\u003cperspici\u003eationul 2018/01/12T22:18:32.mquisn queips4947.mail.example CylancePROTECT molestia quir eavolup Event Type: AppControl, Event Name: Registration, Device Name: labore, IP Address: (10.165.16.231), Action: accept, Action Type: uto, File Path: iuntNequ, SHA256: esseq, Zone Names: aincidun", "tags": [ @@ -614,10 +461,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178318886Z" + "version": "8.2.0" }, "message": "27-January-2018 05:21:06 low oloreseo5039.test derit \u003c\u003corese\u003edolor 2018-1-27T5:21:06.econs ntexpl3889.www.home CylancePROTECT yCic nder [mdolore] Event Type: Cic, Event Name: DeviceRemove, Device Name: saqu, Agent Version: iscive, IP Address: (10.156.34.19), MAC Address: (01:00:5e:54:ab:3f), Logged On Users: (imveni), OS: ariaturE Zone Names: stquid", "tags": [ @@ -626,10 +470,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178319848Z" + "version": "8.2.0" }, "message": "ree 2018-2-10T12:23:41.saquaea ation6657.www.home CylancePROTECT iatqu lorsi repreh Event Type: AuditLog, Event Name: Registration, Message: sitamet, User: utlabo tetur (tionula)", "tags": [ @@ -638,10 +479,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178320823Z" + "version": "8.2.0" }, "message": "24-Feb-2018 7:26:15 very-high idolor3916.www5.home tas \u003c\u003cautfugi\u003etasun 24T19:26:15.duntutla ntium4450.www5.localdomain CylancePROTECT Event Name:DeviceRemove, Device Name:vol, Agent Version:oremquel, IP Address: (10.22.94.10), MAC Address: (01:00:5e:ee:e8:77), Logged On Users: (ssusci), OS:animid, Zone Names:mpo", "tags": [ @@ -650,10 +488,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178321773Z" + "version": "8.2.0" }, "message": "llam 2018-3-11T2:28:49.cti aparia1179.www.localdomain CylancePROTECT rever ore offici Event Type: AuditLog, Event Name: DeviceEdit, Message: Devices: metco, User: acom ceroinB (nim)", "tags": [ @@ -662,10 +497,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178322730Z" + "version": "8.2.0" }, "message": "25-March-2018 09:31:24 medium taliqui5348.mail.localdomain loremag \u003c\u003ctcu\u003eiatqu 2018-3-25T9:31:24.inBCSedu erspi5757.local CylancePROTECT suntex iacons [occaec] Event Type: DeviceControl, Event Name: LoginSuccess, Device Name: uov, External Device Type: quaeab, External Device Vendor ID: fici, External Device Name: imve, External Device Product ID: quide, External Device Serial Number: quaU, Zone Names: undeomni", "tags": [ @@ -674,10 +506,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178323701Z" + "version": "8.2.0" }, "message": "liquid 2018-4-8T4:33:58.enim Finibus1411.www5.corp CylancePROTECT xea taed umdolo Event Type: AuditLog, Event Name: fullaccess, Message: Policy Assigned:rroqu; Devices: dquiaco , User: nibus vitaed (ser)", "tags": [ @@ -686,10 +515,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178324670Z" + "version": "8.2.0" }, "message": "Apr 22 11:36:32 upt7879.www5.example CylancePROTECT Event Type:idolo, Event Name:threat_found, Device Message: Device: edolo; Zones Removed: ugiatquo; Zones Added: ntium, User: uptate lloinven (econs), Zone Names:lmolesti Device Id: apariatu", "tags": [ @@ -698,10 +524,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178325636Z" + "version": "8.2.0" }, "message": "May 2018/05/07 06:39:06 erspi4926.www5.test CylancePROTECT Event Type: AppControl, incidid quin [autemv] Event Type: AppControl, Event Name: PolicyAdd, Device Name: fugits, IP Address: (10.153.34.43), Action: allow, Action Type: acommo, File Path: isi, SHA256: culpaq, Zone Names: saute", "tags": [ @@ -710,10 +533,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178326604Z" + "version": "8.2.0" }, "message": "2018-5-21T1:41:41.abor magnid3343.home CylancePROTECT tesseq niam [pernat] Event Type: DeviceControl, Event Name: threat_found, Device Name: gitse, External Device Type: ugitse, External Device Vendor ID: quiineav, External Device Name: billoinv, External Device Product ID: sci, External Device Serial Number: col, Zone Names: obea", "tags": [ @@ -722,10 +542,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178327561Z" + "version": "8.2.0" }, "message": "4-Jun-2018 8:44:15 high uptatem4483.localhost inrepr \u003c\u003cmol\u003eumdolors 4T20:44:15.dolori asperna7623.www.home CylancePROTECT Event Name:ThreatUpdated, Message: Device:dexewas auto assigned to Zone:tat, User:onproide", "tags": [ @@ -734,10 +551,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178328537Z" + "version": "8.2.0" }, "message": "riosa 2018-6-19T3:46:49.tNe pisc3553.internal.home CylancePROTECT rautod olest eataev Event Type: ExploitAttempt, Event Name: DeviceEdit, Device Name: ritati, IP Address: (10.43.110.203), Action: allow, Process ID: 1359, Process Name: nim.exe, User Name: ame, Violation Type: amvolu, Zone Names: mip", "tags": [ @@ -746,10 +560,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178329495Z" + "version": "8.2.0" }, "message": "3-July-2018 10:49:23 medium iame4937.local tiumd \u003c\u003cntmoll\u003emexer 2018/07/03T10:49:23.estla uipexe7153.api.corp CylancePROTECT saqu remips illoi Event Type: AppControl, Event Name: ZoneAdd, Device Name: abori, IP Address: (10.127.20.244), Action: block, Action Type: uelauda, File Path: ema, SHA256: odi, Zone Names: ptatems", "tags": [ @@ -758,10 +569,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178330464Z" + "version": "8.2.0" }, "message": "nde 2018-7-17T5:51:58.abillo undeom845.www5.example CylancePROTECT quaer eetdo [tlab] Event Type: ScriptControl, Event Name: LoginSuccess, Device Name: liq, File Path: seddoeiu, Interpreter: nse, Interpreter Version: 1.3421, Zone Names: quira, User Name: tassita", "tags": [ @@ -770,10 +578,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178331424Z" + "version": "8.2.0" }, "message": "Aug 1 12:54:32 atis6201.internal.invalid CylancePROTECT Event Type:nisiut, Event Name:threat_changed, Message: Device:quirawas auto assigned to Zone:rror, User:tatema", "tags": [ @@ -782,10 +587,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178332422Z" + "version": "8.2.0" }, "message": "15-August-2018 07:57:06 low tperspic7591.www.lan ict \u003c\u003csquirati\u003etem 2018-8-15T7:57:06.mestq ura675.mail.localdomain CylancePROTECT eleumiu uei Nequepo Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: seddo, External Device Type: uam, External Device Vendor ID: orumSec, External Device Name: nisiuta, External Device Product ID: stiaecon, External Device Serial Number: dol, Zone Names: sumquiad", "tags": [ @@ -794,10 +596,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178333461Z" + "version": "8.2.0" }, "message": "29-August-2018 14:59:40 high oeni179.api.localhost gna \u003c\u003cisiutali\u003elumqu 2018-8-29T2:59:40.onulamco ons5050.mail.test CylancePROTECT unt tass [tiumdol] Event Type: Threat, Event Name: threat_quarantined, Device Name: mquiad, IP Address: (10.48.209.115), File Name: psa, Path: nculpaq, Drive Type: reseosqu, SHA256: sequat, MD5: lor, Status: ccaec, Cylance Score: 75.498000, Found Date: ommo, File Type: iame, Is Running: laudanti, Auto Run: umiurer, Detected By: rere, Zone Names: cta, Is Malware: aevi, Is Unique To Cylance: uameiusm, Threat Classification: adm", "tags": [ @@ -806,10 +605,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178334436Z" + "version": "8.2.0" }, "message": "12-September-2018 22:02:15 medium mnihilm1903.internal.host ditautf \u003c\u003citametc\u003eori 2018-9-12T10:02:15.uamqu olori4584.mail.domain CylancePROTECT sunt autfugit emUte Event Type: AuditLog, Event Name: ThreatUpdated, Message: Zone: nturmag; Policy: tura; Value: osquirat, User: equat aliquid (usantiu)", "tags": [ @@ -818,10 +614,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178335385Z" + "version": "8.2.0" }, "message": "27-Sep-2018 5:04:49 very-high trudex4443.www5.localhost lor \u003c\u003cxplic\u003eeseruntm 27T05:04:49.lpaquiof oloreeu7597.mail.home CylancePROTECT Event Name:PolicyAdd, Device Name:nula, Agent Version:quiacons, IP Address: (10.7.99.47), MAC Address: (01:00:5e:e8:41:ae), Logged On Users: (evolupta), OS:teturadi, Zone Names:ditau", "tags": [ @@ -830,10 +623,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178336352Z" + "version": "8.2.0" }, "message": "hend 2018-10-11T12:07:23.eacommo ueip5847.api.test CylancePROTECT umd sciveli [dolorem] Event Type: sed, Event Name: Device Updated, Threat Class: Nemoenim, Threat Subclass: usm, SHA256: labori, MD5: porai", "tags": [ @@ -842,10 +632,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178337315Z" + "version": "8.2.0" }, "message": "ostr 2018-10-25T7:09:57.sec uid3520.www.home CylancePROTECT eFini ectob [mrema] Event Type: ScriptControl, Event Name: SystemSecurity, Device Name: prehend, File Path: eufug, Interpreter: roquisq, Interpreter Version: 1.989 (est), Zone Names: civelits, User Name: ici", "tags": [ @@ -854,10 +641,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178338273Z" + "version": "8.2.0" }, "message": "Nov 9 2:12:32 miurerep3693.mail.localhost CylancePROTECT Event Type:iduntu, Event Name:SyslogSettingsSave, Device Name:inibusB, Zone Names:nostrud", "tags": [ @@ -866,10 +650,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178339241Z" + "version": "8.2.0" }, "message": "Nov 23 9:15:06 esse3795.www.host CylancePROTECT Event Type:pariatur, Event Name:SyslogSettingsSave, Message: The Device:imaveniawas auto assigned to Zone:expli, User:ugiat", "tags": [ @@ -878,10 +659,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178340217Z" + "version": "8.2.0" }, "message": "bore 2018-12-7T4:17:40.ptate teir7585.www5.localdomain CylancePROTECT quu xeac [llitanim] Event Type: AuditLog, Event Name: SystemSecurity, Message: Devices: oreverit, User: scip Finibus (Utenimad)", "tags": [ @@ -890,10 +668,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178341344Z" + "version": "8.2.0" }, "message": "Dec 21 11:20:14 hen1901.example CylancePROTECT Event Type:ali, Event Name:SyslogSettingsSave, Device Name:quunt, External Device Type:itasp, External Device Vendor ID:qui, External Device Name:equeporr, External Device Product ID:met, External Device Serial Number:volup, Zone Names:ptate, Device Id: entsu, Policy Name: conse", "tags": [ @@ -902,10 +677,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178342318Z" + "version": "8.2.0" }, "message": "Jan 5 6:22:49 mag4267.www.test CylancePROTECT Event Type:atura, Event Name:Alert, Device Message: Device: oreeu User: ),nvo (iamqui tassita Zone Names: colabori Device Id: imidestl", "tags": [ @@ -914,10 +686,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178343282Z" + "version": "8.2.0" }, "message": "2019-1-19T1:25:23.minimve serrorsi1096.www5.localdomain CylancePROTECT lamco cit [siar] Event Type: AuditLog, Event Name: ZoneAddDevice, Message: The Device: reetdo was auto assigned to the Zone: IP Address: Fake Devices, User: ()ever", "tags": [ @@ -926,10 +695,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178344241Z" + "version": "8.2.0" }, "message": "quiav 2019-2-2T8:27:57.mse prehen4807.mail.invalid CylancePROTECT liqua ariatur [labo] Event Type: DeviceControl, Event Name: SystemSecurity, Device Name: remq, External Device Type: unt, External Device Vendor ID: tla, External Device Name: arch, External Device Product ID: lite, External Device Serial Number: ugia, Zone Names: meum", "tags": [ @@ -938,10 +704,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178345236Z" + "version": "8.2.0" }, "message": "Feb 17 3:30:32 nvolupta126.www.domain CylancePROTECT Event Type:quas, Event Name:threat_found, Device Name:orp, File Path:ender, Interpreter:dico, Interpreter Version:1.5848, Zone Names:Utenima, User Name: olore", "tags": [ @@ -950,10 +713,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178346197Z" + "version": "8.2.0" }, "message": "3-March-2019 10:33:06 medium radip4253.www.corp gna \u003c\u003cici\u003equamnih 2019-3-3T10:33:06.asnulap yCiceroi5998.mail.home CylancePROTECT inc tect uiad Event Type: DeviceControl, Event Name: DeviceRemove, Device Name: roinBCSe, External Device Type: maperiam, External Device Vendor ID: mSec, External Device Name: smoditem, External Device Product ID: tatisetq, External Device Serial Number: uidolo, Zone Names: umdolore", "tags": [ @@ -962,10 +722,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178347168Z" + "version": "8.2.0" }, "message": "2019-3-17T5:35:40.abori sit1400.www.lan CylancePROTECT ames amni [tatio] Event Type: AuditLog, Event Name: ZoneAdd, Message: Zone: ntsunti; Policy: borios; Value: ani, User: uid idatat (onev)", "tags": [ @@ -974,10 +731,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178348151Z" + "version": "8.2.0" }, "message": "iosamni 2019-4-1T12:38:14.idu sis3986.internal.lan CylancePROTECT tsedquia its umdolor Event Type: isiu, Event Name: Device Policy Assigned, Device Name: mmodi, Agent Version: snostr, IP Address: (10.232.90.3), MAC Address: (01:00:5e:e6:a6:a2), Logged On Users: (midestl), OS: nci", "tags": [ @@ -986,10 +740,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178349118Z" + "version": "8.2.0" }, "message": "hilmole 2019-4-15T7:40:49.sequ sectetu7182.localdomain CylancePROTECT dolor lorumwri [amnihil] Event Type: orissus, Event Name: Device Updated, uido", "tags": [ @@ -998,10 +749,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178350073Z" + "version": "8.2.0" }, "message": "2019-4-29T2:43:23.itse officiad4982.www5.domain CylancePROTECT lumqui quiavolu [upta] Event Type: AuditLog, Event Name: ZoneAdd, Message: Device: umtota; User: etdolore magnaa (sumquiad)", "tags": [ @@ -1010,10 +758,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178351023Z" + "version": "8.2.0" }, "message": "2019-5-13T9:45:57.Duisa consequa1486.internal.localdomain CylancePROTECT aevitaed byCic [leumiur] Event Type: ptatemse, Event Name: pechange, Threat Class: quaeratv, Threat Subclass: involu, SHA256: tobeata, MD5: nesciun", "tags": [ @@ -1022,10 +767,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178351976Z" + "version": "8.2.0" }, "message": "onorumet 2019-5-28T4:48:31.ptatema eavolup6981.www5.example CylancePROTECT psaquaea rchit psumq Event Type: DeviceControl, Event Name: threat_changed, Device Name: lum, External Device Type: xerc, External Device Vendor ID: ctetura, External Device Name: msequ, External Device Product ID: nvol, External Device Serial Number: enimadmi, Zone Names: tateveli", "tags": [ @@ -1034,10 +776,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178355702Z" + "version": "8.2.0" }, "message": "2019-6-11T11:51:06.oremip its6443.mail.example CylancePROTECT natuserr ostrudex [nse] Event Type: miurere, Event Name: fullaccess, Device Name: tlabo, Agent Version: tatemse, IP Address: (10.139.80.71), MAC Address: (01:00:5e:bc:c1:21), Logged On Users: (orem), OS: eniamqui", "tags": [ @@ -1046,10 +785,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178356908Z" + "version": "8.2.0" }, "message": "25-June-2019 18:53:40 high tnulapa7580.www.domain adeser \u003c\u003cuasiarc\u003edoeiu 2019-6-25T6:53:40.onsectet dentsunt6061.www5.home CylancePROTECT tobeata imven onnumqua Event Type: quioff, Event Name: SyslogSettingsSave, Device Names: (upt), Policy Name: atatnonp, User: nvol dtemp (mquis)", "tags": [ @@ -1058,10 +794,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178357863Z" + "version": "8.2.0" }, "message": "10-July-2019 01:56:14 medium midest133.www5.example tocca \u003c\u003corsitvol\u003entor 2019-7-10T1:56:14.oinBCSed oid218.api.invalid CylancePROTECT roquisqu ariat midestl Event Type: AuditLog, Event Name: SyslogSettingsSave, Message: mcorpori, User: mqu pteursi (orsitam)", "tags": [ @@ -1070,10 +803,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178358820Z" + "version": "8.2.0" }, "message": "totamre 2019-7-24T8:58:48.rpo velites4233.internal.home CylancePROTECT uisaute uun end Event Type: odocons, Event Name: Alert, Threat Class: asp, Threat Subclass: dexercit, SHA256: amn, MD5: itessequ", "tags": [ @@ -1082,10 +812,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178359775Z" + "version": "8.2.0" }, "message": "7-August-2019 16:01:23 low sumd3215.test aUtenima \u003c\u003cturQuis\u003etaevi 2019-8-7T4:01:23.uames tconsec7604.corp CylancePROTECT laboree udantiu [itametco] Event Type: Threat, Event Name: Alert, Device Name: stiaecon, IP Address: (10.223.246.244), File Name: itl, Path: ttenb, Drive Type: olor, SHA256: quiav, MD5: gna, Status: Nem, Cylance Score: 105.845000, Found Date: lors, File Type: oluptat, Is Running: enimad, Auto Run: tis, Detected By: qua, Zone Names: con, Is Malware: tore, Is Unique To Cylance: sequatD, Threat Classification: ercitati", "tags": [ @@ -1094,10 +821,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178360756Z" + "version": "8.2.0" }, "message": "21-Aug-2019 11:03:57 high oeiusmo5035.api.local tconse \u003c\u003crem\u003etseddoei 21T23:03:57.teursint etMa3452.www5.test CylancePROTECT Event Name:threat_found, Device Name:nturmag, File Path:uredol, Interpreter:maliqua, Interpreter Version:1.4613, Zone Names:mquia, User Name: omnisi, Device Id: etMalor, Policy Name: mco", "tags": [ @@ -1106,10 +830,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178361724Z" + "version": "8.2.0" }, "message": "5-September-2019 06:06:31 high taspe1205.mail.domain cti \u003c\u003commodoc\u003ense 2019-9-5T6:06:31.mveniam tuser2694.internal.invalid CylancePROTECT tlaboru aeabillo [ciad] Event Type: ugiatqu, Event Name: threat_found, Device Names: (turveli), Policy Name: isciv, User: natus boreet (luptasnu)", "tags": [ @@ -1118,10 +839,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178362696Z" + "version": "8.2.0" }, "message": "edqu 2019-9-19T1:09:05.tationu gnaaliq5240.api.test CylancePROTECT nula ameaquei [gnama] Event Type: esciun, Event Name: pechange, Threat Class: ratvo, Threat Subclass: ntutl, SHA256: volupt, MD5: ine", "tags": [ @@ -1130,10 +848,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178363667Z" + "version": "8.2.0" }, "message": "3-Oct-2019 8:11:40 low ditaut33.mail.localhost iumdo \u003c\u003coreeu\u003emea 3T20:11:40.ssec illum2625.test CylancePROTECT Event Name:LoginSuccess, Threat Class:iaeconse, Threat Subclass:uisa, SHA256:nimadmin, MD5:tdolo", "tags": [ @@ -1142,10 +857,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178364670Z" + "version": "8.2.0" }, "message": "18-October-2019 03:14:14 high porissus1225.www5.corp ddoe \u003c\u003cuptateve\u003eured 2019-10-18T3:14:14.ctetu oreeu6419.www.corp CylancePROTECT cul iinea snos Event Type: AuditLog, Event Name: PolicyAdd, Message: Device: moenimip; User: uames tium (ianonn)", "tags": [ @@ -1154,10 +866,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178365630Z" + "version": "8.2.0" }, "message": "2019-11-1T10:16:48.tiset sci333.mail.home CylancePROTECT doloreeu lors eumfu Event Type: docons, Event Name: PolicyAdd, Device Names: (eumf), Policy Name: roquisq, User: uasi maveniam (uis)", "tags": [ @@ -1166,10 +875,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178366594Z" + "version": "8.2.0" }, "message": "imi 2019-11-15T5:19:22.animi edutpers6452.api.host CylancePROTECT ntiumt sumquia vento Event Type: sitv, Event Name: LoginSuccess, Threat Class: com, Threat Subclass: rep, SHA256: mveni, MD5: aquae", "tags": [ @@ -1178,10 +884,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178367554Z" + "version": "8.2.0" }, "message": "30-November-2019 00:21:57 low iaturE3103.api.domain aturve \u003c\u003cptateve\u003eiatu 2019/11/30T00:21:57.use nulamc5617.mail.host CylancePROTECT teturad ese [eddoei] Event Type: AppControl, Event Name: SystemSecurity, Device Name: ntu, IP Address: (10.134.137.205), Action: deny, Action Type: duntut, File Path: emporin, SHA256: oreseosq, Zone Names: etquasia", "tags": [ @@ -1190,10 +893,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:11:28.178368511Z" + "version": "8.2.0" }, "message": "2019-12-14T7:24:31.cinge tatem4713.internal.host CylancePROTECT elites pariat [nimip] Event Type: AuditLog, Event Name: threat_found, Message: Zone: usci; Policy: unturmag; Value: dexeaco, User: lupta ura (oreeufug)", "tags": [ diff --git a/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml b/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml index ad916a9ba3e..56574c3d331 100644 --- a/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cylance/data_stream/protect/elasticsearch/ingest_pipeline/default.yml @@ -2,13 +2,9 @@ description: Pipeline for CylanceProtect processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/cylance/data_stream/protect/sample_event.json b/packages/cylance/data_stream/protect/sample_event.json index b62c8e69f0a..37f507198b9 100644 --- a/packages/cylance/data_stream/protect/sample_event.json +++ b/packages/cylance/data_stream/protect/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/cylance/manifest.yml b/packages/cylance/manifest.yml index 689d2d13b1f..9fb7f09ff4d 100644 --- a/packages/cylance/manifest.yml +++ b/packages/cylance/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cylance title: CylanceProtect Logs -version: 0.7.0 +version: 0.8.0 description: Collect logs from CylanceProtect devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/f5/_dev/build/build.yml b/packages/f5/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/f5/_dev/build/build.yml +++ b/packages/f5/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/f5/changelog.yml b/packages/f5/changelog.yml index 06bb6a7c1a9..285606778d7 100644 --- a/packages/f5/changelog.yml +++ b/packages/f5/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "0.8.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json b/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json index 829df6e0342..61615bfc9cb 100644 --- a/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/f5/data_stream/bigipafm/_dev/test/pipeline/test-generated.log-expected.json @@ -2,10 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450052956Z" + "version": "8.2.0" }, "message": "iusm modtempo olab6078.home olaboris tur itv [F5@odoco acl_policy_name=ria acl_policy_type=min acl_rule_name=ite action=Closed hostname=tatemac3541.api.corp bigip_mgmt_ip=10.228.193.207 context_name=liqua context_type=ciade date_time=Jan 29 2016 06:09:59 dest_ip=10.125.114.51 dst_geo=umq dest_port=2288 device_product=pexe device_vendor=nes device_version=1.2262 drop_reason=reveri errdefs_msgno=boNemoe errdefs_msg_name=equepor flow_id=eni ip_protocol=ipv6 severity=low partition_name=ehend route_domain=ritquiin sa_translation_pool=umqui sa_translation_type=reeufugi source_ip=10.208.121.85 src_geo=sperna source_port=884 source_user=billoi translated_dest_ip=10.165.201.71 translated_dest_port=6153 translated_ip_protocol=tatemU translated_route_domain=deF translated_source_ip=10.11.196.142 translated_source_port=5222 translated_vlan=iatnu vlan=3810", "tags": [ @@ -14,10 +11,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450056443Z" + "version": "8.2.0" }, "message": "eporr quipexe alo4540.example umdo itessequ vol [F5@luptat acl_policy_name=isiutal acl_policy_type=moenimi acl_rule_name=mod action=Established hostname=enatus2114.mail.home bigip_mgmt_ip=10.51.132.10 context_name=utper context_type=squame date_time=Feb 12 2016 13:12:33 dest_ip=10.173.116.41 dst_geo=iin dest_port=6287 device_product=emape device_vendor=aer device_version=1.445 drop_reason=nse errdefs_msgno=eumiu errdefs_msg_name=uame flow_id=quis ip_protocol=tcp severity=medium partition_name=cca route_domain=dolo sa_translation_pool=meumfug sa_translation_type=tetu source_ip=10.162.9.235 src_geo=tionulam source_port=2548 source_user=byC translated_dest_ip=10.94.67.230 translated_dest_port=783 translated_ip_protocol=atio translated_route_domain=uipexea translated_source_ip=10.92.202.200 translated_source_port=6772 translated_vlan=eFini vlan=859", "tags": [ @@ -26,10 +20,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450057509Z" + "version": "8.2.0" }, "message": "exe iatu ionofde2424.api.invalid rsitam ommodic mipsu [F5@consec acl_policy_name=taliquip acl_policy_type=psumq acl_rule_name=atcup action=Reject hostname=gelit6728.api.invalid bigip_mgmt_ip=10.122.116.161 context_name=uam context_type=untutl date_time=Feb 26 2016 20:15:08 dest_ip=10.40.68.117 dst_geo=uptassi dest_port=3179 device_product=scivel device_vendor=aqui device_version=1.4726 drop_reason=iveli errdefs_msgno=llumd errdefs_msg_name=enatuse flow_id=magn ip_protocol=icmp severity=low partition_name=eos route_domain=enimad sa_translation_pool=rmagni sa_translation_type=sit source_ip=10.209.155.149 src_geo=tenima source_port=1073 source_user=seq translated_dest_ip=10.82.56.117 translated_dest_port=2935 translated_ip_protocol=veleumi translated_route_domain=tia translated_source_ip=10.191.68.244 translated_source_port=6905 translated_vlan=veri vlan=5990", "tags": [ @@ -38,10 +29,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450058435Z" + "version": "8.2.0" }, "message": "siutaliq exercit tempor4496.www.localdomain eip lupta iusmodt [F5@doloreeu acl_policy_name=pori acl_policy_type=occ acl_rule_name=ect action=Accept hostname=uid545.www5.localhost bigip_mgmt_ip=10.12.44.169 context_name=autfu context_type=natura date_time=Mar 12 2016 03:17:42 dest_ip=10.163.217.10 dst_geo=untNequ dest_port=5075 device_product=nimadmin device_vendor=erep device_version=1.2696 drop_reason=temq errdefs_msgno=ugiatqu errdefs_msg_name=eacomm flow_id=Utenimad ip_protocol=igmp severity=high partition_name=ehend route_domain=ueipsaqu sa_translation_pool=uidolore sa_translation_type=niamqu source_ip=10.202.66.28 src_geo=tevelit source_port=5098 source_user=elits translated_dest_ip=10.131.233.27 translated_dest_port=5037 translated_ip_protocol=ari translated_route_domain=eataevit translated_source_ip=10.50.112.141 translated_source_port=7303 translated_vlan=dmi vlan=499", "tags": [ @@ -50,10 +38,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450059332Z" + "version": "8.2.0" }, "message": "mquisnos loremagn iciade3433.example enimad incididu eci [F5@aali acl_policy_name=ametcons acl_policy_type=porainc acl_rule_name=amquisno action=Established hostname=emquiavo452.internal.localhost bigip_mgmt_ip=10.151.111.38 context_name=tvol context_type=moll date_time=Mar 26 2016 10:20:16 dest_ip=10.228.149.225 dst_geo=ema dest_port=5969 device_product=tquovol device_vendor=ntsuntin device_version=1.3341 drop_reason=tatno errdefs_msgno=imav errdefs_msg_name=ididu flow_id=ciunt ip_protocol=ipv6-icmp severity=very-high partition_name=emqu route_domain=lit sa_translation_pool=iam sa_translation_type=qua source_ip=10.159.182.171 src_geo=umdolore source_port=6680 source_user=mol translated_dest_ip=10.96.35.212 translated_dest_port=3982 translated_ip_protocol=rumet translated_route_domain=oll translated_source_ip=10.206.197.113 translated_source_port=4075 translated_vlan=temUten vlan=4125", "tags": [ @@ -62,10 +47,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450060230Z" + "version": "8.2.0" }, "message": "iqu ollit usan6343.www5.domain olo uaera sitas [F5@ehenderi acl_policy_name=pidatat acl_policy_type=gni acl_rule_name=tquiinea action=Drop hostname=sun1403.www.invalid bigip_mgmt_ip=10.126.177.162 context_name=eriame context_type=lorema date_time=Apr 09 2016 17:22:51 dest_ip=10.213.82.64 dst_geo=rnatura dest_port=3007 device_product=ddoeiu device_vendor=enb device_version=1.6179 drop_reason=onse errdefs_msgno=liq errdefs_msg_name=metcon flow_id=smo ip_protocol=igmp severity=medium partition_name=emporinc route_domain=untutlab sa_translation_pool=tem sa_translation_type=ons source_ip=10.213.113.28 src_geo=ali source_port=6446 source_user=ist translated_dest_ip=10.169.144.147 translated_dest_port=2399 translated_ip_protocol=nibus translated_route_domain=edquiano translated_source_ip=10.89.163.114 translated_source_port=5166 translated_vlan=par vlan=686", "tags": [ @@ -74,10 +56,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450061206Z" + "version": "8.2.0" }, "message": "rveli rsint omm4276.www.example onofd taed lup [F5@remeumf acl_policy_name=antiumto acl_policy_type=strude acl_rule_name=ctetura action=Closed hostname=ittenbyC7838.api.localdomain bigip_mgmt_ip=10.18.124.28 context_name=ido context_type=paqu date_time=Apr 24 2016 00:25:25 dest_ip=10.158.194.3 dst_geo=qua dest_port=2945 device_product=quip device_vendor=oin device_version=1.6316 drop_reason=elaudant errdefs_msgno=tinvol errdefs_msg_name=dolore flow_id=abor ip_protocol=udp severity=medium partition_name=etc route_domain=etM sa_translation_pool=nimadmin sa_translation_type=ditautfu source_ip=10.146.88.52 src_geo=entsu source_port=5364 source_user=rudexerc translated_dest_ip=10.101.223.43 translated_dest_port=6494 translated_ip_protocol=quam translated_route_domain=adm translated_source_ip=10.103.107.47 translated_source_port=6094 translated_vlan=Nemoen vlan=2827", "tags": [ @@ -86,10 +65,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450062158Z" + "version": "8.2.0" }, "message": "icab mwr fugi4637.www.lan imadmini ntutla equa [F5@mexercit acl_policy_name=dtem acl_policy_type=tasuntex acl_rule_name=sunt action=Reject hostname=ume465.corp bigip_mgmt_ip=10.189.109.245 context_name=emaperi context_type=tame date_time=May 08 2016 07:27:59 dest_ip=10.83.234.60 dst_geo=ivelits dest_port=712 device_product=iusmodt device_vendor=etdolo device_version=1.3768 drop_reason=lorumw errdefs_msgno=ommod errdefs_msg_name=sequatur flow_id=uidolo ip_protocol=ipv6-icmp severity=high partition_name=nihi route_domain=Lor sa_translation_pool=itecto sa_translation_type=erc source_ip=10.69.57.206 src_geo=olupt source_port=5979 source_user=onse translated_dest_ip=10.110.99.17 translated_dest_port=6888 translated_ip_protocol=ostrume translated_route_domain=molest translated_source_ip=10.150.220.75 translated_source_port=1298 translated_vlan=tisetq vlan=5372", "tags": [ @@ -98,10 +74,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450063042Z" + "version": "8.2.0" }, "message": "ici giatquov eritquii3561.www.example taut oreseos uames [F5@tati acl_policy_name=utaliqu acl_policy_type=oriosamn acl_rule_name=deFinibu action=Drop hostname=iciatisu1463.www5.localdomain bigip_mgmt_ip=10.153.136.222 context_name=tem context_type=est date_time=May 22 2016 14:30:33 dest_ip=10.176.205.96 dst_geo=nidolo dest_port=3409 device_product=taliq device_vendor=intoccae device_version=1.2299 drop_reason=dolo errdefs_msgno=Loremip errdefs_msg_name=idolor flow_id=emeumfu ip_protocol=ipv6-icmp severity=very-high partition_name=lupt route_domain=psaquae sa_translation_pool=oinBCSe sa_translation_type=mnisist source_ip=10.199.34.241 src_geo=amvolup source_port=7700 source_user=temveleu translated_dest_ip=10.19.194.101 translated_dest_port=3605 translated_ip_protocol=numqu translated_route_domain=qui translated_source_ip=10.121.219.204 translated_source_port=3496 translated_vlan=utali vlan=3611", "tags": [ @@ -110,10 +83,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450064161Z" + "version": "8.2.0" }, "message": "reetd lumqui itinvo7084.mail.corp equep iavolu den [F5@tutla acl_policy_name=olorema acl_policy_type=iades acl_rule_name=siarchi action=Reject hostname=aliqu6801.api.localdomain bigip_mgmt_ip=10.46.27.57 context_name=ihilm context_type=atDu date_time=Jun 05 2016 21:33:08 dest_ip=10.128.232.208 dst_geo=usmodt dest_port=1837 device_product=run device_vendor=mque device_version=1.4138 drop_reason=quirat errdefs_msgno=llu errdefs_msg_name=licab flow_id=eirure ip_protocol=rdp severity=medium partition_name=oidentsu route_domain=atiset sa_translation_pool=atu sa_translation_type=umexerci source_ip=10.64.141.105 src_geo=iadese source_port=2374 source_user=ice translated_dest_ip=10.57.103.192 translated_dest_port=2716 translated_ip_protocol=oei translated_route_domain=tlabori translated_source_ip=10.182.199.231 translated_source_port=1426 translated_vlan=data vlan=4478", "tags": [ @@ -122,10 +92,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450065117Z" + "version": "8.2.0" }, "message": "nnum eritqu uradip7152.www5.home luptasn hitect dol [F5@leumiu acl_policy_name=namali acl_policy_type=taevit acl_rule_name=rinrepre action=Closed hostname=itame189.domain bigip_mgmt_ip=10.32.67.231 context_name=estia context_type=eaq date_time=Jun 20 2016 04:35:42 dest_ip=10.66.80.221 dst_geo=serunt dest_port=7865 device_product=texp device_vendor=tMalor device_version=1.7410 drop_reason=emoe errdefs_msgno=eaq errdefs_msg_name=amest flow_id=corp ip_protocol=tcp severity=low partition_name=rehender route_domain=iae sa_translation_pool=dantiumt sa_translation_type=luptasn source_ip=10.164.6.207 src_geo=olestiae source_port=5485 source_user=pic translated_dest_ip=10.160.210.31 translated_dest_port=7741 translated_ip_protocol=duntut translated_route_domain=magni translated_source_ip=10.3.134.237 translated_source_port=3156 translated_vlan=radipisc vlan=7020", "tags": [ @@ -134,10 +101,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450066202Z" + "version": "8.2.0" }, "message": "fficiade uscipit vitaedi1318.corp temqu edol colab [F5@ommodico acl_policy_name=quatD acl_policy_type=mcolab acl_rule_name=neav action=Established hostname=tsedqu2456.www5.invalid bigip_mgmt_ip=10.182.178.217 context_name=tlab context_type=volupt date_time=Jul 04 2016 11:38:16 dest_ip=10.188.169.107 dst_geo=beata dest_port=6448 device_product=fdeFi device_vendor=texp device_version=1.3545 drop_reason=etdol errdefs_msgno=uela errdefs_msg_name=boN flow_id=eprehend ip_protocol=tcp severity=medium partition_name=aboN route_domain=ihilmo sa_translation_pool=radi sa_translation_type=gel source_ip=10.235.101.253 src_geo=veniam source_port=2400 source_user=giatnu translated_dest_ip=10.42.138.192 translated_dest_port=3403 translated_ip_protocol=quioffi translated_route_domain=uptate translated_source_ip=10.201.6.10 translated_source_port=6608 translated_vlan=sequa vlan=2851", "tags": [ @@ -146,10 +110,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450067196Z" + "version": "8.2.0" }, "message": "ate aliquam nimid893.mail.corp umwr oluptate issus [F5@osamn acl_policy_name=isnisiu acl_policy_type=bore acl_rule_name=tsu action=Closed hostname=stlabo1228.mail.host bigip_mgmt_ip=10.151.161.70 context_name=edo context_type=asia date_time=Jul 18 2016 18:40:50 dest_ip=10.108.167.93 dst_geo=enderit dest_port=5858 device_product=essecil device_vendor=citation device_version=1.3795 drop_reason=eco errdefs_msgno=Utenimad errdefs_msg_name=orpor flow_id=tlabo ip_protocol=rdp severity=low partition_name=emvel route_domain=tmollita sa_translation_pool=fde sa_translation_type=nsecte source_ip=10.22.102.198 src_geo=eroi source_port=176 source_user=nse translated_dest_ip=10.194.247.171 translated_dest_port=4940 translated_ip_protocol=mquisnos translated_route_domain=maven translated_source_ip=10.86.101.235 translated_source_port=3266 translated_vlan=lapar vlan=1024", "tags": [ @@ -158,10 +119,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450068113Z" + "version": "8.2.0" }, "message": "tfu udan orema6040.api.corp mveleu nofdeFin sequam [F5@temvel acl_policy_name=ris acl_policy_type=nisi acl_rule_name=dant action=Reject hostname=ecte4762.local bigip_mgmt_ip=10.204.35.15 context_name=quidolor context_type=tessec date_time=Aug 02 2016 01:43:25 dest_ip=10.135.160.125 dst_geo=mve dest_port=513 device_product=itatio device_vendor=uta device_version=1.4901 drop_reason=sintoc errdefs_msgno=volupt errdefs_msg_name=siste flow_id=uiinea ip_protocol=icmp severity=low partition_name=volupta route_domain=rcitati sa_translation_pool=eni sa_translation_type=ionevo source_ip=10.174.252.105 src_geo=sperna source_port=5368 source_user=mnisi translated_dest_ip=10.107.168.60 translated_dest_port=2227 translated_ip_protocol=oinBC translated_route_domain=quameius translated_source_ip=10.167.172.155 translated_source_port=3544 translated_vlan=etdo vlan=706", "tags": [ @@ -170,10 +128,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450069010Z" + "version": "8.2.0" }, "message": "ese isaute ptatemq95.api.host Nequepo ipsumd ntocc [F5@uteirure acl_policy_name=nevo acl_policy_type=ide acl_rule_name=aali action=Drop hostname=smo7167.www.test bigip_mgmt_ip=10.214.249.164 context_name=tco context_type=uae date_time=Aug 16 2016 08:45:59 dest_ip=10.187.20.98 dst_geo=quinesc dest_port=6218 device_product=santiumd device_vendor=turadip device_version=1.3427 drop_reason=niamqui errdefs_msgno=orem errdefs_msg_name=sno flow_id=atno ip_protocol=ipv6-icmp severity=high partition_name=volu route_domain=nonn sa_translation_pool=inventor sa_translation_type=quiavol source_ip=10.99.249.210 src_geo=iatisu source_port=6684 source_user=upta translated_dest_ip=10.182.191.174 translated_dest_port=1759 translated_ip_protocol=adm translated_route_domain=leumiur translated_source_ip=10.81.26.208 translated_source_port=7651 translated_vlan=isc vlan=5933", "tags": [ @@ -182,10 +137,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450069902Z" + "version": "8.2.0" }, "message": "tobea tor qui4499.api.local fugiatn docon etconsec [F5@ios acl_policy_name=evolu acl_policy_type=ersp acl_rule_name=tquov action=Drop hostname=sauteiru4554.api.domain bigip_mgmt_ip=10.220.5.143 context_name=com context_type=tnulapa date_time=Aug 30 2016 15:48:33 dest_ip=10.108.85.148 dst_geo=eriti dest_port=2201 device_product=norum device_vendor=madmi device_version=1.1766 drop_reason=sequatu errdefs_msgno=quameius errdefs_msg_name=nisiuta flow_id=roid ip_protocol=icmp severity=very-high partition_name=eprehen route_domain=entor sa_translation_pool=xeacomm sa_translation_type=nihil source_ip=10.101.226.128 src_geo=rsitv source_port=3087 source_user=porro translated_dest_ip=10.88.101.53 translated_dest_port=2458 translated_ip_protocol=tatemUt translated_route_domain=modtemp translated_source_ip=10.201.238.90 translated_source_port=2715 translated_vlan=remag vlan=3759", "tags": [ @@ -194,10 +146,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450070978Z" + "version": "8.2.0" }, "message": "ccaecat tquiin tse4198.www.localdomain ptasn taedicta itam [F5@str acl_policy_name=idolore acl_policy_type=pid acl_rule_name=illoin action=Reject hostname=untut4046.internal.domain bigip_mgmt_ip=10.217.150.196 context_name=uine context_type=udant date_time=Sep 13 2016 22:51:07 dest_ip=10.183.59.41 dst_geo=untu dest_port=5676 device_product=ven device_vendor=con device_version=1.7491 drop_reason=amnih errdefs_msgno=ium errdefs_msg_name=esciuntN flow_id=idunt ip_protocol=udp severity=low partition_name=rQu route_domain=oremeu sa_translation_pool=laudant sa_translation_type=isnost source_ip=10.157.18.252 src_geo=itess source_port=52 source_user=evit translated_dest_ip=10.30.133.66 translated_dest_port=1921 translated_ip_protocol=velitse translated_route_domain=oditem translated_source_ip=10.243.218.215 translated_source_port=662 translated_vlan=rsitvolu vlan=3751", "tags": [ @@ -206,10 +155,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450071894Z" + "version": "8.2.0" }, "message": "sumdolor meaqueip npr4414.api.localdomain boNem ess ipisci [F5@gitsed acl_policy_name=tqu acl_policy_type=reprehen acl_rule_name=trumexer action=Accept hostname=quid3147.mail.home bigip_mgmt_ip=10.66.181.6 context_name=epre context_type=tobeata date_time=Sep 28 2016 05:53:42 dest_ip=10.181.53.249 dst_geo=iduntu dest_port=1655 device_product=temUt device_vendor=avol device_version=1.752 drop_reason=essequam errdefs_msgno=acommo errdefs_msg_name=nturma flow_id=str ip_protocol=ipv6 severity=high partition_name=etur route_domain=itecto sa_translation_pool=reetdol sa_translation_type=totamre source_ip=10.148.161.250 src_geo=ciadeser source_port=6135 source_user=adipisc translated_dest_ip=10.181.133.187 translated_dest_port=1079 translated_ip_protocol=aquioffi translated_route_domain=tamet translated_source_ip=10.167.227.44 translated_source_port=6595 translated_vlan=eFi vlan=6733", "tags": [ @@ -218,10 +164,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450072800Z" + "version": "8.2.0" }, "message": "its ender riamea1540.www.host seq tutlab sau [F5@atevelit acl_policy_name=meius acl_policy_type=billo acl_rule_name=labo action=Reject hostname=umdolo1029.mail.localhost bigip_mgmt_ip=10.54.17.32 context_name=orumSe context_type=ratv date_time=Oct 12 2016 12:56:16 dest_ip=10.119.81.180 dst_geo=psaquaea dest_port=1348 device_product=nts device_vendor=siut device_version=1.5663 drop_reason=ano errdefs_msgno=piscinge errdefs_msg_name=tvol flow_id=velitess ip_protocol=ipv6 severity=high partition_name=uunturm route_domain=temUte sa_translation_pool=sit sa_translation_type=olab source_ip=10.84.163.178 src_geo=ima source_port=2031 source_user=mquisno translated_dest_ip=10.107.9.163 translated_dest_port=5433 translated_ip_protocol=eacommod translated_route_domain=ctetura translated_source_ip=10.74.11.43 translated_source_port=55 translated_vlan=seosqui vlan=6797", "tags": [ @@ -230,10 +173,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450073701Z" + "version": "8.2.0" }, "message": "uradi tot llamco7206.www.home oremagna ncididun umSe [F5@xeacomm acl_policy_name=cinge acl_policy_type=itla acl_rule_name=iamquis action=Accept hostname=lorsita2019.internal.home bigip_mgmt_ip=10.192.229.221 context_name=ect context_type=modocons date_time=Oct 26 2016 19:58:50 dest_ip=10.199.194.188 dst_geo=odoconse dest_port=228 device_product=quatu device_vendor=veli device_version=1.5726 drop_reason=nonp errdefs_msgno=labo errdefs_msg_name=ulapar flow_id=aboreetd ip_protocol=igmp severity=low partition_name=llitanim route_domain=invo sa_translation_pool=hit sa_translation_type=urv source_ip=10.112.32.213 src_geo=runtmol source_port=1749 source_user=odi translated_dest_ip=10.184.73.211 translated_dest_port=6540 translated_ip_protocol=esseci translated_route_domain=tametcon translated_source_ip=10.230.129.252 translated_source_port=3947 translated_vlan=isis vlan=4917", "tags": [ @@ -242,10 +182,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450074652Z" + "version": "8.2.0" }, "message": "utlab emUteni rum959.host velillu cteturad bor [F5@rauto acl_policy_name=ationev acl_policy_type=umdolor acl_rule_name=uaUten action=Reject hostname=paquioff624.mail.invalid bigip_mgmt_ip=10.161.148.64 context_name=ibusBon context_type=ven date_time=Nov 10 2016 03:01:24 dest_ip=10.162.114.217 dst_geo=doloreme dest_port=60 device_product=onemulla device_vendor=evitaed device_version=1.1721 drop_reason=suntin errdefs_msgno=itse errdefs_msg_name=umexerc flow_id=oremipsu ip_protocol=ipv6-icmp severity=medium partition_name=amco route_domain=ssecillu sa_translation_pool=liqua sa_translation_type=olo source_ip=10.199.216.143 src_geo=fdeF source_port=593 source_user=ccaeca translated_dest_ip=10.198.213.189 translated_dest_port=5024 translated_ip_protocol=remagn translated_route_domain=mquae translated_source_ip=10.7.200.140 translated_source_port=3298 translated_vlan=olupt vlan=2189", "tags": [ @@ -254,10 +191,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450075587Z" + "version": "8.2.0" }, "message": "edquiac urerepr eseru4234.mail.example qua rsita ate [F5@ipsamvo acl_policy_name=onula acl_policy_type=miu acl_rule_name=rationev action=Reject hostname=mex2054.mail.corp bigip_mgmt_ip=10.65.232.27 context_name=ica context_type=lillum date_time=Nov 24 2016 10:03:59 dest_ip=10.199.40.38 dst_geo=taedicta dest_port=3409 device_product=poriss device_vendor=tvolup device_version=1.1000 drop_reason=siu errdefs_msgno=snost errdefs_msg_name=tpersp flow_id=llamc ip_protocol=tcp severity=very-high partition_name=mvel route_domain=nof sa_translation_pool=usmodi sa_translation_type=mvolu source_ip=10.206.96.56 src_geo=aincidu source_port=2687 source_user=uaeab translated_dest_ip=10.128.157.27 translated_dest_port=1493 translated_ip_protocol=etdolor translated_route_domain=lupta translated_source_ip=10.22.187.69 translated_source_port=3590 translated_vlan=oremi vlan=1485", "tags": [ @@ -266,10 +200,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450076488Z" + "version": "8.2.0" }, "message": "nbyCi tevel usc5760.www5.localdomain cab atisund xea [F5@ites acl_policy_name=isetq acl_policy_type=iutali acl_rule_name=velite action=Closed hostname=avolupt7576.api.corp bigip_mgmt_ip=10.194.210.62 context_name=porincid context_type=atisetqu date_time=Dec 08 2016 17:06:33 dest_ip=10.51.213.42 dst_geo=dipisci dest_port=3449 device_product=ilmol device_vendor=eri device_version=1.3104 drop_reason=ueipsa errdefs_msgno=tae errdefs_msg_name=autodit flow_id=elit ip_protocol=udp severity=high partition_name=plica route_domain=ore sa_translation_pool=quidolor sa_translation_type=inven source_ip=10.71.114.14 src_geo=itsedd source_port=3010 source_user=admin translated_dest_ip=10.68.253.120 translated_dest_port=481 translated_ip_protocol=est translated_route_domain=uptatemU translated_source_ip=10.183.130.225 translated_source_port=5693 translated_vlan=item vlan=2738", "tags": [ @@ -278,10 +209,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450077546Z" + "version": "8.2.0" }, "message": "dat periam dqu6144.api.localhost dutpers erun orisn [F5@reetd acl_policy_name=prehen acl_policy_type=ntutlabo acl_rule_name=iusmodte action=Established hostname=loi7596.www5.home bigip_mgmt_ip=10.31.177.226 context_name=deserun context_type=esseq date_time=Dec 23 2016 00:09:07 dest_ip=10.209.157.8 dst_geo=giatquov dest_port=1918 device_product=enderi device_vendor=ptatem device_version=1.341 drop_reason=fugi errdefs_msgno=labo errdefs_msg_name=nostrud flow_id=gnaal ip_protocol=ggp severity=medium partition_name=cupi route_domain=tame sa_translation_pool=atione sa_translation_type=lores source_ip=10.45.253.103 src_geo=uii source_port=5923 source_user=remagn translated_dest_ip=10.47.255.237 translated_dest_port=2311 translated_ip_protocol=uuntur translated_route_domain=enderit translated_source_ip=10.107.45.175 translated_source_port=4185 translated_vlan=rumSecti vlan=4593", "tags": [ @@ -290,10 +218,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450078477Z" + "version": "8.2.0" }, "message": "atise tate onevo4326.internal.local isnost olorem ido [F5@emqu acl_policy_name=riss acl_policy_type=iquamqua acl_rule_name=sit action=Reject hostname=nsequat1971.internal.invalid bigip_mgmt_ip=10.225.212.189 context_name=mven context_type=olorsit date_time=Jan 06 2017 07:11:41 dest_ip=10.121.239.183 dst_geo=illu dest_port=4875 device_product=turadip device_vendor=tatevel device_version=1.1607 drop_reason=ptassita errdefs_msgno=its errdefs_msg_name=lore flow_id=idol ip_protocol=igmp severity=high partition_name=isn route_domain=sBono sa_translation_pool=loremqu sa_translation_type=tetur source_ip=10.213.94.135 src_geo=tMal source_port=2607 source_user=dquia translated_dest_ip=10.55.105.113 translated_dest_port=3214 translated_ip_protocol=tatione translated_route_domain=nimveni translated_source_ip=10.44.58.106 translated_source_port=1241 translated_vlan=quid vlan=4814", "tags": [ @@ -302,10 +227,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450079405Z" + "version": "8.2.0" }, "message": "eporroq ulla iqu4614.www5.example abore squ uiadol [F5@Duisa acl_policy_name=lupta acl_policy_type=aUt acl_rule_name=boNem action=Reject hostname=ectiono2241.lan bigip_mgmt_ip=10.2.114.9 context_name=rehende context_type=velillu date_time=Jan 20 2017 14:14:16 dest_ip=10.94.139.127 dst_geo=mUten dest_port=1812 device_product=quidolor device_vendor=oqu device_version=1.51 drop_reason=tlaboree errdefs_msgno=norumet errdefs_msg_name=dtempo flow_id=tin ip_protocol=tcp severity=high partition_name=imad route_domain=tinvolup sa_translation_pool=tsed sa_translation_type=inv source_ip=10.163.209.70 src_geo=atu source_port=4718 source_user=olabor translated_dest_ip=10.69.161.78 translated_dest_port=1282 translated_ip_protocol=iruredol translated_route_domain=incidid translated_source_ip=10.255.74.136 translated_source_port=5902 translated_vlan=eaqueips vlan=6396", "tags": [ @@ -314,10 +236,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450080304Z" + "version": "8.2.0" }, "message": "volupta dmi untexpl2847.www5.local eiusmod emoe uiinea [F5@mnisiut acl_policy_name=avolu acl_policy_type=Except acl_rule_name=olup action=Closed hostname=umetMal1664.mail.lan bigip_mgmt_ip=10.46.115.216 context_name=equun context_type=sitvo date_time=Feb 03 2017 21:16:50 dest_ip=10.223.198.146 dst_geo=iciad dest_port=7874 device_product=mad device_vendor=onse device_version=1.380 drop_reason=mipsum errdefs_msgno=lmo errdefs_msg_name=aliquamq flow_id=dtempori ip_protocol=rdp severity=medium partition_name=voluptat route_domain=ugit sa_translation_pool=tatem sa_translation_type=metcons source_ip=10.252.102.110 src_geo=henderit source_port=7829 source_user=perspici translated_dest_ip=10.184.59.148 translated_dest_port=6933 translated_ip_protocol=queips translated_route_domain=midest translated_source_ip=10.12.129.137 translated_source_port=721 translated_vlan=orroqu vlan=472", "tags": [ @@ -326,10 +245,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450081191Z" + "version": "8.2.0" }, "message": "labore uela ntexplic4824.internal.localhost dolorsit archite remq [F5@veniamq acl_policy_name=occ acl_policy_type=oloreseo acl_rule_name=iruredol action=Established hostname=derit5270.mail.local bigip_mgmt_ip=10.105.52.140 context_name=ntexpl context_type=dunt date_time=Feb 18 2017 04:19:24 dest_ip=10.20.55.199 dst_geo=nder dest_port=3238 device_product=itanim device_vendor=nesciun device_version=1.1729 drop_reason=mollita errdefs_msgno=tatem errdefs_msg_name=iae flow_id=quido ip_protocol=ipv6-icmp severity=very-high partition_name=inBC route_domain=mol sa_translation_pool=tur sa_translation_type=ictas source_ip=10.81.184.7 src_geo=saquaea source_port=6344 source_user=eetd translated_dest_ip=10.155.204.243 translated_dest_port=459 translated_ip_protocol=lorsi translated_route_domain=repreh translated_source_ip=10.199.194.79 translated_source_port=7713 translated_vlan=illumqui vlan=3414", "tags": [ @@ -338,10 +254,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450082092Z" + "version": "8.2.0" }, "message": "amali ate idolor3916.www5.home tas autfugi tasun [F5@duntutla acl_policy_name=ntium acl_policy_type=iration acl_rule_name=umwritte action=Closed hostname=orisni5238.mail.lan bigip_mgmt_ip=10.177.238.45 context_name=iumt context_type=tsed date_time=Mar 04 2017 11:21:59 dest_ip=10.249.120.78 dst_geo=unte dest_port=893 device_product=ueipsa device_vendor=scipitl device_version=1.1453 drop_reason=aparia errdefs_msgno=tatnon errdefs_msg_name=leumiur flow_id=tetura ip_protocol=ggp severity=very-high partition_name=oluptat route_domain=metco sa_translation_pool=acom sa_translation_type=ceroinB source_ip=10.110.2.166 src_geo=exeacomm source_port=79 source_user=taliqui translated_dest_ip=10.18.226.72 translated_dest_port=5140 translated_ip_protocol=olupta translated_route_domain=tsuntinc translated_source_ip=10.251.231.142 translated_source_port=872 translated_vlan=urExcep vlan=102", "tags": [ @@ -350,10 +263,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450082997Z" + "version": "8.2.0" }, "message": "suntex iacons occaec7487.corp quaeab fici imve [F5@quide acl_policy_name=quaU acl_policy_type=undeomni acl_rule_name=accusa action=Established hostname=iutali7297.www.domain bigip_mgmt_ip=10.190.122.27 context_name=mporainc context_type=xea date_time=Mar 18 2017 18:24:33 dest_ip=10.123.113.152 dst_geo=billo dest_port=2618 device_product=radipisc device_vendor=Cice device_version=1.6332 drop_reason=vitaed errdefs_msgno=ser errdefs_msg_name=etconsec flow_id=elillum ip_protocol=tcp severity=high partition_name=rnat route_domain=eprehend sa_translation_pool=rem sa_translation_type=edolo source_ip=10.99.202.229 src_geo=eosquira source_port=4392 source_user=lloinven translated_dest_ip=10.100.199.226 translated_dest_port=7617 translated_ip_protocol=apariatu translated_route_domain=lorsita translated_source_ip=10.192.98.247 translated_source_port=4308 translated_vlan=temaccu vlan=5302", "tags": [ @@ -362,10 +272,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450083895Z" + "version": "8.2.0" }, "message": "uptassit ncidi tlabori4803.www5.local oconse mag tob [F5@dolores acl_policy_name=equamnih acl_policy_type=taliqui acl_rule_name=eiu action=Drop hostname=orumw5960.www5.home bigip_mgmt_ip=10.248.111.207 context_name=dolor context_type=tiumto date_time=Apr 02 2017 01:27:07 dest_ip=10.38.28.151 dst_geo=nrepreh dest_port=5251 device_product=equep device_vendor=ever device_version=1.6463 drop_reason=atq errdefs_msgno=erspi errdefs_msg_name=iqu flow_id=niamqu ip_protocol=rdp severity=medium partition_name=icab route_domain=sBonor sa_translation_pool=fugits sa_translation_type=mipsumqu source_ip=10.172.154.97 src_geo=admi source_port=7165 source_user=culpaq translated_dest_ip=10.162.97.197 translated_dest_port=4357 translated_ip_protocol=tcupida translated_route_domain=isa translated_source_ip=10.37.193.70 translated_source_port=170 translated_vlan=tesseq vlan=7693", "tags": [ @@ -374,10 +281,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450084794Z" + "version": "8.2.0" }, "message": "pernat rerepre nculpaq3821.www5.invalid billoinv sci col [F5@obea acl_policy_name=emp acl_policy_type=agnaaliq acl_rule_name=est action=Reject hostname=oinv5493.internal.domain bigip_mgmt_ip=10.36.63.31 context_name=nisiu context_type=imad date_time=Apr 16 2017 08:29:41 dest_ip=10.30.101.79 dst_geo=itasp dest_port=4927 device_product=sitametc device_vendor=onsequa device_version=1.3912 drop_reason=ntmo errdefs_msgno=loreeu errdefs_msg_name=temse flow_id=aspernat ip_protocol=ipv6 severity=very-high partition_name=caecat route_domain=rautod sa_translation_pool=olest sa_translation_type=eataev source_ip=10.171.221.230 src_geo=edquia source_port=1977 source_user=otamr translated_dest_ip=10.222.165.250 translated_dest_port=2757 translated_ip_protocol=amvolu translated_route_domain=mip translated_source_ip=10.45.35.180 translated_source_port=653 translated_vlan=maccusa vlan=7248", "tags": [ @@ -386,10 +290,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450085683Z" + "version": "8.2.0" }, "message": "nimad ataevita oremqu542.internal.localhost uteir boree isn [F5@ulla acl_policy_name=equatDu acl_policy_type=pta acl_rule_name=enbyCi action=Reject hostname=tnonproi195.api.home bigip_mgmt_ip=10.238.4.219 context_name=uide context_type=scivel date_time=Apr 30 2017 15:32:16 dest_ip=10.150.9.246 dst_geo=meumfugi dest_port=7010 device_product=emaperia device_vendor=Section device_version=1.4329 drop_reason=iame errdefs_msgno=orroquis errdefs_msg_name=aquio flow_id=riatu ip_protocol=udp severity=low partition_name=tanimid route_domain=isnostru sa_translation_pool=nofdeFi sa_translation_type=aquioff source_ip=10.1.171.61 src_geo=amnisi source_port=7258 source_user=reetdolo translated_dest_ip=10.199.127.211 translated_dest_port=3598 translated_ip_protocol=ilmole translated_route_domain=ugi translated_source_ip=10.83.238.145 translated_source_port=5392 translated_vlan=emveleum vlan=3661", "tags": [ @@ -398,10 +299,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450086578Z" + "version": "8.2.0" }, "message": "nde abillo undeom845.www5.example quaer eetdo tlab [F5@spernatu acl_policy_name=exercita acl_policy_type=sBonorum acl_rule_name=atems action=Drop hostname=edictasu5362.internal.localhost bigip_mgmt_ip=10.65.141.244 context_name=turmag context_type=ipsaqu date_time=May 14 2017 22:34:50 dest_ip=10.203.69.36 dst_geo=quira dest_port=3091 device_product=ore device_vendor=tation device_version=1.3789 drop_reason=porincid errdefs_msgno=tperspic errdefs_msg_name=equu flow_id=sintoc ip_protocol=rdp severity=very-high partition_name=tetura route_domain=riosamni sa_translation_pool=icta sa_translation_type=luptate source_ip=10.170.252.219 src_geo=iqui source_port=1978 source_user=Nequepo translated_dest_ip=10.44.226.104 translated_dest_port=7020 translated_ip_protocol=nse translated_route_domain=veniam translated_source_ip=10.74.213.42 translated_source_port=5922 translated_vlan=sse vlan=2498", "tags": [ @@ -410,10 +308,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450087615Z" + "version": "8.2.0" }, "message": "inBCSe otamrem tutlabor4180.internal.host consecte pteurs catcupi [F5@autf acl_policy_name=saqu acl_policy_type=uptat acl_rule_name=unt action=Reject hostname=uido492.www5.home bigip_mgmt_ip=10.180.48.221 context_name=lors context_type=aconsequ date_time=May 29 2017 05:37:24 dest_ip=10.33.195.166 dst_geo=sequat dest_port=4596 device_product=utemvel device_vendor=epteur device_version=1.2965 drop_reason=iusm errdefs_msgno=roi errdefs_msg_name=busBonor flow_id=stquido ip_protocol=igmp severity=high partition_name=mnisi route_domain=usmo sa_translation_pool=iamea sa_translation_type=imaveni source_ip=10.183.223.149 src_geo=cor source_port=2648 source_user=nihil translated_dest_ip=10.225.255.211 translated_dest_port=5595 translated_ip_protocol=citati translated_route_domain=uamei translated_source_ip=10.225.141.172 translated_source_port=956 translated_vlan=fugiatn vlan=3309", "tags": [ @@ -422,10 +317,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450088533Z" + "version": "8.2.0" }, "message": "aaliq nat uovolupt307.internal.host serror onse umquam [F5@emagn acl_policy_name=emulla acl_policy_type=mips acl_rule_name=itae action=Established hostname=redo6311.api.invalid bigip_mgmt_ip=10.176.64.28 context_name=olup context_type=remipsu date_time=Jun 12 2017 12:39:58 dest_ip=10.92.6.176 dst_geo=mcorpor dest_port=7420 device_product=autfugit device_vendor=emUte device_version=1.7612 drop_reason=nturmag errdefs_msgno=tura errdefs_msg_name=osquirat flow_id=equat ip_protocol=tcp severity=high partition_name=usantiu route_domain=idunt sa_translation_pool=atqu sa_translation_type=naturau source_ip=10.97.138.181 src_geo=oluptat source_port=7128 source_user=eseruntm translated_dest_ip=10.205.174.181 translated_dest_port=766 translated_ip_protocol=olor translated_route_domain=etquasia translated_source_ip=10.169.123.103 translated_source_port=519 translated_vlan=uisa vlan=6863", "tags": [ @@ -434,10 +326,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450089428Z" + "version": "8.2.0" }, "message": "Cicero evolupta teturadi4718.api.local piscivel hend eacommo [F5@ueip acl_policy_name=maliqu acl_policy_type=iati acl_rule_name=minim action=Established hostname=dolorem1698.www.domain bigip_mgmt_ip=10.75.120.11 context_name=urau context_type=etur date_time=Jun 26 2017 19:42:33 dest_ip=10.20.73.247 dst_geo=laborum dest_port=5749 device_product=xeac device_vendor=umdolors device_version=1.4226 drop_reason=uiadolo errdefs_msgno=empor errdefs_msg_name=umexerci flow_id=duntut ip_protocol=ggp severity=very-high partition_name=prehend route_domain=eufug sa_translation_pool=roquisq sa_translation_type=temporai source_ip=10.53.101.131 src_geo=ici source_port=5097 source_user=tquo translated_dest_ip=10.204.4.40 translated_dest_port=271 translated_ip_protocol=sitvo translated_route_domain=ine translated_source_ip=10.169.101.161 translated_source_port=4577 translated_vlan=ipi vlan=4211", "tags": [ @@ -446,10 +335,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450090426Z" + "version": "8.2.0" }, "message": "exerci idata ese4384.mail.domain rumexerc isiutali iquidexe [F5@illumq acl_policy_name=luptatem acl_policy_type=ite acl_rule_name=tasnul action=Reject hostname=evitae7333.www.lan bigip_mgmt_ip=10.28.51.219 context_name=ess context_type=quiad date_time=Jul 11 2017 02:45:07 dest_ip=10.43.210.236 dst_geo=litanim dest_port=2135 device_product=orsitam device_vendor=modico device_version=1.2990 drop_reason=itatio errdefs_msgno=porinc errdefs_msg_name=riame flow_id=riat ip_protocol=udp severity=very-high partition_name=eriam route_domain=pernat sa_translation_pool=udan sa_translation_type=archi source_ip=10.6.222.112 src_geo=aliqu source_port=780 source_user=onsequu translated_dest_ip=10.156.117.169 translated_dest_port=2939 translated_ip_protocol=agnamal translated_route_domain=quei translated_source_ip=10.87.120.87 translated_source_port=1636 translated_vlan=teni vlan=4967", "tags": [ @@ -458,10 +344,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450091360Z" + "version": "8.2.0" }, "message": "dant etdolor uat7787.www.host iti nimadm nculp [F5@asp acl_policy_name=eacom acl_policy_type=mag acl_rule_name=gelitse action=Drop hostname=arc2412.mail.lan bigip_mgmt_ip=10.247.44.59 context_name=eiusmo context_type=ainc date_time=Jul 25 2017 09:47:41 dest_ip=10.173.129.72 dst_geo=ecill dest_port=6831 device_product=snu device_vendor=inibusB device_version=1.388 drop_reason=texplica errdefs_msgno=oco errdefs_msg_name=aboree flow_id=ainci ip_protocol=udp severity=high partition_name=pariatur route_domain=uames sa_translation_pool=umtotamr sa_translation_type=mquido source_ip=10.57.89.155 src_geo=rur source_port=3553 source_user=ntorever translated_dest_ip=10.253.167.17 translated_dest_port=2990 translated_ip_protocol=seos translated_route_domain=exercita translated_source_ip=10.4.126.103 translated_source_port=892 translated_vlan=tco vlan=3607", "tags": [ @@ -470,10 +353,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450092273Z" + "version": "8.2.0" }, "message": "oluptate lit santi837.api.domain turadip dip idolo [F5@Ute acl_policy_name=ptassita acl_policy_type=caecatcu acl_rule_name=inBC action=Established hostname=olorsi2746.internal.localhost bigip_mgmt_ip=10.15.240.220 context_name=teir context_type=quep date_time=Aug 08 2017 16:50:15 dest_ip=10.63.78.66 dst_geo=xeac dest_port=7061 device_product=abor device_vendor=oreverit device_version=1.6451 drop_reason=reetdo errdefs_msgno=tat errdefs_msg_name=eufugia flow_id=ncididun ip_protocol=tcp severity=medium partition_name=periamea route_domain=itametco sa_translation_pool=vel sa_translation_type=quunt source_ip=10.248.206.210 src_geo=nonn source_port=4478 source_user=met translated_dest_ip=10.36.69.125 translated_dest_port=7157 translated_ip_protocol=entsu translated_route_domain=conse translated_source_ip=10.143.183.208 translated_source_port=5214 translated_vlan=umwri vlan=4057", "tags": [ @@ -482,10 +362,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450093236Z" + "version": "8.2.0" }, "message": "atura tur tur5914.internal.invalid tassita colabori imidestl [F5@piscing acl_policy_name=ceroi acl_policy_type=iconsequ acl_rule_name=iat action=Established hostname=edqu2208.www.localhost bigip_mgmt_ip=10.6.32.7 context_name=exerci context_type=inesciu date_time=Aug 22 2017 23:52:50 dest_ip=10.141.216.14 dst_geo=emu dest_port=5311 device_product=psa device_vendor=ate device_version=1.4386 drop_reason=fugitse errdefs_msgno=minimve errdefs_msg_name=serrorsi flow_id=tametco ip_protocol=ipv6-icmp severity=high partition_name=lore route_domain=isci sa_translation_pool=Dui sa_translation_type=reetdo source_ip=10.69.170.107 src_geo=iumtotam source_port=1010 source_user=ipitlabo translated_dest_ip=10.34.133.2 translated_dest_port=4807 translated_ip_protocol=nderi translated_route_domain=liqua translated_source_ip=10.142.186.43 translated_source_port=4691 translated_vlan=sautei vlan=2363", "tags": [ @@ -494,10 +371,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450094125Z" + "version": "8.2.0" }, "message": "voluptas velill rspic5453.www.local meum borumSec aecatcup [F5@snisiut acl_policy_name=siar acl_policy_type=quas acl_rule_name=occaeca action=Closed hostname=ender5647.www5.example bigip_mgmt_ip=10.142.22.24 context_name=ulamc context_type=cept date_time=Sep 06 2017 06:55:24 dest_ip=10.93.88.228 dst_geo=rchitect dest_port=3402 device_product=gna device_vendor=ici device_version=1.2026 drop_reason=olu errdefs_msgno=iameaque errdefs_msg_name=identsun flow_id=ender ip_protocol=ipv6 severity=low partition_name=tect route_domain=uiad sa_translation_pool=doconse sa_translation_type=eni source_ip=10.121.153.197 src_geo=smoditem source_port=6593 source_user=borumSec translated_dest_ip=10.59.103.10 translated_dest_port=768 translated_ip_protocol=oquisq translated_route_domain=abori translated_source_ip=10.170.165.164 translated_source_port=505 translated_vlan=uiineavo vlan=5554", "tags": [ @@ -506,10 +380,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450095011Z" + "version": "8.2.0" }, "message": "uidexeac sequa ntsunti2313.internal.invalid uinesc cid emi [F5@Bonorum acl_policy_name=lesti acl_policy_type=oreseo acl_rule_name=reprehen action=Established hostname=sis3986.internal.lan bigip_mgmt_ip=10.133.10.122 context_name=texplic context_type=edutp date_time=Sep 20 2017 13:57:58 dest_ip=10.93.59.189 dst_geo=eserun dest_port=3034 device_product=eniamqu device_vendor=inimav device_version=1.1576 drop_reason=imadm errdefs_msgno=uta errdefs_msg_name=tisu flow_id=remagnam ip_protocol=icmp severity=low partition_name=meiusm route_domain=nidolo sa_translation_pool=atquovol sa_translation_type=quunt source_ip=10.247.114.30 src_geo=olesti source_port=7584 source_user=quaeabil translated_dest_ip=10.19.99.129 translated_dest_port=956 translated_ip_protocol=itesse translated_route_domain=iamqui translated_source_ip=10.176.83.7 translated_source_port=5908 translated_vlan=inim vlan=6806", "tags": [ @@ -518,10 +389,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450095917Z" + "version": "8.2.0" }, "message": "Sed oremeumf lesti5921.api.localhost enima tnulapar ico [F5@giatquo acl_policy_name=lors acl_policy_type=its acl_rule_name=dolor action=Drop hostname=uatu2894.api.lan bigip_mgmt_ip=10.64.139.17 context_name=pro context_type=ice date_time=Oct 04 2017 21:00:32 dest_ip=10.87.238.169 dst_geo=conse dest_port=5351 device_product=mcol device_vendor=lup device_version=1.3824 drop_reason=upta errdefs_msgno=sedquian errdefs_msg_name=cti flow_id=rumSecti ip_protocol=rdp severity=medium partition_name=eca route_domain=oluptate sa_translation_pool=Duisa sa_translation_type=consequa source_ip=10.40.177.138 src_geo=aevitaed source_port=1082 source_user=rep translated_dest_ip=10.8.29.219 translated_dest_port=6890 translated_ip_protocol=quaeratv translated_route_domain=involu translated_source_ip=10.70.7.23 translated_source_port=2758 translated_vlan=amcolab vlan=4306", "tags": [ @@ -530,10 +398,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450096812Z" + "version": "8.2.0" }, "message": "odic iuta liquaUte209.internal.test olores scipit lloinve [F5@borisnis acl_policy_name=onorumet acl_policy_type=ptatema acl_rule_name=eavolup action=Closed hostname=rmagnido5483.local bigip_mgmt_ip=10.180.62.222 context_name=ptatev context_type=atu date_time=Oct 19 2017 04:03:07 dest_ip=10.234.26.132 dst_geo=msequ dest_port=2383 device_product=mwritten device_vendor=tat device_version=1.6066 drop_reason=osa errdefs_msgno=mini errdefs_msg_name=rors flow_id=ssusci ip_protocol=udp severity=medium partition_name=inimve route_domain=uio sa_translation_pool=mexercit sa_translation_type=byC source_ip=10.2.189.20 src_geo=orin source_port=535 source_user=uptasnul translated_dest_ip=10.67.221.220 translated_dest_port=239 translated_ip_protocol=aedict translated_route_domain=niamqui translated_source_ip=10.67.173.228 translated_source_port=5767 translated_vlan=tatemse vlan=4493", "tags": [ @@ -542,10 +407,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450097705Z" + "version": "8.2.0" }, "message": "uamestqu mpor orem6479.api.host seq rumSe tatnonp [F5@ommo acl_policy_name=adeser acl_policy_type=uasiarc acl_rule_name=doeiu action=Reject hostname=uian521.www.example bigip_mgmt_ip=10.209.52.47 context_name=imven context_type=onnumqua date_time=Nov 02 2017 11:05:41 dest_ip=10.141.201.173 dst_geo=upt dest_port=6017 device_product=itautfu device_vendor=nesci device_version=1.5040 drop_reason=mquis errdefs_msgno=lorsi errdefs_msg_name=tetura flow_id=eeufug ip_protocol=ipv6 severity=medium partition_name=tevelite route_domain=tocca sa_translation_pool=orsitvol sa_translation_type=ntor source_ip=10.147.127.181 src_geo=minimav source_port=6994 source_user=tasu translated_dest_ip=10.56.134.118 translated_dest_port=358 translated_ip_protocol=evo translated_route_domain=mcorpori translated_source_ip=10.196.176.243 translated_source_port=3465 translated_vlan=orsitam vlan=4991", "tags": [ @@ -554,10 +416,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450098612Z" + "version": "8.2.0" }, "message": "prehende lup tpers2217.internal.lan nula tdolorem qui [F5@olupt acl_policy_name=nemulla acl_policy_type=asp acl_rule_name=dexercit action=Closed hostname=taliq5213.api.corp bigip_mgmt_ip=10.226.24.84 context_name=ectobea context_type=dat date_time=Nov 16 2017 18:08:15 dest_ip=10.91.18.221 dst_geo=aut dest_port=5596 device_product=uames device_vendor=tconsec device_version=1.7604 drop_reason=oll errdefs_msgno=laboree errdefs_msg_name=udantiu flow_id=itametco ip_protocol=ipv6 severity=very-high partition_name=odico route_domain=rsint sa_translation_pool=itl sa_translation_type=ttenb source_ip=10.231.18.90 src_geo=lapa source_port=4860 source_user=Nem translated_dest_ip=10.85.13.237 translated_dest_port=4072 translated_ip_protocol=upidata translated_route_domain=ici translated_source_ip=10.248.140.59 translated_source_port=5760 translated_vlan=ident vlan=4293", "tags": [ @@ -566,10 +425,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450099541Z" + "version": "8.2.0" }, "message": "quelaud luptat rinrep6482.api.lan nimv emeu tatemac [F5@quisn acl_policy_name=rem acl_policy_type=ulamcola acl_rule_name=remagnaa action=Accept hostname=ntsunt4894.mail.domain bigip_mgmt_ip=10.203.46.215 context_name=mcorpori context_type=orisn date_time=Dec 01 2017 01:10:49 dest_ip=10.88.194.242 dst_geo=mco dest_port=6246 device_product=itame device_vendor=tenat device_version=1.5407 drop_reason=yCiceroi errdefs_msgno=nostrum errdefs_msg_name=orroquis flow_id=eumi ip_protocol=icmp severity=low partition_name=aea route_domain=tvolu sa_translation_pool=dutper sa_translation_type=tlaboru source_ip=10.207.183.204 src_geo=equuntu source_port=2673 source_user=eruntmo translated_dest_ip=10.8.224.72 translated_dest_port=6506 translated_ip_protocol=ion translated_route_domain=rured translated_source_ip=10.59.215.207 translated_source_port=6195 translated_vlan=ore vlan=5842", "tags": [ @@ -578,10 +434,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450100445Z" + "version": "8.2.0" }, "message": "xerc Nequep ametcon7485.www.test rro tuser ctasu [F5@irat acl_policy_name=sitame acl_policy_type=oinven acl_rule_name=natu action=Drop hostname=mexer3864.api.corp bigip_mgmt_ip=10.98.154.146 context_name=nula context_type=ameaquei date_time=Dec 15 2017 08:13:24 dest_ip=10.72.114.116 dst_geo=mquis dest_port=7760 device_product=olupta device_vendor=isno device_version=1.6814 drop_reason=ine errdefs_msgno=aeco errdefs_msg_name=rinrepr flow_id=dutp ip_protocol=ipv6-icmp severity=very-high partition_name=giatqu route_domain=rsint sa_translation_pool=rsi sa_translation_type=paq source_ip=10.73.84.95 src_geo=uisautem source_port=6701 source_user=sitam translated_dest_ip=10.255.145.22 translated_dest_port=6949 translated_ip_protocol=emUtenim translated_route_domain=ende translated_source_ip=10.230.38.148 translated_source_port=3213 translated_vlan=sse vlan=368", "tags": [ @@ -590,10 +443,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450101357Z" + "version": "8.2.0" }, "message": "incidi aedictas rumetMa2554.domain unt liq abore [F5@iumdo acl_policy_name=oreeu acl_policy_type=mea acl_rule_name=ssec action=Accept hostname=oluptat6960.www5.test bigip_mgmt_ip=10.211.29.187 context_name=ptat context_type=meaquei date_time=Dec 29 2017 15:15:58 dest_ip=10.228.204.249 dst_geo=eleumi dest_port=4584 device_product=porissus device_vendor=imip device_version=1.7160 drop_reason=ddoe errdefs_msgno=uptateve errdefs_msg_name=ured flow_id=ctetu ip_protocol=tcp severity=low partition_name=uasiarch route_domain=Malor sa_translation_pool=boriosa sa_translation_type=cillumdo source_ip=10.166.142.198 src_geo=oremipsu source_port=465 source_user=tium translated_dest_ip=10.105.120.162 translated_dest_port=2984 translated_ip_protocol=etc translated_route_domain=eturadip translated_source_ip=10.175.181.138 translated_source_port=3787 translated_vlan=tassitas vlan=1495", "tags": [ @@ -602,10 +452,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450102384Z" + "version": "8.2.0" }, "message": "velite maccus nima5813.mail.example iarchit sBonorum moenimi [F5@lor acl_policy_name=auto acl_policy_type=rsinto acl_rule_name=ati action=Established hostname=fugiatnu2498.www.localhost bigip_mgmt_ip=10.182.213.195 context_name=tconse context_type=eumf date_time=Jan 12 2018 22:18:32 dest_ip=10.200.94.145 dst_geo=doconse dest_port=5211 device_product=uis device_vendor=lill device_version=1.6057 drop_reason=imi errdefs_msgno=animi errdefs_msg_name=edutpers flow_id=pisci ip_protocol=tcp severity=very-high partition_name=umto route_domain=xercit sa_translation_pool=lam sa_translation_type=asnu source_ip=10.122.133.162 src_geo=eriam source_port=4838 source_user=aquae translated_dest_ip=10.220.202.102 translated_dest_port=10 translated_ip_protocol=iaturE translated_route_domain=epor translated_source_ip=10.195.139.25 translated_source_port=5566 translated_vlan=tper vlan=4341", "tags": [ @@ -614,10 +461,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450103338Z" + "version": "8.2.0" }, "message": "tconsect pariat iutal3376.api.corp isi idexeac ntu [F5@tdolo acl_policy_name=nimve acl_policy_type=duntut acl_rule_name=emporin action=Reject hostname=ptat3230.domain bigip_mgmt_ip=10.156.208.5 context_name=tlaboru context_type=tec date_time=Jan 27 2018 05:21:06 dest_ip=10.9.69.13 dst_geo=uatD dest_port=6508 device_product=antium device_vendor=remaper device_version=1.3297 drop_reason=ntNequ errdefs_msgno=anim errdefs_msg_name=uae flow_id=ata ip_protocol=tcp severity=very-high partition_name=paq route_domain=emipsumq sa_translation_pool=culpaq sa_translation_type=quamq source_ip=10.53.72.161 src_geo=pta source_port=4723 source_user=scip translated_dest_ip=10.33.143.163 translated_dest_port=5404 translated_ip_protocol=iusmodi translated_route_domain=esciun translated_source_ip=10.247.144.9 translated_source_port=2494 translated_vlan=lit vlan=4112", "tags": [ @@ -626,10 +470,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450104248Z" + "version": "8.2.0" }, "message": "oidentsu oditau onsec1632.internal.lan lup aeca isau [F5@giat acl_policy_name=ttenb acl_policy_type=eirure acl_rule_name=boreetd action=Closed hostname=exer447.internal.localhost bigip_mgmt_ip=10.35.190.164 context_name=radipis context_type=lore date_time=Feb 10 2018 12:23:41 dest_ip=10.76.99.144 dst_geo=eufugia dest_port=2345 device_product=pariat device_vendor=nimip device_version=1.2476 drop_reason=usci errdefs_msgno=unturmag errdefs_msg_name=dexeaco flow_id=lupta ip_protocol=ggp severity=very-high partition_name=oreeufug route_domain=Quisa sa_translation_pool=quiav sa_translation_type=ctionofd source_ip=10.21.58.162 src_geo=uisautei source_port=7881 source_user=porin translated_dest_ip=10.241.143.145 translated_dest_port=6151 translated_ip_protocol=ecillum translated_route_domain=olor translated_source_ip=10.113.65.192 translated_source_port=7807 translated_vlan=conseq vlan=6079", "tags": [ @@ -638,10 +479,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450105207Z" + "version": "8.2.0" }, "message": "edutpers ctobeat upta4358.home orem inibus secte [F5@ctobeat acl_policy_name=onsec acl_policy_type=idestl acl_rule_name=litani action=Closed hostname=itanimi1934.home bigip_mgmt_ip=10.19.154.103 context_name=ittenb context_type=tobeatae date_time=Feb 24 2018 19:26:15 dest_ip=10.235.51.61 dst_geo=exe dest_port=1872 device_product=cia device_vendor=idolo device_version=1.768 drop_reason=pitlabo errdefs_msgno=tas errdefs_msg_name=rcitat flow_id=ree ip_protocol=tcp severity=very-high partition_name=quipexea route_domain=orsitv sa_translation_pool=dunt sa_translation_type=int source_ip=10.53.27.253 src_geo=temveleu source_port=3599 source_user=luptat translated_dest_ip=10.75.113.240 translated_dest_port=1874 translated_ip_protocol=ionulam translated_route_domain=auto translated_source_ip=10.129.16.166 translated_source_port=5141 translated_vlan=ntocca vlan=5439", "tags": [ @@ -650,10 +488,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450106121Z" + "version": "8.2.0" }, "message": "tvol lup mipsamv161.local ionula pexeaco temaccu [F5@uamqua acl_policy_name=Neq acl_policy_type=runt acl_rule_name=xcep action=Established hostname=pteurs1031.mail.corp bigip_mgmt_ip=10.125.150.220 context_name=lumquid context_type=eturadip date_time=Mar 11 2018 02:28:49 dest_ip=10.241.228.95 dst_geo=equ dest_port=7256 device_product=ssequamn device_vendor=ave device_version=1.5812 drop_reason=edquia errdefs_msgno=ihi errdefs_msg_name=undeomn flow_id=ape ip_protocol=rdp severity=medium partition_name=ari route_domain=umtot sa_translation_pool=onemulla sa_translation_type=atquo source_ip=10.120.50.13 src_geo=issu source_port=4426 source_user=inculpa translated_dest_ip=10.150.153.61 translated_dest_port=2773 translated_ip_protocol=loremagn translated_route_domain=acons translated_source_ip=10.22.213.196 translated_source_port=7230 translated_vlan=emoenimi vlan=1864", "tags": [ @@ -662,10 +497,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450109244Z" + "version": "8.2.0" }, "message": "mqu onorume abill5290.lan mini mve tionev [F5@uasiarch acl_policy_name=velites acl_policy_type=uredolor acl_rule_name=epreh action=Accept hostname=edquiaco6562.api.lan bigip_mgmt_ip=10.113.2.13 context_name=rudexerc context_type=nturm date_time=Mar 25 2018 09:31:24 dest_ip=10.182.134.109 dst_geo=dquia dest_port=5334 device_product=bori device_vendor=dipi device_version=1.7232 drop_reason=utf errdefs_msgno=dolor errdefs_msg_name=dexe flow_id=nemul ip_protocol=igmp severity=low partition_name=lupt route_domain=quatur sa_translation_pool=dminim sa_translation_type=ptatevel source_ip=10.85.52.249 src_geo=eirured source_port=3772 source_user=tatiset translated_dest_ip=10.238.171.184 translated_dest_port=2574 translated_ip_protocol=duntutl translated_route_domain=nven translated_source_ip=10.229.155.171 translated_source_port=6978 translated_vlan=asiarch vlan=7121", "tags": [ @@ -674,10 +506,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450110171Z" + "version": "8.2.0" }, "message": "utla deomni tse7542.test nesciu todit utaliqui [F5@emse acl_policy_name=emqui acl_policy_type=cipitla acl_rule_name=tlab action=Accept hostname=tatis7315.mail.home bigip_mgmt_ip=10.249.174.35 context_name=umfu context_type=utla date_time=Apr 08 2018 16:33:58 dest_ip=10.136.53.201 dst_geo=dolo dest_port=6418 device_product=samvol device_vendor=equa device_version=1.536 drop_reason=strumex errdefs_msgno=tessecil errdefs_msg_name=ugia flow_id=reprehe ip_protocol=udp severity=medium partition_name=umq route_domain=sistena sa_translation_pool=qui sa_translation_type=caboN source_ip=10.198.150.185 src_geo=catcupid source_port=3167 source_user=quela translated_dest_ip=10.51.245.225 translated_dest_port=3991 translated_ip_protocol=enimi translated_route_domain=illum translated_source_ip=10.220.1.249 translated_source_port=4200 translated_vlan=Sedut vlan=7832", "tags": [ @@ -686,10 +515,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450111076Z" + "version": "8.2.0" }, "message": "audant obeata uredol2348.www5.host entorev quuntur olup [F5@aeab acl_policy_name=uradipis acl_policy_type=aerat acl_rule_name=les action=Drop hostname=eosqui3723.api.localdomain bigip_mgmt_ip=10.152.157.32 context_name=ali context_type=udexerci date_time=Apr 22 2018 23:36:32 dest_ip=10.76.232.245 dst_geo=osqu dest_port=4859 device_product=aborio device_vendor=rve device_version=1.219 drop_reason=nbyCi errdefs_msgno=runtmoll errdefs_msg_name=busBon flow_id=norumetM ip_protocol=udp severity=low partition_name=usBono route_domain=ameaq sa_translation_pool=Quis sa_translation_type=lupta source_ip=10.251.82.195 src_geo=umiure source_port=5186 source_user=olorese translated_dest_ip=10.190.96.181 translated_dest_port=2153 translated_ip_protocol=culp translated_route_domain=deomn translated_source_ip=10.38.185.31 translated_source_port=1085 translated_vlan=llo vlan=1106", "tags": [ @@ -698,10 +524,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450111975Z" + "version": "8.2.0" }, "message": "tla iaconseq sed3235.www5.localhost pidatatn isno luptatev [F5@occaeca acl_policy_name=dan acl_policy_type=pta acl_rule_name=upt action=Drop hostname=itaedict199.mail.corp bigip_mgmt_ip=10.103.102.242 context_name=labore context_type=lorem date_time=May 07 2018 06:39:06 dest_ip=10.68.159.207 dst_geo=eratv dest_port=7206 device_product=estq device_vendor=quasiarc device_version=1.6526 drop_reason=liq errdefs_msgno=xerc errdefs_msg_name=atisetqu flow_id=squir ip_protocol=icmp severity=very-high partition_name=quam route_domain=deriti sa_translation_pool=edictasu sa_translation_type=eturadi source_ip=10.190.247.194 src_geo=mSecti source_port=4210 source_user=tDuisaut translated_dest_ip=10.230.112.179 translated_dest_port=5926 translated_ip_protocol=vol translated_route_domain=ita translated_source_ip=10.211.198.50 translated_source_port=7510 translated_vlan=nibusB vlan=5555", "tags": [ @@ -710,10 +533,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450112872Z" + "version": "8.2.0" }, "message": "amremap oremagna aqu4475.mail.invalid serrorsi tsedquia rsit [F5@quis acl_policy_name=upidatat acl_policy_type=mod acl_rule_name=niamqui action=Closed hostname=xeaco7887.www.localdomain bigip_mgmt_ip=10.47.223.155 context_name=ugitsed context_type=dminimve date_time=May 21 2018 13:41:41 dest_ip=10.111.137.84 dst_geo=uiac dest_port=7838 device_product=tot device_vendor=reme device_version=1.7750 drop_reason=loremi errdefs_msgno=queporro errdefs_msg_name=tur flow_id=eFi ip_protocol=ipv6-icmp severity=medium partition_name=ulapari route_domain=eporroq sa_translation_pool=uunturm sa_translation_type=iatn source_ip=10.219.83.199 src_geo=diduntut source_port=1321 source_user=ectetur translated_dest_ip=10.101.13.122 translated_dest_port=6737 translated_ip_protocol=nibusBo translated_route_domain=volup translated_source_ip=10.251.101.61 translated_source_port=5153 translated_vlan=scipit vlan=6495", "tags": [ @@ -722,10 +542,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450113883Z" + "version": "8.2.0" }, "message": "tore isni tamrema736.www5.lan ntiumdol conse aturve [F5@edqui acl_policy_name=tvolu acl_policy_type=psu acl_rule_name=strud action=Closed hostname=saute7421.www.invalid bigip_mgmt_ip=10.21.80.157 context_name=tiumtot context_type=tate date_time=Jun 04 2018 20:44:15 dest_ip=10.13.222.177 dst_geo=inBCSed dest_port=6353 device_product=Loremip device_vendor=taliqui device_version=1.5568 drop_reason=ipsaquae errdefs_msgno=olu errdefs_msg_name=exerci flow_id=isnostru ip_protocol=tcp severity=very-high partition_name=ngelits route_domain=volupt sa_translation_pool=billoi sa_translation_type=reseo source_ip=10.31.86.83 src_geo=pariat source_port=6646 source_user=litsed translated_dest_ip=10.21.30.43 translated_dest_port=4754 translated_ip_protocol=lorem translated_route_domain=iamquisn translated_source_ip=10.83.136.233 translated_source_port=6643 translated_vlan=imadm vlan=3187", "tags": [ @@ -734,10 +551,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450114818Z" + "version": "8.2.0" }, "message": "lumdol edutper utemve6966.mail.local emoen ptate mipsumqu [F5@turad acl_policy_name=dol acl_policy_type=ntutla acl_rule_name=des action=Accept hostname=oluptas1637.home bigip_mgmt_ip=10.195.90.73 context_name=ipisc context_type=iatnulap date_time=Jun 19 2018 03:46:49 dest_ip=10.170.155.137 dst_geo=uine dest_port=1815 device_product=veniamqu device_vendor=iconsequ device_version=1.5445 drop_reason=apa errdefs_msgno=archite errdefs_msg_name=tur flow_id=ddo ip_protocol=ipv6 severity=high partition_name=inBC route_domain=did sa_translation_pool=atcupi sa_translation_type=eriti source_ip=10.45.152.205 src_geo=rema source_port=5107 source_user=datatn translated_dest_ip=10.194.197.107 translated_dest_port=2524 translated_ip_protocol=tur translated_route_domain=itation translated_source_ip=10.27.181.27 translated_source_port=5509 translated_vlan=uredo vlan=2155", "tags": [ @@ -746,10 +560,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450115755Z" + "version": "8.2.0" }, "message": "use catcu quame922.internal.host eursi liquid ulapari [F5@ibus acl_policy_name=isu acl_policy_type=moll acl_rule_name=roinBCS action=Drop hostname=ididu5505.api.localdomain bigip_mgmt_ip=10.43.239.97 context_name=modi context_type=cip date_time=Jul 03 2018 10:49:23 dest_ip=10.60.60.164 dst_geo=iscive dest_port=5527 device_product=incididu device_vendor=yCice device_version=1.508 drop_reason=ionem errdefs_msgno=taevitae errdefs_msg_name=dminimv flow_id=quam ip_protocol=tcp severity=low partition_name=umdol route_domain=rerepr sa_translation_pool=ipiscin sa_translation_type=trudexe source_ip=10.222.2.132 src_geo=umdo source_port=6187 source_user=aedicta translated_dest_ip=10.129.161.18 translated_dest_port=782 translated_ip_protocol=umquiad translated_route_domain=porinc translated_source_ip=10.183.90.25 translated_source_port=5038 translated_vlan=conse vlan=2563", "tags": [ @@ -758,10 +569,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450116651Z" + "version": "8.2.0" }, "message": "dolo reeufu umexe5208.local suntex uptatema uteiru [F5@rcitati acl_policy_name=siutali acl_policy_type=uiratio acl_rule_name=ficia action=Closed hostname=mqui1099.api.corp bigip_mgmt_ip=10.231.167.171 context_name=onorumet context_type=illoinve date_time=Jul 17 2018 17:51:58 dest_ip=10.188.254.168 dst_geo=nevolup dest_port=3706 device_product=lor device_vendor=ica device_version=1.4479 drop_reason=sumd errdefs_msgno=elitse errdefs_msg_name=olu flow_id=temqu ip_protocol=rdp severity=very-high partition_name=nesci route_domain=meaquei sa_translation_pool=snisiu sa_translation_type=atem source_ip=10.189.162.131 src_geo=litsed source_port=6019 source_user=sedquia translated_dest_ip=10.67.129.100 translated_dest_port=7106 translated_ip_protocol=mmodicon translated_route_domain=eosquir translated_source_ip=10.248.156.138 translated_source_port=2125 translated_vlan=smodit vlan=3090", "tags": [ @@ -770,10 +578,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450117540Z" + "version": "8.2.0" }, "message": "dun xce dol5403.www.localhost asiar eiu maliquam [F5@gnama acl_policy_name=ursintoc acl_policy_type=minimve acl_rule_name=eprehe action=Reject hostname=siuta2155.lan bigip_mgmt_ip=10.63.103.30 context_name=ill context_type=imveniam date_time=Aug 01 2018 00:54:32 dest_ip=10.36.29.127 dst_geo=umqui dest_port=1757 device_product=sci device_vendor=isquames device_version=1.2927 drop_reason=tlabor errdefs_msgno=itecto errdefs_msg_name=loreeuf flow_id=orainci ip_protocol=icmp severity=low partition_name=aev route_domain=uelaudan sa_translation_pool=lab sa_translation_type=sequa source_ip=10.6.146.184 src_geo=rrorsi source_port=7247 source_user=sequu translated_dest_ip=10.185.107.27 translated_dest_port=2257 translated_ip_protocol=mips translated_route_domain=iduntutl translated_source_ip=10.142.106.66 translated_source_port=3790 translated_vlan=quelauda vlan=289", "tags": [ @@ -782,10 +587,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450118457Z" + "version": "8.2.0" }, "message": "dolo ulamc doe344.www5.local toreve squirat llum [F5@dol acl_policy_name=niam acl_policy_type=atio acl_rule_name=sno action=Established hostname=tatiset4191.localdomain bigip_mgmt_ip=10.214.93.200 context_name=dtempor context_type=rroquisq date_time=Aug 15 2018 07:57:06 dest_ip=10.215.63.248 dst_geo=uidex dest_port=1203 device_product=lloi device_vendor=nseq device_version=1.4023 drop_reason=isetqua errdefs_msgno=ianonn errdefs_msg_name=oluptas flow_id=doe ip_protocol=udp severity=very-high partition_name=rchitect route_domain=orsitame sa_translation_pool=tasn sa_translation_type=exeaco source_ip=10.93.39.237 src_geo=aincidu source_port=232 source_user=tionofd translated_dest_ip=10.0.202.9 translated_dest_port=7451 translated_ip_protocol=nvolup translated_route_domain=ommodic translated_source_ip=10.119.179.182 translated_source_port=7255 translated_vlan=undeo vlan=7696", "tags": [ @@ -794,10 +596,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450119355Z" + "version": "8.2.0" }, "message": "uiinea uianonn eavolupt784.www5.example liquam sinto edi [F5@eumiure acl_policy_name=ore acl_policy_type=adeser acl_rule_name=mSe action=Drop hostname=aute2433.mail.lan bigip_mgmt_ip=10.252.204.162 context_name=tiae context_type=giat date_time=Aug 29 2018 14:59:40 dest_ip=10.115.77.51 dst_geo=mcorpor dest_port=2433 device_product=ostru device_vendor=mea device_version=1.5939 drop_reason=iquipex errdefs_msgno=byCice errdefs_msg_name=deritq flow_id=boreetdo ip_protocol=ipv6-icmp severity=medium partition_name=iin route_domain=nostr sa_translation_pool=luptatem sa_translation_type=tNequepo source_ip=10.28.145.163 src_geo=sper source_port=72 source_user=imadmin translated_dest_ip=10.123.154.140 translated_dest_port=2551 translated_ip_protocol=mSect translated_route_domain=iure translated_source_ip=10.30.189.166 translated_source_port=2749 translated_vlan=aer vlan=3422", "tags": [ @@ -806,10 +605,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450120248Z" + "version": "8.2.0" }, "message": "roquis mremape ude2977.www.corp rmagnido exeaco dqu [F5@ccaec acl_policy_name=repreh acl_policy_type=imven acl_rule_name=usan action=Accept hostname=idolo6535.internal.example bigip_mgmt_ip=10.46.162.198 context_name=snulap context_type=onsequat date_time=Sep 12 2018 22:02:15 dest_ip=10.166.128.248 dst_geo=pariatur dest_port=7435 device_product=tura device_vendor=equuntur device_version=1.6564 drop_reason=uaera errdefs_msgno=mqua errdefs_msg_name=xer flow_id=utlabore ip_protocol=ipv6-icmp severity=very-high partition_name=beataevi route_domain=amquisn sa_translation_pool=itquii sa_translation_type=imaven source_ip=10.145.128.250 src_geo=nder source_port=5641 source_user=eni translated_dest_ip=10.79.49.3 translated_dest_port=7794 translated_ip_protocol=psamvolu translated_route_domain=teturad translated_source_ip=10.29.122.183 translated_source_port=6166 translated_vlan=tla vlan=6146", "tags": [ @@ -818,10 +614,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450121141Z" + "version": "8.2.0" }, "message": "modtempo edict nost3250.internal.localdomain nibu quatur isiutali [F5@mdolo acl_policy_name=nof acl_policy_type=usantiu acl_rule_name=periam action=Closed hostname=one7728.api.localdomain bigip_mgmt_ip=10.177.232.136 context_name=obe context_type=niamqu date_time=Sep 27 2018 05:04:49 dest_ip=10.140.59.161 dst_geo=smoditem dest_port=575 device_product=tev device_vendor=oNemoeni device_version=1.3341 drop_reason=elillumq errdefs_msgno=loremeum errdefs_msg_name=luptatem flow_id=ing ip_protocol=tcp severity=very-high partition_name=riameaqu route_domain=etd sa_translation_pool=omnisi sa_translation_type=dolor source_ip=10.166.169.167 src_geo=ati source_port=1544 source_user=olors translated_dest_ip=10.65.174.196 translated_dest_port=472 translated_ip_protocol=iin translated_route_domain=uteiru translated_source_ip=10.142.235.217 translated_source_port=5846 translated_vlan=orain vlan=2663", "tags": [ @@ -830,10 +623,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450122040Z" + "version": "8.2.0" }, "message": "llu quaUt labor7147.internal.host ten vitae tse [F5@gni acl_policy_name=per acl_policy_type=tione acl_rule_name=nibus action=Established hostname=uptatem4446.internal.localhost bigip_mgmt_ip=10.29.217.44 context_name=eacommod context_type=tali date_time=Oct 11 2018 12:07:23 dest_ip=10.131.223.198 dst_geo=orisnisi dest_port=4342 device_product=eritquii device_vendor=atevelit device_version=1.325 drop_reason=enat errdefs_msgno=ionula errdefs_msg_name=itaed flow_id=invol ip_protocol=rdp severity=low partition_name=cidun route_domain=tassitas sa_translation_pool=nimadmi sa_translation_type=dipisci source_ip=10.215.184.154 src_geo=nor source_port=3306 source_user=iarc translated_dest_ip=10.191.78.86 translated_dest_port=6355 translated_ip_protocol=uiac translated_route_domain=squ translated_source_ip=10.53.188.140 translated_source_port=6455 translated_vlan=ten vlan=2937", "tags": [ @@ -842,10 +632,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450122936Z" + "version": "8.2.0" }, "message": "isciveli ntutlab sitamet452.domain nsequ ing ollita [F5@dipisci acl_policy_name=amnisiu acl_policy_type=ptat acl_rule_name=epr action=Drop hostname=emq2514.api.localhost bigip_mgmt_ip=10.135.77.156 context_name=uraut context_type=non date_time=Oct 25 2018 19:09:57 dest_ip=10.248.182.188 dst_geo=turad dest_port=2537 device_product=nBCSe device_vendor=ollita device_version=1.3567 drop_reason=eni errdefs_msgno=quipe errdefs_msg_name=oluptat flow_id=stenatus ip_protocol=ggp severity=very-high partition_name=iaecon route_domain=ect sa_translation_pool=tquid sa_translation_type=seru source_ip=10.76.148.147 src_geo=remagna source_port=1121 source_user=urve translated_dest_ip=10.46.222.149 translated_dest_port=3304 translated_ip_protocol=squ translated_route_domain=emagnaal translated_source_ip=10.74.74.129 translated_source_port=5904 translated_vlan=itati vlan=3497", "tags": [ @@ -854,10 +641,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450123877Z" + "version": "8.2.0" }, "message": "rinc tno meumf4052.invalid pitlabo riamea Malorumw [F5@consect acl_policy_name=issu acl_policy_type=tconsect acl_rule_name=tationem action=Drop hostname=agna5654.www.corp bigip_mgmt_ip=10.96.200.223 context_name=iatisun context_type=cto date_time=Nov 09 2018 02:12:32 dest_ip=10.3.228.220 dst_geo=imadmini dest_port=3791 device_product=oeiusm device_vendor=aUtenim device_version=1.1186 drop_reason=isu errdefs_msgno=ute errdefs_msg_name=tdolore flow_id=madminim ip_protocol=igmp severity=very-high partition_name=prehen route_domain=ate sa_translation_pool=ull sa_translation_type=enimipsa source_ip=10.130.203.37 src_geo=quisnos source_port=2132 source_user=mvele translated_dest_ip=10.11.146.253 translated_dest_port=3581 translated_ip_protocol=remeum translated_route_domain=temseq translated_source_ip=10.145.49.29 translated_source_port=2464 translated_vlan=sedquia vlan=4912", "tags": [ @@ -866,10 +650,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450124809Z" + "version": "8.2.0" }, "message": "ntmo aliqu iqu4429.www5.lan doconse volupta ptat [F5@oreverit acl_policy_name=nimides acl_policy_type=remipsum acl_rule_name=elit action=Drop hostname=ipi4827.mail.lan bigip_mgmt_ip=10.162.78.48 context_name=lab context_type=sedqui date_time=Nov 23 2018 09:15:06 dest_ip=10.243.157.94 dst_geo=epteu dest_port=5744 device_product=tura device_vendor=mquiavol device_version=1.6845 drop_reason=eabil errdefs_msgno=ibusB errdefs_msg_name=rporis flow_id=etco ip_protocol=ipv6 severity=very-high partition_name=ereprehe route_domain=olu sa_translation_pool=nofdeF sa_translation_type=riaturEx source_ip=10.24.23.209 src_geo=itautfu source_port=1503 source_user=rumwr translated_dest_ip=10.162.2.180 translated_dest_port=3889 translated_ip_protocol=mporain translated_route_domain=ectetur translated_source_ip=10.48.75.140 translated_source_port=1837 translated_vlan=ineavol vlan=5182", "tags": [ @@ -878,10 +659,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450125697Z" + "version": "8.2.0" }, "message": "onproid sitv equam3114.test mcorp uelaud aperiam [F5@ngelit acl_policy_name=quiano acl_policy_type=sund acl_rule_name=iaconse action=Drop hostname=sequatD163.internal.example bigip_mgmt_ip=10.151.206.38 context_name=oloremi context_type=luptate date_time=Dec 07 2018 16:17:40 dest_ip=10.38.57.217 dst_geo=rur dest_port=5543 device_product=imidest device_vendor=oeiusmod device_version=1.419 drop_reason=psumqui errdefs_msgno=eddoeiu errdefs_msg_name=oinvento flow_id=mips ip_protocol=udp severity=medium partition_name=corpor route_domain=amvolu sa_translation_pool=ent sa_translation_type=ionemu source_ip=10.66.92.83 src_geo=orinrep source_port=2549 source_user=nproide translated_dest_ip=10.119.12.186 translated_dest_port=5674 translated_ip_protocol=qui translated_route_domain=nemullam translated_source_ip=10.97.105.115 translated_source_port=3576 translated_vlan=squir vlan=3987", "tags": [ @@ -890,10 +668,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450126757Z" + "version": "8.2.0" }, "message": "umqu umet psaquaea5284.internal.example upt giatquo toccaec [F5@nihilmo acl_policy_name=atquo acl_policy_type=umetMa acl_rule_name=ngelitse action=Accept hostname=itamet1303.invalid bigip_mgmt_ip=10.12.148.73 context_name=eius context_type=evo date_time=Dec 21 2018 23:20:14 dest_ip=10.10.44.34 dst_geo=volupt dest_port=61 device_product=eosqu device_vendor=reetdolo device_version=1.7551 drop_reason=sten errdefs_msgno=enderi errdefs_msg_name=labore flow_id=uasiarch ip_protocol=igmp severity=very-high partition_name=magnama route_domain=reprehe sa_translation_pool=citatio sa_translation_type=dolo source_ip=10.201.132.114 src_geo=eetd source_port=6058 source_user=borisnis translated_dest_ip=10.64.76.142 translated_dest_port=7083 translated_ip_protocol=temse translated_route_domain=samvo translated_source_ip=10.169.139.250 translated_source_port=1374 translated_vlan=nostrume vlan=5035", "tags": [ @@ -902,10 +677,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450127687Z" + "version": "8.2.0" }, "message": "tatevel itin tam942.api.host iut leumiur deser [F5@boris acl_policy_name=ris acl_policy_type=nisiuta acl_rule_name=utper action=Drop hostname=epr3512.internal.domain bigip_mgmt_ip=10.9.236.18 context_name=iumdo context_type=exe date_time=Jan 05 2019 06:22:49 dest_ip=10.152.7.48 dst_geo=giatnula dest_port=71 device_product=enimadmi device_vendor=qui device_version=1.5292 drop_reason=aecon errdefs_msgno=sedq errdefs_msg_name=olo flow_id=sperna ip_protocol=udp severity=very-high partition_name=conseq route_domain=upta sa_translation_pool=eturadi sa_translation_type=cinge source_ip=10.111.128.11 src_geo=niamq source_port=5336 source_user=umfug translated_dest_ip=10.35.38.185 translated_dest_port=7077 translated_ip_protocol=labor translated_route_domain=Sec translated_source_ip=10.200.116.191 translated_source_port=3068 translated_vlan=nsecte vlan=5790", "tags": [ @@ -914,10 +686,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450128717Z" + "version": "8.2.0" }, "message": "uianonnu por nve894.lan turadip ataev eFinib [F5@atione acl_policy_name=xcepte acl_policy_type=gnaa acl_rule_name=tio action=Reject hostname=uredol2174.home bigip_mgmt_ip=10.191.27.182 context_name=tMalo context_type=urautod date_time=Jan 19 2019 13:25:23 dest_ip=10.114.60.159 dst_geo=rese dest_port=5302 device_product=rissusci device_vendor=quaturve device_version=1.5991 drop_reason=tisunde errdefs_msgno=ende errdefs_msg_name=quidolor flow_id=lloin ip_protocol=igmp severity=high partition_name=proiden route_domain=moenimip sa_translation_pool=tat sa_translation_type=tate source_ip=10.236.67.227 src_geo=ern source_port=881 source_user=tlabo translated_dest_ip=10.134.238.8 translated_dest_port=2976 translated_ip_protocol=aqua translated_route_domain=edquiac translated_source_ip=10.240.62.238 translated_source_port=1251 translated_vlan=olo vlan=5926", "tags": [ @@ -926,10 +695,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450129634Z" + "version": "8.2.0" }, "message": "ali Nequepor aUten4127.internal.lan apariatu mnisis onsequa [F5@sunt acl_policy_name=orumSe acl_policy_type=olupta acl_rule_name=emveleum action=Drop hostname=ididunt7607.mail.localhost bigip_mgmt_ip=10.165.66.92 context_name=isq context_type=eacommo date_time=Feb 02 2019 20:27:57 dest_ip=10.244.171.198 dst_geo=nimad dest_port=7814 device_product=asi device_vendor=tobe device_version=1.6837 drop_reason=Lore errdefs_msgno=oin errdefs_msg_name=eritquii flow_id=taliqui ip_protocol=ipv6-icmp severity=very-high partition_name=entoreve route_domain=ion sa_translation_pool=exeaco sa_translation_type=tate source_ip=10.109.14.142 src_geo=sitas source_port=6036 source_user=perna translated_dest_ip=10.65.35.64 translated_dest_port=2748 translated_ip_protocol=irur translated_route_domain=risnisiu translated_source_ip=10.22.231.91 translated_source_port=2652 translated_vlan=equepor vlan=897", "tags": [ @@ -938,10 +704,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450130526Z" + "version": "8.2.0" }, "message": "ugiatn utpe hend1170.www5.lan ptateve aliqua officiad [F5@nimadmin acl_policy_name=iavol acl_policy_type=roq acl_rule_name=iumtota action=Reject hostname=inimav5557.www5.test bigip_mgmt_ip=10.71.112.86 context_name=olor context_type=emoenim date_time=Feb 17 2019 03:30:32 dest_ip=10.57.64.102 dst_geo=rume dest_port=7667 device_product=inibusBo device_vendor=tqui device_version=1.99 drop_reason=citat errdefs_msgno=prehende errdefs_msg_name=vitaedic flow_id=remip ip_protocol=ggp severity=high partition_name=rehe route_domain=aper sa_translation_pool=gnaa sa_translation_type=tam source_ip=10.64.161.215 src_geo=modi source_port=4869 source_user=rnatur translated_dest_ip=10.29.230.203 translated_dest_port=6579 translated_ip_protocol=abi translated_route_domain=inimaven translated_source_ip=10.89.221.90 translated_source_port=5835 translated_vlan=entoreve vlan=4612", "tags": [ @@ -950,10 +713,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450131494Z" + "version": "8.2.0" }, "message": "roqu dquia ommod142.www.home ptate oloreeu imipsa [F5@iscinge acl_policy_name=ora acl_policy_type=meumfug acl_rule_name=inimve action=Closed hostname=nonn1650.www.test bigip_mgmt_ip=10.88.226.76 context_name=ptas context_type=iadolo date_time=Mar 03 2019 10:33:06 dest_ip=10.217.197.29 dst_geo=aliquide dest_port=7187 device_product=tinv device_vendor=iar device_version=1.5232 drop_reason=mquela errdefs_msgno=urm errdefs_msg_name=con flow_id=aeabil ip_protocol=udp severity=low partition_name=edicta route_domain=itaspern sa_translation_pool=tau sa_translation_type=rcit source_ip=10.79.208.135 src_geo=rehende source_port=3688 source_user=erspic translated_dest_ip=10.221.199.137 translated_dest_port=6430 translated_ip_protocol=quipe translated_route_domain=evita translated_source_ip=10.140.118.182 translated_source_port=4566 translated_vlan=nia vlan=7548", "tags": [ @@ -962,10 +722,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450132494Z" + "version": "8.2.0" }, "message": "npro boriosa sundeo3076.internal.test Nequepor turQ tod [F5@rsitame acl_policy_name=nsectetu acl_policy_type=untexpli acl_rule_name=smo action=Reject hostname=acons3940.api.lan bigip_mgmt_ip=10.133.48.55 context_name=lab context_type=ela date_time=Mar 17 2019 17:35:40 dest_ip=10.134.141.37 dst_geo=oreve dest_port=2538 device_product=tali device_vendor=quamnih device_version=1.2492 drop_reason=reprehen errdefs_msgno=Exce errdefs_msg_name=tocca flow_id=tinvolu ip_protocol=ipv6 severity=low partition_name=iumt route_domain=mad sa_translation_pool=mpor sa_translation_type=eddoei source_ip=10.35.73.208 src_geo=dolo source_port=6552 source_user=tia translated_dest_ip=10.126.61.230 translated_dest_port=2068 translated_ip_protocol=dolor translated_route_domain=emUteni translated_source_ip=10.189.244.22 translated_source_port=734 translated_vlan=rinre vlan=6425", "tags": [ @@ -974,10 +731,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450133392Z" + "version": "8.2.0" }, "message": "ident uatur dquiaco2756.home uiine mve dolorema [F5@ditautf acl_policy_name=uisnostr acl_policy_type=oditautf acl_rule_name=nula action=Established hostname=suscipit587.www.localhost bigip_mgmt_ip=10.81.154.115 context_name=ita context_type=aeratvol date_time=Apr 01 2019 00:38:14 dest_ip=10.194.94.1 dst_geo=ostr dest_port=575 device_product=boreetd device_vendor=ueporro device_version=1.4044 drop_reason=oluptat errdefs_msgno=olors errdefs_msg_name=mSecti flow_id=ius ip_protocol=icmp severity=very-high partition_name=xerci route_domain=qua sa_translation_pool=iaecons sa_translation_type=pteurs source_ip=10.35.65.72 src_geo=veni source_port=3387 source_user=reseo translated_dest_ip=10.239.194.105 translated_dest_port=3629 translated_ip_protocol=isnos translated_route_domain=ntin translated_source_ip=10.240.94.109 translated_source_port=5437 translated_vlan=ono vlan=573", "tags": [ @@ -986,10 +740,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450134287Z" + "version": "8.2.0" }, "message": "consequ ine hend3901.www.localdomain nsecte miurere tat [F5@pitlabor acl_policy_name=upi acl_policy_type=olupta acl_rule_name=ape action=Established hostname=mnisiut6146.internal.local bigip_mgmt_ip=10.52.70.192 context_name=empor context_type=ate date_time=Apr 15 2019 07:40:49 dest_ip=10.234.254.96 dst_geo=obeatae dest_port=2042 device_product=orem device_vendor=dquian device_version=1.2307 drop_reason=uis errdefs_msgno=emagnaal errdefs_msg_name=uunturm flow_id=nonnumq ip_protocol=ggp severity=very-high partition_name=ntocca route_domain=emquelau sa_translation_pool=adolorsi sa_translation_type=lupt source_ip=10.38.253.213 src_geo=ncidu source_port=3369 source_user=ionem translated_dest_ip=10.248.72.104 translated_dest_port=7485 translated_ip_protocol=cusan translated_route_domain=ivelit translated_source_ip=10.150.56.227 translated_source_port=4686 translated_vlan=isnost vlan=4697", "tags": [ @@ -998,10 +749,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450135199Z" + "version": "8.2.0" }, "message": "urQu idol fici312.api.host eri pitlab riosamn [F5@Malo acl_policy_name=onse acl_policy_type=enatuse acl_rule_name=veritat action=Reject hostname=borios1067.www5.home bigip_mgmt_ip=10.218.15.164 context_name=ntNeque context_type=magnidol date_time=Apr 29 2019 14:43:23 dest_ip=10.56.60.3 dst_geo=aaliq dest_port=2143 device_product=gel device_vendor=modt device_version=1.2031 drop_reason=mvolu errdefs_msgno=agn errdefs_msg_name=eritinvo flow_id=aliq ip_protocol=rdp severity=very-high partition_name=uisautei route_domain=labor sa_translation_pool=ihilmol sa_translation_type=scinge source_ip=10.62.218.239 src_geo=yCiceroi source_port=166 source_user=reh translated_dest_ip=10.73.172.186 translated_dest_port=3510 translated_ip_protocol=itte translated_route_domain=niamquis translated_source_ip=10.203.193.134 translated_source_port=6251 translated_vlan=riosa vlan=7445", "tags": [ @@ -1010,10 +758,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450136111Z" + "version": "8.2.0" }, "message": "ore ptatema poriss2289.localdomain luptat ficiad saquaea [F5@archi acl_policy_name=caboNe acl_policy_type=ptate acl_rule_name=enimips action=Established hostname=msequ323.www.example bigip_mgmt_ip=10.60.20.76 context_name=seq context_type=uae date_time=May 13 2019 21:45:57 dest_ip=10.244.241.67 dst_geo=quaeabi dest_port=5701 device_product=ost device_vendor=mave device_version=1.2555 drop_reason=aev errdefs_msgno=uovolup errdefs_msg_name=tMaloru flow_id=rum ip_protocol=ipv6-icmp severity=very-high partition_name=ptassita route_domain=ionemul sa_translation_pool=orema sa_translation_type=its source_ip=10.10.46.43 src_geo=stiaec source_port=7346 source_user=nev translated_dest_ip=10.136.211.234 translated_dest_port=4126 translated_ip_protocol=lamcor translated_route_domain=rorsitv translated_source_ip=10.131.127.113 translated_source_port=853 translated_vlan=iamqu vlan=1324", "tags": [ @@ -1022,10 +767,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450137006Z" + "version": "8.2.0" }, "message": "mwrit dminimve madminim5473.mail.example reeuf orinrepr tinvo [F5@oru acl_policy_name=ainc acl_policy_type=aeab acl_rule_name=iat action=Closed hostname=tdolorem813.internal.host bigip_mgmt_ip=10.50.177.151 context_name=rsitam context_type=aliqui date_time=May 28 2019 04:48:31 dest_ip=10.206.65.159 dst_geo=fdeFini dest_port=1295 device_product=eetdolo device_vendor=issuscip device_version=1.3291 drop_reason=tqu errdefs_msgno=rinc errdefs_msg_name=hender flow_id=sBonor ip_protocol=rdp severity=high partition_name=ercitati route_domain=lapa sa_translation_pool=enia sa_translation_type=atis source_ip=10.233.181.250 src_geo=isiuta source_port=2868 source_user=ugiatq translated_dest_ip=10.187.237.220 translated_dest_port=7744 translated_ip_protocol=eumfu translated_route_domain=remap translated_source_ip=10.248.0.74 translated_source_port=6349 translated_vlan=tru vlan=2520", "tags": [ @@ -1034,10 +776,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450137931Z" + "version": "8.2.0" }, "message": "isautem eiusm assit1598.www5.invalid archite eruntm iades [F5@mremape acl_policy_name=nimad acl_policy_type=ionemu acl_rule_name=nul action=Established hostname=volupt4626.internal.test bigip_mgmt_ip=10.189.43.11 context_name=asper context_type=eeu date_time=Jun 11 2019 11:51:06 dest_ip=10.193.169.102 dst_geo=olab dest_port=629 device_product=olore device_vendor=mSecti device_version=1.2859 drop_reason=idid errdefs_msgno=ela errdefs_msg_name=fugits flow_id=litseddo ip_protocol=igmp severity=medium partition_name=ptasn route_domain=amrem sa_translation_pool=umdolor sa_translation_type=iamq source_ip=10.248.248.120 src_geo=ationemu source_port=1282 source_user=iatn translated_dest_ip=10.96.223.46 translated_dest_port=3654 translated_ip_protocol=pern translated_route_domain=ptasn translated_source_ip=10.80.129.81 translated_source_port=4827 translated_vlan=tat vlan=5084", "tags": [ @@ -1046,10 +785,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450138826Z" + "version": "8.2.0" }, "message": "eruntmo lumdolo urmagnid2749.api.host imip taspe siutaliq [F5@turadipi acl_policy_name=tMalo acl_policy_type=veni acl_rule_name=rspi action=Closed hostname=ntium5103.www5.localhost bigip_mgmt_ip=10.66.106.186 context_name=uatD context_type=reh date_time=Jun 25 2019 18:53:40 dest_ip=10.36.14.238 dst_geo=metco dest_port=4740 device_product=ilmoles device_vendor=xeaco device_version=1.1910 drop_reason=ccaecat errdefs_msgno=radip errdefs_msg_name=secil flow_id=totamr ip_protocol=udp severity=very-high partition_name=iciat route_domain=uira sa_translation_pool=orio sa_translation_type=mseq source_ip=10.102.109.199 src_geo=iono source_port=2061 source_user=tNequ translated_dest_ip=10.173.114.63 translated_dest_port=5877 translated_ip_protocol=tatisetq translated_route_domain=eabilloi translated_source_ip=10.91.115.139 translated_source_port=412 translated_vlan=eroi vlan=2077", "tags": [ @@ -1058,10 +794,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450139724Z" + "version": "8.2.0" }, "message": "riatur amrema illum2978.internal.home rumetMa entor urere [F5@involu acl_policy_name=qui acl_policy_type=aliqu acl_rule_name=sita action=Drop hostname=orpori3334.www.local bigip_mgmt_ip=10.198.157.122 context_name=ncu context_type=quatu date_time=Jul 10 2019 01:56:14 dest_ip=10.239.90.72 dst_geo=iratio dest_port=7700 device_product=its device_vendor=agn device_version=1.3690 drop_reason=ntmo errdefs_msgno=iur errdefs_msg_name=aboNemo flow_id=tsedquia ip_protocol=udp severity=very-high partition_name=tatiset route_domain=enim sa_translation_pool=gnido sa_translation_type=iamq source_ip=10.159.155.88 src_geo=uisa source_port=7034 source_user=iquipex translated_dest_ip=10.0.175.17 translated_dest_port=5236 translated_ip_protocol=tempori translated_route_domain=sedquian translated_source_ip=10.221.223.127 translated_source_port=2687 translated_vlan=ira vlan=3007", "tags": [ @@ -1070,10 +803,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450140624Z" + "version": "8.2.0" }, "message": "idolor umdo sequatu7142.internal.corp ipsaqu asun rsitam [F5@magn acl_policy_name=amcola acl_policy_type=eumiurer acl_rule_name=umf action=Established hostname=equu7361.www5.localdomain bigip_mgmt_ip=10.30.20.187 context_name=rsinto context_type=nonnumqu date_time=Jul 24 2019 08:58:48 dest_ip=10.103.47.100 dst_geo=chitect dest_port=5316 device_product=fug device_vendor=ulpaq device_version=1.6302 drop_reason=piscivel errdefs_msgno=ueporr errdefs_msg_name=udex flow_id=ipexeac ip_protocol=tcp severity=low partition_name=isci route_domain=archi sa_translation_pool=rsitame sa_translation_type=qui source_ip=10.7.212.201 src_geo=ion source_port=949 source_user=ugiat translated_dest_ip=10.252.136.130 translated_dest_port=5601 translated_ip_protocol=expl translated_route_domain=animi translated_source_ip=10.189.70.237 translated_source_port=1457 translated_vlan=tnul vlan=24", "tags": [ @@ -1082,10 +812,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450141533Z" + "version": "8.2.0" }, "message": "radip amremap dolorsit64.www.local uredo uamni nisi [F5@onsecte acl_policy_name=iono acl_policy_type=secillum acl_rule_name=sequatD action=Established hostname=tse2979.internal.localhost bigip_mgmt_ip=10.242.121.165 context_name=aut context_type=eriti date_time=Aug 07 2019 16:01:23 dest_ip=10.88.229.78 dst_geo=imadmi dest_port=2642 device_product=tevelite device_vendor=cto device_version=1.2037 drop_reason=mquiado errdefs_msgno=agn errdefs_msg_name=dip flow_id=urmag ip_protocol=tcp severity=high partition_name=laboreet route_domain=tutlabo sa_translation_pool=incid sa_translation_type=der source_ip=10.83.105.69 src_geo=usm source_port=2153 source_user=mni translated_dest_ip=10.102.109.194 translated_dest_port=2324 translated_ip_protocol=nor translated_route_domain=saut translated_source_ip=10.60.224.93 translated_source_port=1508 translated_vlan=deomnis vlan=354", "tags": [ @@ -1094,10 +821,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450142426Z" + "version": "8.2.0" }, "message": "tla nimve edutpe1255.internal.lan nimadm cepte paquioff [F5@ictasun acl_policy_name=iumto acl_policy_type=ciun acl_rule_name=prehe action=Accept hostname=uisnostr2390.mail.domain bigip_mgmt_ip=10.251.167.219 context_name=eaco context_type=oremeu date_time=Aug 21 2019 23:03:57 dest_ip=10.14.251.18 dst_geo=tenbyCi dest_port=4371 device_product=citation device_vendor=spernatu device_version=1.7314 drop_reason=giatq errdefs_msgno=tion errdefs_msg_name=tNeque flow_id=uidolore ip_protocol=rdp severity=medium partition_name=usB route_domain=magnaali sa_translation_pool=istenatu sa_translation_type=roqui source_ip=10.17.20.93 src_geo=eritqu source_port=4368 source_user=Uteni translated_dest_ip=10.181.134.69 translated_dest_port=551 translated_ip_protocol=norum translated_route_domain=emUten translated_source_ip=10.219.174.45 translated_source_port=4055 translated_vlan=idolo vlan=968", "tags": [ @@ -1106,10 +830,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450143337Z" + "version": "8.2.0" }, "message": "mmodicon nisis edquia4523.www.host remap ntium veniamqu [F5@equat acl_policy_name=reeu acl_policy_type=atemacc acl_rule_name=rsitvolu action=Accept hostname=luptate4811.mail.example bigip_mgmt_ip=10.30.117.82 context_name=destlabo context_type=fficia date_time=Sep 05 2019 06:06:31 dest_ip=10.245.75.229 dst_geo=elaud dest_port=4916 device_product=eaqueip device_vendor=emUten device_version=1.596 drop_reason=itseddoe errdefs_msgno=iti errdefs_msg_name=evitaedi flow_id=ionulamc ip_protocol=tcp severity=high partition_name=culp route_domain=Ciceroin sa_translation_pool=aeco sa_translation_type=olores source_ip=10.223.99.90 src_geo=adminim source_port=4324 source_user=numqua translated_dest_ip=10.28.233.253 translated_dest_port=1159 translated_ip_protocol=mUten translated_route_domain=eursint translated_source_ip=10.37.14.20 translated_source_port=6531 translated_vlan=teurs vlan=4919", "tags": [ @@ -1118,10 +839,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450144230Z" + "version": "8.2.0" }, "message": "aaliq nos uaUteni562.www.test deF dutpe tseddoei [F5@byCi acl_policy_name=odic acl_policy_type=chitecto acl_rule_name=nimadm action=Closed hostname=lites1614.www.corp bigip_mgmt_ip=10.125.20.22 context_name=olu context_type=ectet date_time=Sep 19 2019 13:09:05 dest_ip=10.121.189.113 dst_geo=tess dest_port=4686 device_product=xeacom device_vendor=adminim device_version=1.95 drop_reason=henderi errdefs_msgno=rainc errdefs_msg_name=dminim flow_id=sse ip_protocol=tcp severity=high partition_name=umexe route_domain=Sedu sa_translation_pool=tetur sa_translation_type=ern source_ip=10.50.61.114 src_geo=nvento source_port=649 source_user=qua translated_dest_ip=10.57.85.113 translated_dest_port=1024 translated_ip_protocol=itquii translated_route_domain=psu translated_source_ip=10.8.32.17 translated_source_port=3788 translated_vlan=nem vlan=5883", "tags": [ @@ -1130,10 +848,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450145125Z" + "version": "8.2.0" }, "message": "sitasper agni ivelit1640.internal.lan iscive prehende volup [F5@nimi acl_policy_name=niamqu acl_policy_type=uioffi acl_rule_name=suntin action=Closed hostname=lorinrep7686.mail.corp bigip_mgmt_ip=10.200.28.55 context_name=ineavol context_type=abor date_time=Oct 03 2019 20:11:40 dest_ip=10.232.122.152 dst_geo=voluptat dest_port=1549 device_product=ipi device_vendor=lamcor device_version=1.3064 drop_reason=litesse errdefs_msgno=tam errdefs_msg_name=uovo flow_id=scivelit ip_protocol=icmp severity=low partition_name=empo route_domain=apa sa_translation_pool=colab sa_translation_type=sistenat source_ip=10.215.224.27 src_geo=Sedutper source_port=6726 source_user=ficiade translated_dest_ip=10.113.78.101 translated_dest_port=2707 translated_ip_protocol=amqua translated_route_domain=nsequatu translated_source_ip=10.181.63.82 translated_source_port=168 translated_vlan=tse vlan=4029", "tags": [ @@ -1142,10 +857,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450146027Z" + "version": "8.2.0" }, "message": "ueip amvo dolorsi306.www5.local tten erit asiarch [F5@tob acl_policy_name=tiae acl_policy_type=imipsamv acl_rule_name=doeiu action=Established hostname=nderit6272.mail.example bigip_mgmt_ip=10.177.14.106 context_name=natuser context_type=olupt date_time=Oct 18 2019 03:14:14 dest_ip=10.239.142.115 dst_geo=nsec dest_port=6720 device_product=siarchi device_vendor=etq device_version=1.4522 drop_reason=archit errdefs_msgno=nde errdefs_msg_name=tNequepo flow_id=byCicer ip_protocol=ipv6 severity=medium partition_name=ipit route_domain=tdolorem sa_translation_pool=nderitin sa_translation_type=mquiado source_ip=10.169.95.128 src_geo=reeufugi source_port=7737 source_user=ofd translated_dest_ip=10.139.20.223 translated_dest_port=114 translated_ip_protocol=porincid translated_route_domain=tisetqu translated_source_ip=10.243.43.168 translated_source_port=2110 translated_vlan=ehenderi vlan=2215", "tags": [ @@ -1154,10 +866,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450146911Z" + "version": "8.2.0" }, "message": "ipsu iden oreseo1541.mail.domain boriosam lites col [F5@litsedd acl_policy_name=mnis acl_policy_type=ainci acl_rule_name=aturve action=Established hostname=ntu1279.mail.lan bigip_mgmt_ip=10.92.168.198 context_name=rume context_type=uptate date_time=Nov 01 2019 10:16:48 dest_ip=10.115.225.57 dst_geo=orsit dest_port=3315 device_product=mnis device_vendor=tametco device_version=1.7456 drop_reason=inc errdefs_msgno=rroqui errdefs_msg_name=amr flow_id=mfug ip_protocol=tcp severity=low partition_name=mid route_domain=henderi sa_translation_pool=consec sa_translation_type=dquia source_ip=10.90.93.4 src_geo=rehe source_port=3382 source_user=adminima translated_dest_ip=10.39.100.88 translated_dest_port=5195 translated_ip_protocol=lup translated_route_domain=rsi translated_source_ip=10.18.176.44 translated_source_port=7284 translated_vlan=Utenimad vlan=4305", "tags": [ @@ -1166,10 +875,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450147837Z" + "version": "8.2.0" }, "message": "Bon amquisno mullam6505.www.localhost siarch oloremi ididu [F5@uov acl_policy_name=ncidid acl_policy_type=audantiu acl_rule_name=lmolest action=Reject hostname=essequam1161.domain bigip_mgmt_ip=10.49.68.8 context_name=temUte context_type=idest date_time=Nov 15 2019 17:19:22 dest_ip=10.8.247.249 dst_geo=enimip dest_port=3957 device_product=ataevit device_vendor=ficiad device_version=1.2909 drop_reason=taspe errdefs_msgno=empori errdefs_msg_name=mipsum flow_id=tium ip_protocol=tcp severity=very-high partition_name=ota route_domain=boriosa sa_translation_pool=eprehen sa_translation_type=rehen source_ip=10.163.203.191 src_geo=exeacom source_port=2599 source_user=tlab translated_dest_ip=10.193.43.135 translated_dest_port=4650 translated_ip_protocol=iaeconse translated_route_domain=onevol translated_source_ip=10.173.13.179 translated_source_port=1211 translated_vlan=ptasn vlan=3791", "tags": [ @@ -1178,10 +884,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450148756Z" + "version": "8.2.0" }, "message": "ctetur amqui itatise2264.invalid lup cipitla niam [F5@mullamc acl_policy_name=umtota acl_policy_type=ssecil acl_rule_name=xplic action=Closed hostname=cipitl2184.localdomain bigip_mgmt_ip=10.240.47.113 context_name=uisnost context_type=snul date_time=Nov 30 2019 00:21:57 dest_ip=10.191.241.249 dst_geo=Loremips dest_port=4361 device_product=tiset device_vendor=ciade device_version=1.7726 drop_reason=equ errdefs_msgno=rror errdefs_msg_name=Exce flow_id=uae ip_protocol=ggp severity=high partition_name=umdol route_domain=nseq sa_translation_pool=autodita sa_translation_type=loreme source_ip=10.84.64.28 src_geo=par source_port=3938 source_user=ull translated_dest_ip=10.209.226.7 translated_dest_port=7745 translated_ip_protocol=aeabi translated_route_domain=ore translated_source_ip=10.31.147.51 translated_source_port=7780 translated_vlan=ptate vlan=3154", "tags": [ @@ -1190,10 +893,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:15:04.450149670Z" + "version": "8.2.0" }, "message": "fugit dantiu ntutla1447.invalid strude rautodi Loremips [F5@mestqui acl_policy_name=tect acl_policy_type=odtem acl_rule_name=ite action=Closed hostname=item3647.home bigip_mgmt_ip=10.32.20.4 context_name=olupta context_type=dents date_time=Dec 14 2019 07:24:31 dest_ip=10.166.40.137 dst_geo=oremipsu dest_port=5644 device_product=idolor device_vendor=tionem device_version=1.292 drop_reason=oinB errdefs_msgno=tateve errdefs_msg_name=rsitvo flow_id=enatuser ip_protocol=tcp severity=high partition_name=sistena route_domain=reetdolo sa_translation_pool=psam sa_translation_type=litseddo source_ip=10.225.189.229 src_geo=odtem source_port=2287 source_user=odtemp translated_dest_ip=10.86.1.244 translated_dest_port=7101 translated_ip_protocol=rinci translated_route_domain=uamestqu translated_source_ip=10.52.13.192 translated_source_port=4714 translated_vlan=remagna vlan=439", "tags": [ diff --git a/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml b/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml index 53334cab946..83abac1b4c9 100644 --- a/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/f5/data_stream/bigipafm/elasticsearch/ingest_pipeline/default.yml @@ -2,13 +2,9 @@ description: Pipeline for Big-IP Advanced Firewall Manager processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/f5/data_stream/bigipafm/sample_event.json b/packages/f5/data_stream/bigipafm/sample_event.json index 8687261045b..8fd740debdb 100644 --- a/packages/f5/data_stream/bigipafm/sample_event.json +++ b/packages/f5/data_stream/bigipafm/sample_event.json @@ -23,7 +23,7 @@ "port": 2288 }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json b/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json index e5f44726ded..c7952fa52ed 100644 --- a/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/f5/data_stream/bigipapm/_dev/test/pipeline/test-generated.log-expected.json @@ -2,10 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921817979Z" + "version": "8.2.0" }, "message": "January 2016/01/29 06:09:59 aliqu high equepor[6720]: 01490106: :dolore: sequa: AD module: authentication with 'abo' failed: Preauthentication failed, principal name: squira. success reeufugi", "tags": [ @@ -14,10 +11,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921820910Z" + "version": "8.2.0" }, "message": "February 2016/02/12 13:12:33 billoi medium orev[6153]: 01490504: :tatemU: deF: sist1803.mail.local can not be resolved.", "tags": [ @@ -26,10 +20,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921821987Z" + "version": "8.2.0" }, "message": "February 2016/02/26 20:15:08 aqui low sSMTP[1166]: isetq", "tags": [ @@ -38,10 +29,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921822907Z" + "version": "8.2.0" }, "message": "March 2016/03/12 03:17:42 seq high crond[5738]: (ccaecat) veleumi", "tags": [ @@ -50,10 +38,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921823834Z" + "version": "8.2.0" }, "message": "March 2016/03/26 10:20:16 ude very-high veri[5990]: 01490113: :tempo: inv: session.user.clientip is 10.134.175.248", "tags": [ @@ -62,10 +47,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921824739Z" + "version": "8.2.0" }, "message": "April 2016/04/09 17:22:51 lupta low rsitvolu[2044]: 01490128: :pori: occ: Webtop ect assigned", "tags": [ @@ -74,10 +56,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921825639Z" + "version": "8.2.0" }, "message": "April 2016/04/24 00:25:25 aedic high gni: [syslog-ng]", "tags": [ @@ -86,10 +65,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921826538Z" + "version": "8.2.0" }, "message": "May 2016/05/08 07:27:59 labor low isqu: 01490167: :uis: Current snapshot ID: idolore updated inside session db for access profile: onse", "tags": [ @@ -98,10 +74,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921827427Z" + "version": "8.2.0" }, "message": "May 2016/05/22 14:30:33 metcon low emeumfug[6823]: 01490505: :emporinc: untutlab: tem", "tags": [ @@ -110,10 +83,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921828314Z" + "version": "8.2.0" }, "message": "June 2016/06/05 21:33:08 tessec very-high ali[6446]: sSMTP: ", "tags": [ @@ -122,10 +92,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921829214Z" + "version": "8.2.0" }, "message": "June 2016/06/20 04:35:42 riat medium atvol[98]: 014d0044: :uames: tati", "tags": [ @@ -134,10 +101,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921830269Z" + "version": "8.2.0" }, "message": "July 2016/07/04 11:38:16 sinto very-high CSed[2857]: 01490514: :utlabore: ecillu: Access encountered error: success. File: mnisist, Function: deny, Line: icons", "tags": [ @@ -146,10 +110,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921831193Z" + "version": "8.2.0" }, "message": "July 2016/07/18 18:40:50 lum high CROND[1675]: (sitvolup) CMD (cancel)", "tags": [ @@ -158,10 +119,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921832100Z" + "version": "8.2.0" }, "message": "August 2016/08/02 01:43:25 uipe very-high siarchi[2289]: 01490500: :aliqu: olupta:mipsumd:eFinib: New session from client IP 10.204.123.107 (ST=saute/CC=ercit/C=usmodt) at VIP 10.225.160.182 Listener mque", "tags": [ @@ -170,10 +128,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921832996Z" + "version": "8.2.0" }, "message": "August 2016/08/16 08:45:59 dol high quiratio[3386]: 01490511: :tisetq: tevelite: Initializing Access profile orporiss with max concurrent user sessions limit: 4739", "tags": [ @@ -182,10 +137,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921833894Z" + "version": "8.2.0" }, "message": "August 2016/08/30 15:48:33 paquioff medium derit[4688]: 01490544: :hende: piscin: Received client info - https://mail.example.com/laboree/tfu.html?liqu=eporr#xeacomm", "tags": [ @@ -194,10 +146,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921834909Z" + "version": "8.2.0" }, "message": "September 2016/09/13 22:51:07 fugiatnu high tobea[2364]: 014d0001: :tateve: ctx: itinvol, SERVER : eavolup", "tags": [ @@ -206,10 +155,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921835820Z" + "version": "8.2.0" }, "message": "September 2016/09/28 05:53:42 remag very-high abor[5983]: 01490103: :tquiin: tse: Retry Username 'tenimad'", "tags": [ @@ -218,10 +164,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921836716Z" + "version": "8.2.0" }, "message": "October 2016/10/12 12:56:16 niamqui low amcol[5625]: 01490113: :ipisci: gitsed: session.server.network.port is 4374", "tags": [ @@ -230,10 +173,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921837616Z" + "version": "8.2.0" }, "message": "October 2016/10/26 19:58:50 nturma low cusant[4946]: 01490106: :etur: itecto: AD module: authentication with 'reetdol' failed: Preauthentication failed, principal name: totamre. success ercita", "tags": [ @@ -242,10 +182,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921838513Z" + "version": "8.2.0" }, "message": "November 2016/11/10 03:01:24 proiden medium mvele[5737]: 014d0044: :aco: tio", "tags": [ @@ -254,10 +191,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921839409Z" + "version": "8.2.0" }, "message": "November 2016/11/24 10:03:59 quaea very-high mvel[1188]: 01490520: :porinc: tetur: xce", "tags": [ @@ -266,10 +200,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921840307Z" + "version": "8.2.0" }, "message": "December 2016/12/08 17:06:33 aincidu very-high uaeab[5960]: 01490008: :licabo: enimadmi: Connectivity resource utaliqu assigned", "tags": [ @@ -278,10 +209,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921846639Z" + "version": "8.2.0" }, "message": "December 2016/12/23 00:09:07 cola high oremi[1485]: 01490128: :ineavol: iosa: Webtop boNemoe assigned", "tags": [ @@ -290,10 +218,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921847620Z" + "version": "8.2.0" }, "message": "January 2017/01/06 07:11:41 Nequepor medium rem[5461]: 01490538: :esseq: adminima: Configuration snapshot deleted by Access.", "tags": [ @@ -302,10 +227,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921848550Z" + "version": "8.2.0" }, "message": "January 2017/01/20 14:14:16 ptateve very-high miurerep: 01490165: :toccaec: Access profile: fugi initialized with configuration snapshot catalog: labo", "tags": [ @@ -314,10 +236,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921849471Z" + "version": "8.2.0" }, "message": "February 2017/02/03 21:16:50 sBono high equ[4808]: 01490005: :amvo: siuta: Following rule urmagn from item dquia to ending temporin", "tags": [ @@ -326,10 +245,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921850457Z" + "version": "8.2.0" }, "message": "February 2017/02/18 04:19:24 iruredol very-high derit[5270]: 01490106: :atquo: cupi: AD module: authentication with 'strude' failed in allow: Preauthentication failed, principal name: dunt. success yCic", "tags": [ @@ -338,10 +254,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921851369Z" + "version": "8.2.0" }, "message": "March 2017/03/04 11:21:59 unte very-high ueipsa[748]: 011f0005: :cti: failure (Client side: vip=https://www5.example.com/olli/rever.html?rsp=oluptat#metco profile=ipv6-icmp pool=edolorin client_ip=10.104.110.134)", "tags": [ @@ -350,10 +263,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921852301Z" + "version": "8.2.0" }, "message": "March 2017/03/18 18:24:33 ptasnula high syslog-ng[2638]: ill", "tags": [ @@ -362,10 +272,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921853234Z" + "version": "8.2.0" }, "message": "April 2017/04/02 01:27:07 caboNem medium laudan[7589]: 01490107: :oconse: mag: AD module: authentication with 'tob' failed: Client 'dolores2519.mail.host' not found in Kerberos database, principal name:deF itempo", "tags": [ @@ -374,10 +281,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921854129Z" + "version": "8.2.0" }, "message": "April 2017/04/16 08:29:41 meaque high mip[5899]: 01490107: :lamc: mvolupta: AD module: authentication with 'Utenima' failed: Clients credentials have been revoked, principal name: iqua@luptat2979.internal.local. unknown cididu", "tags": [ @@ -386,10 +290,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921855025Z" + "version": "8.2.0" }, "message": "April 2017/04/30 15:32:16 atDuis medium nisiut: 01490166: :rumwri: Current snapshot ID: velill retrieved from session db for access profile: ore", "tags": [ @@ -398,10 +299,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921855929Z" + "version": "8.2.0" }, "message": "May 2017/05/14 22:34:50 uptat high amquisno: 0149016b: :uido: Completed snapshot creation: tla for access profile: mquiad", "tags": [ @@ -410,10 +308,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921856995Z" + "version": "8.2.0" }, "message": "May 2017/05/29 05:37:24 atur very-high ditau[4727]: 01490514: :piscivel: hend: Access encountered error: success. File: cepteur, Function: accept, Line: maliqu", "tags": [ @@ -422,10 +317,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921857923Z" + "version": "8.2.0" }, "message": "June 2017/06/12 12:39:58 acon very-high sun[5971]: 01490501: :labori: porai: umiure", "tags": [ @@ -434,10 +326,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921858821Z" + "version": "8.2.0" }, "message": "June 2017/06/26 19:42:33 eufug low uido[4318]: 01490500: :ici: snulap: New session from client IP 10.122.204.151 (ST=writte/CC=sitvo/C=ine) at VIP 10.169.101.161 Listener itessequ", "tags": [ @@ -446,10 +335,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921860Z" + "version": "8.2.0" }, "message": "July 2017/07/11 02:45:07 udan low essequam[3682]: 01490113: :urQuis: etcon: session.server.network.protocol is onsequu", "tags": [ @@ -458,10 +344,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921860903Z" + "version": "8.2.0" }, "message": "July 2017/07/25 09:47:41 gelitse very-high arc[2412]: 01490013: :radip: upta: AD agent: Retrieving AAA server: tetura", "tags": [ @@ -470,10 +353,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921861812Z" + "version": "8.2.0" }, "message": "August 2017/08/08 16:50:15 imavenia low mquido[5899]: 01490517: :rnat: rur: success", "tags": [ @@ -482,10 +362,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921862707Z" + "version": "8.2.0" }, "message": "August 2017/08/22 23:52:50 nonn high met[1580]: 01420002: : AUDIT - pid=2037 user=ptate folder=entsu module=conse status=failure cmd_data=ntut", "tags": [ @@ -494,10 +371,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921863614Z" + "version": "8.2.0" }, "message": "September 2017/09/06 06:55:24 iconsequ high idunt[571]: 01490549: :siuta: atev: Assigned PPP Dynamic IPv4: 10.6.32.7 Tunnel Type: exerci inesciu Resource: quid Client IP: 10.198.70.58 - orem", "tags": [ @@ -506,10 +380,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921864511Z" + "version": "8.2.0" }, "message": "September 2017/09/20 13:57:58 reetdo medium lup[5051]: 01260009: :eos: Connection error:ipitlabo", "tags": [ @@ -518,10 +389,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921865403Z" + "version": "8.2.0" }, "message": "October 2017/10/04 21:00:32 reprehen very-high syslog-ng[6438]: imid", "tags": [ @@ -530,10 +398,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921866295Z" + "version": "8.2.0" }, "message": "October 2017/10/19 04:03:07 sunt very-high aturQu[7083]: 01490128: :tDuis: iqu: Webtop oriosamn assigned", "tags": [ @@ -542,10 +407,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921867193Z" + "version": "8.2.0" }, "message": "November 2017/11/02 11:05:41 iquip very-high sedquian[4212]: 01490004: :etdolore: magnaa: Executed agent 'sumquiad', return value iusmodt", "tags": [ @@ -554,10 +416,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921868084Z" + "version": "8.2.0" }, "message": "November 2017/11/16 18:08:15 equam low eaqueip[5207]: 01490538: :aevitaed: byCic: Configuration snapshot deleted by Access.", "tags": [ @@ -566,10 +425,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921868974Z" + "version": "8.2.0" }, "message": "December 2017/12/01 01:10:49 xerc high eturad[1760]: 01490506: :nvol: enimadmi: Received User-Agent header: mobmail android 2.1.3.3150", "tags": [ @@ -578,10 +434,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921869920Z" + "version": "8.2.0" }, "message": "December 2017/12/15 08:13:24 sumdolo medium rors[1935]: 01490538: :oremque: quaU: Configuration snapshot deleted by Access.", "tags": [ @@ -590,10 +443,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921870869Z" + "version": "8.2.0" }, "message": "December 2017/12/29 15:15:58 ioff medium quioff: 0149016a: :iuntN: Initiating snapshot creation: ipis for access profile: itautfu", "tags": [ @@ -602,10 +452,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921871872Z" + "version": "8.2.0" }, "message": "January 2018/01/12 22:18:32 rchit medium roquisqu[5924]: 01490005: :iquid: evo: Following rule mcorpori from item mqu to ending pteursi", "tags": [ @@ -614,10 +461,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921872783Z" + "version": "8.2.0" }, "message": "January 2018/01/27 05:21:06 itessequ low fdeFinib[2580]: 01490128: :sumd: sectetur: Webtop edquian assigned", "tags": [ @@ -626,10 +470,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921873672Z" + "version": "8.2.0" }, "message": "February 2018/02/10 12:23:41 quiav low rit: 0149016a: :eumfu: Initiating snapshot creation: lors for access profile: oluptat", "tags": [ @@ -638,10 +479,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921874569Z" + "version": "8.2.0" }, "message": "February 2018/02/24 19:26:15 oeiusmo very-high cusanti[5019]: 01420002: : AUDIT - pid=4996 user=rem folder=tseddoei module=teursint status=success cmd_data=remagnaa", "tags": [ @@ -650,10 +488,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921875488Z" + "version": "8.2.0" }, "message": "March 2018/03/11 02:28:49 ore low ovolupta: 0149016b: :volup: Completed snapshot creation: macc for access profile: ria", "tags": [ @@ -662,10 +497,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921876391Z" + "version": "8.2.0" }, "message": "March 2018/03/25 09:31:24 uisau high irat[2943]: 01490549: :emsequi: ueporroq: Assigned PPP Dynamic IPv4: 10.142.213.80 Tunnel Type: tationu gnaaliq Resource: olore Client IP: 10.16.181.60 - ameaquei", "tags": [ @@ -674,10 +506,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921877293Z" + "version": "8.2.0" }, "message": "April 2018/04/08 16:33:58 liq low mvolupta: syslog-ng: ", "tags": [ @@ -686,10 +515,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921878187Z" + "version": "8.2.0" }, "message": "April 2018/04/22 23:36:32 exe high illum[2625]: 01490101: :emi: reprehen: Access profile: tvol configuration has been applied. Newly active generation count is: 5959", "tags": [ @@ -698,10 +524,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921879079Z" + "version": "8.2.0" }, "message": "May 2018/05/07 06:39:06 iumt medium nulapari[1973]: 01490500: :tsunt: rnat:oremi:ectobeat: New session from client IP 10.187.64.126 (ST=uasiarch/CC=Malor/C=boriosa) at VIP 10.47.99.72 Listener upt (Reputation=oremipsu)", "tags": [ @@ -710,10 +533,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921879970Z" + "version": "8.2.0" }, "message": "May 2018/05/21 13:41:41 sint low auditd[3376]: ctobeat", "tags": [ @@ -722,10 +542,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921880921Z" + "version": "8.2.0" }, "message": "June 2018/06/04 20:44:15 lorumw high tdolo[3872]: syslog-ng: ", "tags": [ @@ -734,10 +551,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921881816Z" + "version": "8.2.0" }, "message": "June 2018/06/19 03:46:49 namaliqu medium aeca[4543]: 014d0044: :autemv: sciveli", "tags": [ @@ -746,10 +560,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921882735Z" + "version": "8.2.0" }, "message": "July 2018/07/03 10:49:23 piciati medium ntin[4646]: 01260009: :rcitat: Connection error:cinge", "tags": [ @@ -758,10 +569,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921883658Z" + "version": "8.2.0" }, "message": "July 2018/07/17 17:51:58 iqui low litani[3126]: 01490142: :itanimi: onoru: data", "tags": [ @@ -770,10 +578,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921884584Z" + "version": "8.2.0" }, "message": "August 2018/08/01 00:54:32 uptatem high ruredol: 01490079: :iadeseru: loremagn: Access policy 'acons' configuration has changed.Access profile 'nimadmi' configuration changes need to be applied for the new configuration", "tags": [ @@ -782,10 +587,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921885491Z" + "version": "8.2.0" }, "message": "August 2018/08/15 07:57:06 lupt very-high eavolupt: 01490167: :uipe: Current snapshot ID: ipsa updated inside session db for access profile: con", "tags": [ @@ -794,10 +596,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921886386Z" + "version": "8.2.0" }, "message": "August 2018/08/29 14:59:40 nesciu low ssequ[4877]: 01490008: :emse: emqui: Connectivity resource cipitla assigned", "tags": [ @@ -806,10 +605,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921887285Z" + "version": "8.2.0" }, "message": "September 2018/09/12 22:02:15 ionevo high ptate[52]: 01490102: :uira: todita: Access policy result: failure", "tags": [ @@ -818,10 +614,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921888173Z" + "version": "8.2.0" }, "message": "September 2018/09/27 05:04:49 iqu low tatis[7767]: 01490113: :reeufugi: sequines: session.server.network.protocol is minimve", "tags": [ @@ -830,10 +623,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921889067Z" + "version": "8.2.0" }, "message": "October 2018/10/11 12:07:23 aborio low setquas: 014d0002: :nbyCi: runtmoll: SSOv2 Logon failed, config busBon form norumetM", "tags": [ @@ -842,10 +632,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921889965Z" + "version": "8.2.0" }, "message": "October 2018/10/25 19:09:57 billoinv high deomn[904]: 01490113: :mali: roinBCSe: session.server.network.port is 3959", "tags": [ @@ -854,10 +641,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921890864Z" + "version": "8.2.0" }, "message": "November 2018/11/09 02:12:32 rch high sedd: 01490079: :atione: tvolup: Access policy 'oremeu' configuration has changed.Access profile 'lab' configuration changes need to be applied for the new configuration", "tags": [ @@ -866,10 +650,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921891748Z" + "version": "8.2.0" }, "message": "November 2018/11/23 09:15:06 urau medium upt[4762]: 01490538: :itaedict: eroi: Configuration snapshot deleted by Access.", "tags": [ @@ -878,10 +659,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921892652Z" + "version": "8.2.0" }, "message": "December 2018/12/07 16:17:40 reetdo low nidol[4345]: 01490113: :writtenb: atevelit: session.server.listener.name is ugitsed", "tags": [ @@ -890,10 +668,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921893670Z" + "version": "8.2.0" }, "message": "December 2018/12/21 23:20:14 uatDuisa high ano[4054]: 01490102: :uunturm: iatn: Access policy result: unknown", "tags": [ @@ -902,10 +677,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921894572Z" + "version": "8.2.0" }, "message": "January 2019/01/05 06:22:49 psum very-high exerci[3923]: 01490113: :lumqu: moen: session.oinvento", "tags": [ @@ -914,10 +686,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921895469Z" + "version": "8.2.0" }, "message": "January 2019/01/19 13:25:23 volup very-high crond[4071]: (iconsequ) CMD (block)", "tags": [ @@ -926,10 +695,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921896359Z" + "version": "8.2.0" }, "message": "February 2019/02/02 20:27:57 archite high rem[6473]: 01490008: :emp: inBC: Connectivity resource did assigned", "tags": [ @@ -938,10 +704,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921897319Z" + "version": "8.2.0" }, "message": "February 2019/02/17 03:30:32 etconse medium uinesci: 0149016a: :otamr: Initiating snapshot creation: tsed for access profile: rExc", "tags": [ @@ -950,10 +713,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921898206Z" + "version": "8.2.0" }, "message": "March 2019/03/03 10:33:06 omnisis very-high uptatema[7023]: 01490501: :stiaec: Cicero: ven", "tags": [ @@ -962,10 +722,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921899120Z" + "version": "8.2.0" }, "message": "March 2019/03/17 17:35:40 cons low ine[870]: 011f0005: :amquisn: success (Client side: vip=https://example.net/equamn/scipi.txt?eiu=maliquam#gnama profile=rdp pool=squamest client_ip=10.24.113.101)", "tags": [ @@ -974,10 +731,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921900032Z" + "version": "8.2.0" }, "message": "April 2019/04/01 00:38:14 uelaudan low teiru[4918]: 014d0044: :orinrep: pta", "tags": [ @@ -986,10 +740,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921900918Z" + "version": "8.2.0" }, "message": "April 2019/04/15 07:40:49 sis very-high rchite[7405]: 01490521: :rvelill: rors: Session statistics - bytes in:6092, bytes out: 1363", "tags": [ @@ -998,10 +749,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921901816Z" + "version": "8.2.0" }, "message": "April 2019/04/29 14:43:23 Nequepo high CROND[2977]: (emac) CMD (cancel)", "tags": [ @@ -1010,10 +758,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921902730Z" + "version": "8.2.0" }, "message": "May 2019/05/13 21:45:57 isci high ugiatn: 0149016b: :squa: Completed snapshot creation: deseru for access profile: aquioff", "tags": [ @@ -1022,10 +767,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921903625Z" + "version": "8.2.0" }, "message": "May 2019/05/28 04:48:31 onsequat high giatq[7733]: 01490106: :imad: tura: AD module: authentication with 'equuntur' failed: Preauthentication failed, principal name: rve. success mqua", "tags": [ @@ -1034,10 +776,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921904554Z" + "version": "8.2.0" }, "message": "June 2019/06/11 11:51:06 utlabore very-high exea[2867]: 01490008: :amquisn: itquii: Connectivity resource imaven assigned", "tags": [ @@ -1046,10 +785,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921905454Z" + "version": "8.2.0" }, "message": "June 2019/06/25 18:53:40 lloinve low nim[7673]: 01490511: :edquiac: psamvolu: Initializing Access profile teturad with max concurrent user sessions limit: 7783", "tags": [ @@ -1058,10 +794,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921906356Z" + "version": "8.2.0" }, "message": "July 2019/07/10 01:56:14 tatemse low vitae[72]: 01490000: :samvolu: dip", "tags": [ @@ -1070,10 +803,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921907253Z" + "version": "8.2.0" }, "message": "July 2019/07/24 08:58:48 Dui medium nostrude[7057]: 01490007: :ione: ecillum: Session variable 'maccu' set to ame", "tags": [ @@ -1082,10 +812,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921908142Z" + "version": "8.2.0" }, "message": "August 2019/08/07 16:01:23 reprehe medium enimipsa[2698]: 01490521: :samn: quisnos: Session statistics - bytes in:2132, bytes out: 2552", "tags": [ @@ -1094,10 +821,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921909041Z" + "version": "8.2.0" }, "message": "August 2019/08/21 23:03:57 Nequepor low temseq[613]: 01490019: :ostrumex: suscipi: AD agent: Query: query with '(sAMAccountName=xplicabo)' successful", "tags": [ @@ -1106,10 +830,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921909972Z" + "version": "8.2.0" }, "message": "September 2019/09/05 06:06:31 ameaquei very-high uelaud[1306]: 01490544: :ameiu: utei: Received client info - https://internal.example.net/lumquid/oluptat.jpg?equepor=iosamn#erspicia", "tags": [ @@ -1118,10 +839,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921910889Z" + "version": "8.2.0" }, "message": "September 2019/09/19 13:09:05 psumqui high ncu: 01490079: :quaturve: ciad: Access policy 'diconseq' configuration has changed.Access profile 'utod' configuration changes need to be applied for the new configuration", "tags": [ @@ -1130,10 +848,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921911787Z" + "version": "8.2.0" }, "message": "October 2019/10/03 20:11:40 giatquo low dipisciv[5944]: 01490013: :atquo: umetMa: AD agent: Retrieving AAA server: ngelitse", "tags": [ @@ -1142,10 +857,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921912681Z" + "version": "8.2.0" }, "message": "October 2019/10/18 03:14:14 tem very-high giatnula[71]: Rule: enimadmi \u003c\u003cqui\u003e: APM_EVENT=deny | aecon | sedq ***failure***", "tags": [ @@ -1154,10 +866,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921913571Z" + "version": "8.2.0" }, "message": "November 2019/11/01 10:16:48 erc low tasnu: [syslog-ng]", "tags": [ @@ -1166,10 +875,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921914461Z" + "version": "8.2.0" }, "message": "November 2019/11/15 17:19:22 ationevo very-high datatno[3538]: 01490019: :siar: orisnis: AD agent: Query: query with '(sAMAccountName=texp)' successful", "tags": [ @@ -1178,10 +884,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921915365Z" + "version": "8.2.0" }, "message": "November 2019/11/30 00:21:57 pidat very-high sSMTP[6673]: ptateve", "tags": [ @@ -1190,10 +893,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:19:14.921916253Z" + "version": "8.2.0" }, "message": "December 2019/12/14 07:24:31 olupta medium oremagn[2121]: 01490106: :itseddo: uptatev: AD module: authentication with 'oditem' failed in allow: Preauthentication failed, principal name: inimaven. failure olor", "tags": [ diff --git a/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml b/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml index f9f6a628793..18ba4c488a5 100644 --- a/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml +++ b/packages/f5/data_stream/bigipapm/elasticsearch/ingest_pipeline/default.yml @@ -2,13 +2,9 @@ description: Pipeline for Big-IP Access Policy Manager processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/f5/data_stream/bigipapm/sample_event.json b/packages/f5/data_stream/bigipapm/sample_event.json index 90517ef0296..9cc483e9154 100644 --- a/packages/f5/data_stream/bigipapm/sample_event.json +++ b/packages/f5/data_stream/bigipapm/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/f5/manifest.yml b/packages/f5/manifest.yml index fd8f8d0cb10..5293560f166 100644 --- a/packages/f5/manifest.yml +++ b/packages/f5/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: f5 title: F5 Logs -version: 0.8.0 +version: 0.9.0 description: Collect and parse logs from F5 devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/fireeye/_dev/build/build.yml b/packages/fireeye/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/fireeye/_dev/build/build.yml +++ b/packages/fireeye/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/fireeye/changelog.yml b/packages/fireeye/changelog.yml index ad0171aa23f..7c5d56a68be 100644 --- a/packages/fireeye/changelog.yml +++ b/packages/fireeye/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "1.2.4" changes: - description: Move invalid field values diff --git a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json index aaaf3deabe5..a5c10f1a94c 100644 --- a/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json +++ b/packages/fireeye/data_stream/nx/_dev/test/pipeline/test-nx.log-expected.json @@ -10,7 +10,7 @@ "port": 10001 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "port": 123 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -144,7 +144,7 @@ "port": 10001 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -217,7 +217,7 @@ "port": 5938 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -299,7 +299,7 @@ "port": 123 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -370,7 +370,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -481,7 +481,7 @@ "port": 5601 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -589,7 +589,7 @@ "type": "query" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml b/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml index 011d76d056d..208d849700e 100644 --- a/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml +++ b/packages/fireeye/data_stream/nx/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing FireEye NX logs processors: - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - set: field: observer.vendor value: "Fireeye" diff --git a/packages/fireeye/data_stream/nx/sample_event.json b/packages/fireeye/data_stream/nx/sample_event.json index 71dbaa267c4..ba14e797366 100644 --- a/packages/fireeye/data_stream/nx/sample_event.json +++ b/packages/fireeye/data_stream/nx/sample_event.json @@ -20,7 +20,7 @@ "port": 10001 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/fireeye/docs/README.md b/packages/fireeye/docs/README.md index 7fca93a95ef..7160a3ef4c2 100644 --- a/packages/fireeye/docs/README.md +++ b/packages/fireeye/docs/README.md @@ -193,7 +193,7 @@ An example event for `nx` looks as following: "port": 10001 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/fireeye/manifest.yml b/packages/fireeye/manifest.yml index 0ab24a7a190..382b78c79ce 100644 --- a/packages/fireeye/manifest.yml +++ b/packages/fireeye/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: fireeye title: "Fireeye" -version: 1.2.4 +version: 1.3.0 license: basic description: "This Elastic integration collects Fireeye NX logs." type: integration diff --git a/packages/gcp/_dev/build/build.yml b/packages/gcp/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/gcp/_dev/build/build.yml +++ b/packages/gcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/gcp/changelog.yml b/packages/gcp/changelog.yml index c50f56c340d..22003e585cd 100644 --- a/packages/gcp/changelog.yml +++ b/packages/gcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "1.5.1" changes: - description: Add documentation for multi-fields diff --git a/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 48dd58fa71e..5a103890d93 100644 --- a/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/gcp/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -8,12 +8,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GetResourceBillingInfo", "id": "-uihnmjctwo", - "ingested": "2022-03-01T09:43:13.539798700Z", "kind": "event", "original": "{\"insertId\":\"-uihnmjctwo\",\"logName\":\"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access\",\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"resourcemanager.projects.get\",\"resource\":\"projects/elastic-beats\",\"resourceAttributes\":{}}],\"methodName\":\"GetResourceBillingInfo\",\"request\":{\"@type\":\"type.googleapis.com/google.internal.cloudbilling.billingaccount.v1.GetResourceBillingInfoRequest\",\"resourceName\":\"projects/189716325846\"},\"requestMetadata\":{\"callerIp\":\"192.168.1.1\",\"destinationAttributes\":{},\"requestAttributes\":{}},\"resourceName\":\"projects/elastic-beats\",\"serviceName\":\"cloudbilling.googleapis.com\",\"status\":{}},\"receiveTimestamp\":\"2019-12-19T00:49:36.313482371Z\",\"resource\":{\"labels\":{\"project_id\":\"elastic-beats\"},\"type\":\"project\"},\"severity\":\"INFO\",\"timestamp\":\"2019-12-19T00:49:36.086Z\"}", "outcome": "success" @@ -67,12 +66,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "beta.compute.machineTypes.aggregatedList", "id": "-h6onuze1h7dg", - "ingested": "2022-03-01T09:43:13.539808200Z", "kind": "event", "original": "{\"insertId\":\"-h6onuze1h7dg\",\"logName\":\"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access\",\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\"},\"authorizationInfo\":[{\"granted\":false,\"permission\":\"compute.machineTypes.list\",\"resourceAttributes\":{\"name\":\"projects/elastic-beats\",\"service\":\"resourcemanager\",\"type\":\"resourcemanager.projects\"}}],\"methodName\":\"beta.compute.machineTypes.aggregatedList\",\"numResponseItems\":\"71\",\"request\":{\"@type\":\"type.googleapis.com/compute.machineTypes.aggregatedList\"},\"requestMetadata\":{\"callerIp\":\"192.168.1.1\",\"callerSuppliedUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)\",\"destinationAttributes\":{},\"requestAttributes\":{\"auth\":{},\"time\":\"2019-12-19T00:45:51.711Z\"}},\"resourceLocation\":{\"currentLocations\":[\"global\"]},\"resourceName\":\"projects/elastic-beats/global/machineTypes\",\"serviceName\":\"compute.googleapis.com\"},\"receiveTimestamp\":\"2019-12-19T00:45:52.367887078Z\",\"resource\":{\"labels\":{\"location\":\"global\",\"method\":\"compute.machineTypes.aggregatedList\",\"project_id\":\"elastic-beats\",\"service\":\"compute.googleapis.com\",\"version\":\"beta\"},\"type\":\"api\"},\"severity\":\"INFO\",\"timestamp\":\"2019-12-19T00:45:51.228Z\"}", "outcome": "failure" @@ -149,12 +147,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "beta.compute.instances.aggregatedList", "id": "yonau2dg2zi", - "ingested": "2022-03-01T09:43:13.539812Z", "kind": "event", "original": "{\"insertId\":\"yonau2dg2zi\",\"logName\":\"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access\",\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"compute.instances.list\",\"resourceAttributes\":{\"name\":\"projects/elastic-beats\",\"service\":\"resourcemanager\",\"type\":\"resourcemanager.projects\"}}],\"methodName\":\"beta.compute.instances.aggregatedList\",\"numResponseItems\":\"61\",\"request\":{\"@type\":\"type.googleapis.com/compute.instances.aggregatedList\"},\"requestMetadata\":{\"callerIp\":\"192.168.1.1\",\"callerSuppliedUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)\",\"destinationAttributes\":{},\"requestAttributes\":{\"auth\":{},\"time\":\"2019-12-19T00:44:25.198Z\"}},\"response\":{\"@type\":\"core.k8s.io/v1.Status\",\"apiVersion\":\"v1\",\"details\":{\"group\":\"batch\",\"kind\":\"jobs\",\"name\":\"gsuite-exporter-1589294700\",\"uid\":\"2beff34a-945f-11ea-bacf-42010a80007f\"},\"kind\":\"Status\",\"metadata\":{},\"status\":\"Success\"},\"resourceLocation\":{\"currentLocations\":[\"global\"]},\"resourceName\":\"projects/elastic-beats/global/instances\",\"serviceName\":\"compute.googleapis.com\"},\"receiveTimestamp\":\"2019-12-19T00:44:25.262379373Z\",\"resource\":{\"labels\":{\"location\":\"global\",\"method\":\"compute.instances.aggregatedList\",\"project_id\":\"elastic-beats\",\"service\":\"compute.googleapis.com\",\"version\":\"beta\"},\"type\":\"api\"},\"severity\":\"INFO\",\"timestamp\":\"2019-12-19T00:44:25.051Z\"}", "outcome": "success" @@ -243,12 +240,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "beta.compute.instances.aggregatedList", "id": "yonau3dc2zi", - "ingested": "2022-03-01T09:43:13.539818Z", "kind": "event", "original": "{\"insertId\":\"yonau3dc2zi\",\"logName\":\"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access\",\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\"},\"authorizationInfo\":[{\"permission\":\"compute.instances.list\",\"resourceAttributes\":{\"name\":\"projects/elastic-beats\",\"service\":\"resourcemanager\",\"type\":\"resourcemanager.projects\"}}],\"methodName\":\"beta.compute.instances.aggregatedList\",\"numResponseItems\":\"61\",\"request\":{\"@type\":\"type.googleapis.com/compute.instances.aggregatedList\"},\"requestMetadata\":{\"callerIp\":\"192.168.1.1\",\"callerSuppliedUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)\",\"destinationAttributes\":{},\"requestAttributes\":{\"auth\":{},\"time\":\"2019-12-19T00:44:25.198Z\"}},\"resourceLocation\":{\"currentLocations\":[\"global\"]},\"resourceName\":\"projects/elastic-beats/global/instances\",\"serviceName\":\"compute.googleapis.com\",\"status\":{\"code\":7,\"message\":\"PERMISSION_DENIED\"}},\"receiveTimestamp\":\"2019-12-19T00:44:25.262379373Z\",\"resource\":{\"labels\":{\"location\":\"global\",\"method\":\"compute.instances.aggregatedList\",\"project_id\":\"elastic-beats\",\"service\":\"compute.googleapis.com\",\"version\":\"beta\"},\"type\":\"api\"},\"severity\":\"INFO\",\"timestamp\":\"2019-12-19T00:44:25.051Z\"}", "outcome": "failure" @@ -328,12 +324,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", "id": "87efd529-6349-45d2-b905-fc607e6c5d3b", - "ingested": "2022-03-01T09:43:13.539822700Z", "kind": "event", "original": "{\"insertId\":\"87efd529-6349-45d2-b905-fc607e6c5d3b\",\"labels\":{\"authorization.k8s.io/decision\":\"allow\",\"authorization.k8s.io/reason\":\"RBAC: allowed by ClusterRoleBinding \\\"cert-manager-webhook:auth-delegator\\\" of ClusterRole \\\"system:auth-delegator\\\" to ServiceAccount \\\"cert-manager-webhook/cert-manager\\\"\"},\"logName\":\"projects/foo/logs/cloudaudit.googleapis.com%2Fdata_access\",\"operation\":{\"first\":true,\"id\":\"5555555-6349-45d2-b905-fc607e6c5d3b\",\"last\":true,\"producer\":\"k8s.io\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"system:serviceaccount:cert-manager:cert-manager-webhook\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"io.k8s.authorization.v1beta1.subjectaccessreviews.create\",\"resource\":\"authorization.k8s.io/v1beta1/subjectaccessreviews\"}],\"methodName\":\"io.k8s.authorization.v1beta1.subjectaccessreviews.create\",\"request\":{\"@type\":\"authorization.k8s.io/v1beta1.SubjectAccessReview\",\"apiVersion\":\"authorization.k8s.io/v1beta1\",\"kind\":\"SubjectAccessReview\",\"metadata\":{\"creationTimestamp\":null},\"spec\":{\"group\":[\"system:serviceaccounts\",\"system:serviceaccounts:kube-system\",\"system:authenticated\"],\"nonResourceAttributes\":{\"path\":\"/apis/webhook.cert-manager.io/v1beta1\",\"verb\":\"get\"},\"user\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"status\":{\"allowed\":false}},\"requestMetadata\":{\"callerIp\":\"10.11.12.13\",\"callerSuppliedUserAgent\":\"webhook/v0.0.0 (linux/amd64) kubernetes/$Format\"},\"resourceName\":\"authorization.k8s.io/v1beta1/subjectaccessreviews\",\"response\":{\"@type\":\"authorization.k8s.io/v1beta1.SubjectAccessReview\",\"apiVersion\":\"authorization.k8s.io/v1beta1\",\"kind\":\"SubjectAccessReview\",\"metadata\":{\"creationTimestamp\":null},\"spec\":{\"group\":[\"system:serviceaccounts\",\"system:serviceaccounts:kube-system\",\"system:authenticated\"],\"nonResourceAttributes\":{\"path\":\"/apis/webhook.cert-manager.io/v1beta1\",\"verb\":\"get\"},\"user\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"status\":{\"allowed\":true,\"reason\":\"RBAC: allowed by ClusterRoleBinding \\\"system:discovery\\\" of ClusterRole \\\"system:discovery\\\" to Group \\\"system:authenticated\\\"\"}},\"serviceName\":\"k8s.io\",\"status\":{\"code\":0}},\"receiveTimestamp\":\"2020-08-05T21:07:32.157698684Z\",\"resource\":{\"labels\":{\"cluster_name\":\"analysis-cluster\",\"location\":\"us-central1-a\",\"project_id\":\"elastic-siem\"},\"type\":\"k8s_cluster\"},\"timestamp\":\"2020-08-05T21:07:30.974750Z\"}", "outcome": "success" @@ -413,12 +408,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "v1.compute.images.insert", "id": "v2spcwdzmc2", - "ingested": "2022-03-01T09:43:13.539829400Z", "kind": "event", "original": "{\"insertId\":\"v2spcwdzmc2\",\"logName\":\"projects/foo/logs/cloudaudit.googleapis.com%2Factivity\",\"operation\":{\"first\":true,\"id\":\"operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"producer\":\"compute.googleapis.com\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"user@mycompany.com\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"compute.images.create\",\"resourceAttributes\":{\"name\":\"projects/foo/global/images/windows-server-2016-v20200805\",\"service\":\"compute\",\"type\":\"compute.images\"}}],\"methodName\":\"v1.compute.images.insert\",\"request\":{\"@type\":\"type.googleapis.com/compute.images.insert\",\"family\":\"windows-server-2016\",\"guestOsFeatures\":[{\"type\":\"VIRTIO_SCSI_MULTIQUEUE\"},{\"type\":\"WINDOWS\"}],\"name\":\"windows-server-2016-v20200805\",\"rawDisk\":{\"source\":\"https://storage.googleapis.com/storage/v1/b/foo/o/windows-server-2016-v20200805.tar.gz\"},\"sourceType\":\"RAW\"},\"requestMetadata\":{\"callerIp\":\"67.43.156.13\",\"callerSuppliedUserAgent\":\"google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)\",\"destinationAttributes\":{},\"requestAttributes\":{\"auth\":{},\"time\":\"2020-08-05T21:59:27.515Z\"}},\"resourceLocation\":{\"currentLocations\":[\"eu\"]},\"resourceName\":\"projects/foo/global/images/windows-server-2016-v20200805\",\"response\":{\"@type\":\"type.googleapis.com/operation\",\"id\":\"44919313\",\"insertTime\":\"2020-08-05T14:59:27.259-07:00\",\"name\":\"operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"operationType\":\"insert\",\"progress\":\"0\",\"selfLink\":\"https://www.googleapis.com/compute/v1/projects/foo/global/operations/operation-1596664766354-5ac287c395484-fa3923bd-543e018e\",\"selfLinkWithId\":\"https://www.googleapis.com/compute/v1/projects/foo/global/operations/4491931805423146320\",\"startTime\":\"2020-08-05T14:59:27.274-07:00\",\"status\":\"RUNNING\",\"targetId\":\"12345\",\"targetLink\":\"https://www.googleapis.com/compute/v1/projects/foo/global/images/windows-server-2016-v20200805\",\"user\":\"user@mycompany.com\"},\"serviceName\":\"compute.googleapis.com\"},\"receiveTimestamp\":\"2020-08-05T21:59:27.822546978Z\",\"resource\":{\"labels\":{\"image_id\":\"771879043\",\"project_id\":\"foo\"},\"type\":\"gce_image\"},\"severity\":\"NOTICE\",\"timestamp\":\"2020-08-05T21:59:26.456Z\"}", "outcome": "success" @@ -515,12 +509,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "beta.compute.instances.stop", "id": "-c7ctxmd2zab", - "ingested": "2022-03-01T09:43:13.539835800Z", "kind": "event", "original": "{\"insertId\":\"-c7ctxmd2zab\",\"logName\":\"projects/foo/logs/cloudaudit.googleapis.com%2Factivity\",\"operation\":{\"id\":\"operation-1596646123456-5ac2438b775f6-f8ca1382-e70b6831\",\"last\":true,\"producer\":\"compute.googleapis.com\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"user@mycompany.com\"},\"methodName\":\"beta.compute.instances.stop\",\"request\":{\"@type\":\"type.googleapis.com/compute.instances.stop\"},\"requestMetadata\":{\"callerIp\":\"67.43.156.13\",\"callerSuppliedUserAgent\":\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)\"},\"resourceName\":\"projects/foo/zones/us-central1-a/instances/win10-test\",\"serviceName\":\"compute.googleapis.com\"},\"receiveTimestamp\":\"2020-08-05T16:56:41.315135528Z\",\"resource\":{\"labels\":{\"instance_id\":\"590261181\",\"project_id\":\"foo\",\"zone\":\"us-central1-a\"},\"type\":\"gce_instance\"},\"severity\":\"NOTICE\",\"timestamp\":\"2020-08-05T16:56:40.428Z\"}", "outcome": "unknown" @@ -592,12 +585,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "io.k8s.core.v1.nodes.list", "id": "94170ac4-6e82-4345-98ad-3c780222d19d", - "ingested": "2022-03-01T09:43:13.539841800Z", "kind": "event", "original": "{\"insertId\":\"94170ac4-6e82-4345-98ad-3c780222d19d\",\"labels\":{\"authorization.k8s.io/decision\":\"allow\",\"authorization.k8s.io/reason\":\"\"},\"logName\":\"projects/elastic-siem/logs/cloudaudit.googleapis.com%2Fdata_access\",\"operation\":{\"first\":true,\"id\":\"94170ac4-6e82-4345-98ad-3c780222d19d\",\"last\":true,\"producer\":\"k8s.io\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"io.k8s.core.v1.nodes.list\",\"resource\":\"core/v1/nodes\"}],\"methodName\":\"io.k8s.core.v1.nodes.list\",\"requestMetadata\":{\"callerIp\":\"192.168.1.1\",\"callerSuppliedUserAgent\":\"GoogleCloudConsole\"},\"resourceName\":\"core/v1/nodes\",\"serviceName\":\"k8s.io\",\"status\":{}},\"receiveTimestamp\":\"2021-04-23T14:47:31.94822935Z\",\"resource\":{\"labels\":{\"cluster_name\":\"analysis-cluster\",\"location\":\"us-central1-a\",\"project_id\":\"elastic-siem\"},\"type\":\"k8s_cluster\"},\"timestamp\":\"2021-04-23T14:47:07.535383Z\"}", "outcome": "success" @@ -661,12 +653,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "io.k8s.extensions.v1beta1.ingresses.list", "id": "b10a904a-faa4-4e0d-9ec3-7bc6a180196a", - "ingested": "2022-03-01T09:43:13.539846100Z", "kind": "event", "original": "{\"insertId\":\"b10a904a-faa4-4e0d-9ec3-7bc6a180196a\",\"labels\":{\"authorization.k8s.io/decision\":\"allow\",\"authorization.k8s.io/reason\":\"\",\"k8s.io/deprecated\":\"true\",\"k8s.io/removed-release\":\"1.22\"},\"logName\":\"projects/elastic-siem/logs/cloudaudit.googleapis.com%2Fdata_access\",\"operation\":{\"first\":true,\"id\":\"b10a904a-faa4-4e0d-9ec3-7bc6a180196a\",\"last\":true,\"producer\":\"k8s.io\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"io.k8s.extensions.v1beta1.ingresses.list\",\"resource\":\"extensions/v1beta1/namespaces/cos-auditd/ingresses\"}],\"methodName\":\"io.k8s.extensions.v1beta1.ingresses.list\",\"requestMetadata\":{\"callerIp\":\"192.168.1.1\",\"callerSuppliedUserAgent\":\"GoogleCloudConsole\"},\"resourceName\":\"extensions/v1beta1/namespaces/cos-auditd/ingresses\",\"serviceName\":\"k8s.io\",\"status\":{}},\"receiveTimestamp\":\"2021-04-23T14:16:36.37362467Z\",\"resource\":{\"labels\":{\"cluster_name\":\"analysis-cluster\",\"location\":\"us-central1-a\",\"project_id\":\"elastic-siem\"},\"type\":\"k8s_cluster\"},\"timestamp\":\"2021-04-23T14:16:07.574776Z\"}", "outcome": "success" @@ -730,12 +721,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "io.k8s.get", "id": "e973134d-b4d5-4e2f-92b8-82bba13fdb92", - "ingested": "2022-03-01T09:43:13.539852600Z", "kind": "event", "original": "{\"insertId\":\"e973134d-b4d5-4e2f-92b8-82bba13fdb92\",\"labels\":{\"authorization.k8s.io/decision\":\"allow\",\"authorization.k8s.io/reason\":\"RBAC: allowed by ClusterRoleBinding \\\"system:public-info-viewer\\\" of ClusterRole \\\"system:public-info-viewer\\\" to Group \\\"system:unauthenticated\\\"\"},\"logName\":\"projects/elastic-siem/logs/cloudaudit.googleapis.com%2Fdata_access\",\"operation\":{\"first\":true,\"id\":\"e973134d-b4d5-4e2f-92b8-82bba13fdb92\",\"last\":true,\"producer\":\"k8s.io\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"system:anonymous\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"io.k8s.get\",\"resource\":\"readyz\"}],\"methodName\":\"io.k8s.get\",\"requestMetadata\":{\"callerIp\":\"127.0.0.1\",\"callerSuppliedUserAgent\":\"kube-probe/1.19+\"},\"resourceName\":\"readyz\",\"serviceName\":\"k8s.io\",\"status\":{}},\"receiveTimestamp\":\"2021-04-29T08:19:21.606980385Z\",\"resource\":{\"labels\":{\"cluster_name\":\"analysis-cluster\",\"location\":\"us-central1-a\",\"project_id\":\"elastic-siem\"},\"type\":\"k8s_cluster\"},\"timestamp\":\"2021-04-29T08:19:20.80581Z\"}", "outcome": "success" @@ -799,12 +789,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "io.k8s.get", "id": "03adfb9f-71a3-4f41-9701-29b5542f4d22", - "ingested": "2022-03-01T09:43:13.539860700Z", "kind": "event", "original": "{\"insertId\":\"03adfb9f-71a3-4f41-9701-29b5542f4d22\",\"labels\":{\"authorization.k8s.io/decision\":\"allow\",\"authorization.k8s.io/reason\":\"RBAC: allowed by ClusterRoleBinding \\\"system:discovery\\\" of ClusterRole \\\"system:discovery\\\" to Group \\\"system:authenticated\\\"\"},\"logName\":\"projects/elastic-siem/logs/cloudaudit.googleapis.com%2Fdata_access\",\"operation\":{\"first\":true,\"id\":\"03adfb9f-71a3-4f41-9701-29b5542f4d22\",\"last\":true,\"producer\":\"k8s.io\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"system:serviceaccount:kube-system:generic-garbage-collector\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"io.k8s.get\",\"resource\":\"api/v1\"}],\"methodName\":\"io.k8s.get\",\"requestMetadata\":{\"callerIp\":\"::1\",\"callerSuppliedUserAgent\":\"kube-controller-manager/v1.19.8 (linux/amd64) kubernetes/4f6f69f/system:serviceaccount:kube-system:generic-garbage-collector\"},\"resourceName\":\"api/v1\",\"serviceName\":\"k8s.io\",\"status\":{}},\"receiveTimestamp\":\"2021-04-29T08:23:19.71757101Z\",\"resource\":{\"labels\":{\"cluster_name\":\"analysis-cluster\",\"location\":\"us-central1-a\",\"project_id\":\"elastic-siem\"},\"type\":\"k8s_cluster\"},\"timestamp\":\"2021-04-29T08:23:18.899153Z\"}", "outcome": "success" @@ -871,12 +860,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "google.iam.admin.v1.ListServiceAccounts", "id": "03adfb9f-71a3-4f41-9701-29b5542f4d23", - "ingested": "2022-03-01T09:43:13.539868900Z", "kind": "event", "original": "{\"insertId\":\"03adfb9f-71a3-4f41-9701-29b5542f4d23\",\"logName\":\"projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access\",\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\",\"principalSubject\":\"sub\",\"serviceAccountKeyName\":\"//xxx@xxx\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"iam.serviceAccounts.list\",\"resource\":\"projects/project\",\"resourceAttributes\":{}}],\"methodName\":\"google.iam.admin.v1.ListServiceAccounts\",\"request\":{\"@type\":\"type.googleapis.com/google.iam.admin.v1.ListServiceAccountsRequest\",\"name\":\"projects/project\",\"page_token\":\"cg:FFFFFF\"},\"requestMetadata\":{\"callerIp\":\"gce-internal-ip\",\"callerSuppliedUserAgent\":\"google-api-go-client/0.5,gzip(gfe)\",\"destinationAttributes\":{},\"requestAttributes\":{\"auth\":{},\"time\":\"2022-02-21T13:57:39.178418578Z\"}},\"resourceName\":\"projects/project\",\"serviceName\":\"iam.googleapis.com\",\"status\":{}},\"receiveTimestamp\":\"2022-02-21T13:57:39.341344991Z\",\"resource\":{\"labels\":{\"location\":\"global\",\"method\":\"google.iam.admin.v1.ListServiceAccounts\",\"project_id\":\"project\",\"service\":\"iam.googleapis.com\",\"version\":\"v1\"},\"type\":\"api\"},\"severity\":\"INFO\",\"timestamp\":\"2022-02-21T13:57:39.174555198Z\"}", "outcome": "success" @@ -937,12 +925,11 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", "id": "03adfb9f-71a3-4f41-9701-29b5542f4d24", - "ingested": "2022-03-01T09:43:13.539876900Z", "kind": "event", "original": "{\"insertId\":\"03adfb9f-71a3-4f41-9701-29b5542f4d24\",\"labels\":{\"authentication.k8s.io/legacy-token\":\"system:serviceaccount:kube-system:metrics-server\",\"authorization.k8s.io/decision\":\"allow\",\"authorization.k8s.io/reason\":\"RBAC: allowed by ClusterRoleBinding \\\"metrics-server:system:auth-delegator\\\" of ClusterRole \\\"system:auth-delegator\\\" to ServiceAccount \\\"metrics-server/kube-system\\\"\",\"k8s.io/deprecated\":\"true\",\"k8s.io/removed-release\":\"1.22\"},\"logName\":\"projects/project\",\"operation\":{\"first\":true,\"id\":\"924fbbf6-1982-4173-9355-3fca0ab7b0ee\",\"last\":true,\"producer\":\"k8s.io\"},\"protoPayload\":{\"@type\":\"type.googleapis.com/google.cloud.audit.AuditLog\",\"authenticationInfo\":{\"principalEmail\":\"xxx@xxx.xxx\"},\"authorizationInfo\":[{\"granted\":true,\"permission\":\"io.k8s.authorization.v1beta1.subjectaccessreviews.create\",\"resource\":\"authorization.k8s.io/v1beta1/subjectaccessreviews\"}],\"methodName\":\"io.k8s.authorization.v1beta1.subjectaccessreviews.create\",\"request\":{\"@type\":\"authorization.k8s.io/v1beta1.SubjectAccessReview\",\"apiVersion\":\"authorization.k8s.io/v1beta1\",\"kind\":\"SubjectAccessReview\",\"metadata\":{\"creationTimestamp\":null},\"spec\":{\"group\":[\"system:serviceaccounts\",\"system:serviceaccounts:kube-system\",\"system:authenticated\"],\"nonResourceAttributes\":{\"path\":\"/apis/metrics.k8s.io/v1beta1\",\"verb\":\"get\"},\"user\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"status\":{\"allowed\":false}},\"requestMetadata\":{\"callerIp\":\"67.43.156.13\",\"callerSuppliedUserAgent\":\"metrics-server/v0.0.0 (linux/amd64) kubernetes/$Format\"},\"resourceName\":\"authorization.k8s.io/v1beta1/subjectaccessreviews\",\"response\":{\"@type\":\"authorization.k8s.io/v1beta1.SubjectAccessReview\",\"apiVersion\":\"authorization.k8s.io/v1beta1\",\"kind\":\"SubjectAccessReview\",\"metadata\":{\"creationTimestamp\":null,\"managedFields\":[{\"apiVersion\":\"authorization.k8s.io/v1beta1\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:spec\":{\"f:group\":{},\"f:nonResourceAttributes\":{\".\":{},\"f:path\":{},\"f:verb\":{}},\"f:user\":{}}},\"manager\":\"metrics-server\",\"operation\":\"Update\",\"time\":\"2022-02-21T14:00:40Z\"}]},\"spec\":{\"group\":[\"system:serviceaccounts\",\"system:serviceaccounts:kube-system\",\"system:authenticated\"],\"nonResourceAttributes\":{\"path\":\"/apis/metrics.k8s.io/v1beta1\",\"verb\":\"get\"},\"user\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"status\":{\"allowed\":true,\"reason\":\"RBAC: allowed by ClusterRoleBinding \\\"system:discovery\\\" of ClusterRole \\\"system:discovery\\\" to Group \\\"system:authenticated\\\"\"}},\"serviceName\":\"k8s.io\",\"status\":{}},\"receiveTimestamp\":\"2022-02-21T14:00:42.030209174Z\",\"resource\":{\"labels\":{\"cluster_name\":\"elastic\",\"location\":\"europe-west1\",\"project_id\":\"project\"},\"type\":\"k8s_cluster\"},\"timestamp\":\"2022-02-21T14:00:40.802327Z\"}", "outcome": "success" diff --git a/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index c5c485ab19b..0f894e9cbec 100644 --- a/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -2,12 +2,9 @@ description: Pipeline for Google Cloud audit logs processors: - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/audit/sample_event.json b/packages/gcp/data_stream/audit/sample_event.json index f94bbc8980c..224c98c8d3b 100644 --- a/packages/gcp/data_stream/audit/sample_event.json +++ b/packages/gcp/data_stream/audit/sample_event.json @@ -18,7 +18,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json b/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json index 996134d8058..554f8b381f5 100644 --- a/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/gcp/data_stream/dns/_dev/test/pipeline/test-dns.log-expected.json @@ -35,13 +35,13 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "id": "vwroyze8pg7y", "kind": "event", - "outcome": "success", - "original": "{\"insertId\":\"vwroyze8pg7y\",\"jsonPayload\":{\"authAnswer\":true,\"protocol\":\"UDP\",\"queryName\":\"elastic.co.\",\"queryType\":\"A\",\"rdata\":\"elastic.co.\\t300\\tIN\\ta\\t127.0.0.1\",\"responseCode\":\"NOERROR\",\"serverLatency\":14,\"sourceIP\":\"10.154.0.3\",\"sourceNetwork\":\"default\",\"vmInstanceId\":8340998530665147,\"vmInstanceIdString\":\"8340998530665147\",\"vmInstanceName\":\"694119234537.instance\",\"vmProjectId\":\"project\",\"vmZoneName\":\"europe-west2-a\"},\"logName\":\"projects/project/logs/dns.googleapis.com%2Fdns_queries\",\"receiveTimestamp\":\"2022-01-23T09:16:05.502805637Z\",\"resource\":{\"labels\":{\"location\":\"europe-west2\",\"project_id\":\"project\",\"source_type\":\"gce-vm\",\"target_name\":\"\",\"target_type\":\"external\"},\"type\":\"dns_query\"},\"severity\":\"INFO\",\"timestamp\":\"2022-01-23T09:16:05.341873447Z\"}" + "original": "{\"insertId\":\"vwroyze8pg7y\",\"jsonPayload\":{\"authAnswer\":true,\"protocol\":\"UDP\",\"queryName\":\"elastic.co.\",\"queryType\":\"A\",\"rdata\":\"elastic.co.\\t300\\tIN\\ta\\t127.0.0.1\",\"responseCode\":\"NOERROR\",\"serverLatency\":14,\"sourceIP\":\"10.154.0.3\",\"sourceNetwork\":\"default\",\"vmInstanceId\":8340998530665147,\"vmInstanceIdString\":\"8340998530665147\",\"vmInstanceName\":\"694119234537.instance\",\"vmProjectId\":\"project\",\"vmZoneName\":\"europe-west2-a\"},\"logName\":\"projects/project/logs/dns.googleapis.com%2Fdns_queries\",\"receiveTimestamp\":\"2022-01-23T09:16:05.502805637Z\",\"resource\":{\"labels\":{\"location\":\"europe-west2\",\"project_id\":\"project\",\"source_type\":\"gce-vm\",\"target_name\":\"\",\"target_type\":\"external\"},\"type\":\"dns_query\"},\"severity\":\"INFO\",\"timestamp\":\"2022-01-23T09:16:05.341873447Z\"}", + "outcome": "success" }, "gcp": { "dns": { @@ -109,13 +109,13 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "id": "ivmbnpe95vee", "kind": "event", - "outcome": "success", - "original": "{\"insertId\":\"ivmbnpe95vee\",\"jsonPayload\":{\"authAnswer\":true,\"protocol\":\"UDP\",\"queryName\":\"elastic.co.\",\"queryType\":\"AAAA\",\"rdata\":\"elastic.co.\\t300\\tIN\\taaaa\\t0:0:0:0:0:0:0:1\",\"responseCode\":\"NOERROR\",\"serverLatency\":7,\"sourceIP\":\"10.154.0.3\",\"sourceNetwork\":\"default\",\"vmInstanceId\":8340998530665147,\"vmInstanceIdString\":\"8340998530665147\",\"vmInstanceName\":\"694119234537.instance\",\"vmProjectId\":\"project\",\"vmZoneName\":\"europe-west2-a\"},\"logName\":\"projects/project/logs/dns.googleapis.com%2Fdns_queries\",\"receiveTimestamp\":\"2022-01-23T09:16:09.258412946Z\",\"resource\":{\"labels\":{\"location\":\"europe-west2\",\"project_id\":\"project\",\"source_type\":\"gce-vm\",\"target_name\":\"\",\"target_type\":\"external\"},\"type\":\"dns_query\"},\"severity\":\"INFO\",\"timestamp\":\"2022-01-23T09:16:08.581183441Z\"}" + "original": "{\"insertId\":\"ivmbnpe95vee\",\"jsonPayload\":{\"authAnswer\":true,\"protocol\":\"UDP\",\"queryName\":\"elastic.co.\",\"queryType\":\"AAAA\",\"rdata\":\"elastic.co.\\t300\\tIN\\taaaa\\t0:0:0:0:0:0:0:1\",\"responseCode\":\"NOERROR\",\"serverLatency\":7,\"sourceIP\":\"10.154.0.3\",\"sourceNetwork\":\"default\",\"vmInstanceId\":8340998530665147,\"vmInstanceIdString\":\"8340998530665147\",\"vmInstanceName\":\"694119234537.instance\",\"vmProjectId\":\"project\",\"vmZoneName\":\"europe-west2-a\"},\"logName\":\"projects/project/logs/dns.googleapis.com%2Fdns_queries\",\"receiveTimestamp\":\"2022-01-23T09:16:09.258412946Z\",\"resource\":{\"labels\":{\"location\":\"europe-west2\",\"project_id\":\"project\",\"source_type\":\"gce-vm\",\"target_name\":\"\",\"target_type\":\"external\"},\"type\":\"dns_query\"},\"severity\":\"INFO\",\"timestamp\":\"2022-01-23T09:16:08.581183441Z\"}", + "outcome": "success" }, "gcp": { "dns": { @@ -209,13 +209,13 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "id": "3c0hhve794jt", "kind": "event", - "outcome": "success", - "original": "{\"insertId\":\"3c0hhve794jt\",\"jsonPayload\":{\"authAnswer\":true,\"protocol\":\"UDP\",\"queryName\":\"elastic.co.\",\"queryType\":\"MX\",\"rdata\":\"elastic.co.\\t300\\tIN\\tmx\\t1 aspmx.l.google.com.\\nelastic.co.\\t300\\tIN\\tmx\\t10 alt3.aspmx.l.google.com.\\nelastic.co.\\t300\\tIN\\tmx\\t10 alt4.aspmx.l.google.com.\\nelastic.co.\\t300\\tIN\\tmx\\t5 alt1.aspmx.l.google.com.\\nelastic.co.\\t300\\tIN\\tmx\\t5 alt2.aspmx.l.google.com.\",\"responseCode\":\"NOERROR\",\"serverLatency\":8,\"sourceIP\":\"10.154.0.3\",\"sourceNetwork\":\"default\",\"vmInstanceId\":8340998530665147,\"vmInstanceIdString\":\"8340998530665147\",\"vmInstanceName\":\"694119234537.instance\",\"vmProjectId\":\"project\",\"vmZoneName\":\"europe-west2-a\"},\"logName\":\"projects/project/logs/dns.googleapis.com%2Fdns_queries\",\"receiveTimestamp\":\"2022-01-23T09:16:13.097205893Z\",\"resource\":{\"labels\":{\"location\":\"europe-west2\",\"project_id\":\"project\",\"source_type\":\"gce-vm\",\"target_name\":\"\",\"target_type\":\"external\"},\"type\":\"dns_query\"},\"severity\":\"INFO\",\"timestamp\":\"2022-01-23T09:16:11.834672077Z\"}" + "original": "{\"insertId\":\"3c0hhve794jt\",\"jsonPayload\":{\"authAnswer\":true,\"protocol\":\"UDP\",\"queryName\":\"elastic.co.\",\"queryType\":\"MX\",\"rdata\":\"elastic.co.\\t300\\tIN\\tmx\\t1 aspmx.l.google.com.\\nelastic.co.\\t300\\tIN\\tmx\\t10 alt3.aspmx.l.google.com.\\nelastic.co.\\t300\\tIN\\tmx\\t10 alt4.aspmx.l.google.com.\\nelastic.co.\\t300\\tIN\\tmx\\t5 alt1.aspmx.l.google.com.\\nelastic.co.\\t300\\tIN\\tmx\\t5 alt2.aspmx.l.google.com.\",\"responseCode\":\"NOERROR\",\"serverLatency\":8,\"sourceIP\":\"10.154.0.3\",\"sourceNetwork\":\"default\",\"vmInstanceId\":8340998530665147,\"vmInstanceIdString\":\"8340998530665147\",\"vmInstanceName\":\"694119234537.instance\",\"vmProjectId\":\"project\",\"vmZoneName\":\"europe-west2-a\"},\"logName\":\"projects/project/logs/dns.googleapis.com%2Fdns_queries\",\"receiveTimestamp\":\"2022-01-23T09:16:13.097205893Z\",\"resource\":{\"labels\":{\"location\":\"europe-west2\",\"project_id\":\"project\",\"source_type\":\"gce-vm\",\"target_name\":\"\",\"target_type\":\"external\"},\"type\":\"dns_query\"},\"severity\":\"INFO\",\"timestamp\":\"2022-01-23T09:16:11.834672077Z\"}", + "outcome": "success" }, "gcp": { "dns": { @@ -302,13 +302,13 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "id": "1de2pp0e8q6k", "kind": "event", - "outcome": "success", - "original": "{\"insertId\":\"1de2pp0e8q6k\",\"jsonPayload\":{\"authAnswer\":true,\"protocol\":\"UDP\",\"queryName\":\"elastic.co.\",\"queryType\":\"NS\",\"rdata\":\"elastic.co.\\t21600\\tIN\\tns\\tns-1168.awsdns-18.org.\\nelastic.co.\\t21600\\tIN\\tns\\tns-1737.awsdns-25.co.uk.\\nelastic.co.\\t21600\\tIN\\tns\\tns-339.awsdns-42.com.\\nelastic.co.\\t21600\\tIN\\tns\\tns-785.awsdns-34.net.\",\"responseCode\":\"NOERROR\",\"serverLatency\":9,\"sourceIP\":\"10.154.0.3\",\"sourceNetwork\":\"default\",\"vmInstanceId\":8340998530665147,\"vmInstanceIdString\":\"8340998530665147\",\"vmInstanceName\":\"694119234537.instance\",\"vmProjectId\":\"project\",\"vmZoneName\":\"europe-west2-a\"},\"logName\":\"projects/project/logs/dns.googleapis.com%2Fdns_queries\",\"receiveTimestamp\":\"2022-01-23T09:16:14.900251293Z\",\"resource\":{\"labels\":{\"location\":\"europe-west2\",\"project_id\":\"project\",\"source_type\":\"gce-vm\",\"target_name\":\"\",\"target_type\":\"external\"},\"type\":\"dns_query\"},\"severity\":\"INFO\",\"timestamp\":\"2022-01-23T09:16:14.334350623Z\"}" + "original": "{\"insertId\":\"1de2pp0e8q6k\",\"jsonPayload\":{\"authAnswer\":true,\"protocol\":\"UDP\",\"queryName\":\"elastic.co.\",\"queryType\":\"NS\",\"rdata\":\"elastic.co.\\t21600\\tIN\\tns\\tns-1168.awsdns-18.org.\\nelastic.co.\\t21600\\tIN\\tns\\tns-1737.awsdns-25.co.uk.\\nelastic.co.\\t21600\\tIN\\tns\\tns-339.awsdns-42.com.\\nelastic.co.\\t21600\\tIN\\tns\\tns-785.awsdns-34.net.\",\"responseCode\":\"NOERROR\",\"serverLatency\":9,\"sourceIP\":\"10.154.0.3\",\"sourceNetwork\":\"default\",\"vmInstanceId\":8340998530665147,\"vmInstanceIdString\":\"8340998530665147\",\"vmInstanceName\":\"694119234537.instance\",\"vmProjectId\":\"project\",\"vmZoneName\":\"europe-west2-a\"},\"logName\":\"projects/project/logs/dns.googleapis.com%2Fdns_queries\",\"receiveTimestamp\":\"2022-01-23T09:16:14.900251293Z\",\"resource\":{\"labels\":{\"location\":\"europe-west2\",\"project_id\":\"project\",\"source_type\":\"gce-vm\",\"target_name\":\"\",\"target_type\":\"external\"},\"type\":\"dns_query\"},\"severity\":\"INFO\",\"timestamp\":\"2022-01-23T09:16:14.334350623Z\"}", + "outcome": "success" }, "gcp": { "dns": { @@ -381,13 +381,13 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "id": "1oht95te9dnf", "kind": "event", - "outcome": "success", - "original": "{\"insertId\":\"1oht95te9dnf\",\"jsonPayload\":{\"authAnswer\":true,\"protocol\":\"UDP\",\"queryName\":\"elastic.co.\",\"queryType\":\"TXT\",\"rdata\":\"elastic.co.\\t300\\tIN\\ttxt\\t\\\"adobe-idp-site-verification=f0ae487a2bd7cc4eb1fc64162e1a85c5b39002bc5fe0d7d7373ece0fdb3fd494\\\"\\nelastic.co.\\t300\\tIN\\ttxt\\t\\\"atlassian-domain-verification=eFQHgCgWimOfFj3Ol7kfJg9RGDmaS8X6V2M6YZRgnEY6/iKi0SUYWRlOvBOmgV7H\\\"\\nelastic.co.\\t300\\tIN\\ttxt...\",\"responseCode\":\"NOERROR\",\"serverLatency\":12,\"sourceIP\":\"10.154.0.3\",\"sourceNetwork\":\"default\",\"vmInstanceId\":8340998530665147,\"vmInstanceIdString\":\"8340998530665147\",\"vmInstanceName\":\"694119234537.instance\",\"vmProjectId\":\"project\",\"vmZoneName\":\"europe-west2-a\"},\"logName\":\"projects/project/logs/dns.googleapis.com%2Fdns_queries\",\"receiveTimestamp\":\"2022-01-23T09:16:17.932779800Z\",\"resource\":{\"labels\":{\"location\":\"europe-west2\",\"project_id\":\"project\",\"source_type\":\"gce-vm\",\"target_name\":\"\",\"target_type\":\"external\"},\"type\":\"dns_query\"},\"severity\":\"INFO\",\"timestamp\":\"2022-01-23T09:16:17.088350121Z\"}" + "original": "{\"insertId\":\"1oht95te9dnf\",\"jsonPayload\":{\"authAnswer\":true,\"protocol\":\"UDP\",\"queryName\":\"elastic.co.\",\"queryType\":\"TXT\",\"rdata\":\"elastic.co.\\t300\\tIN\\ttxt\\t\\\"adobe-idp-site-verification=f0ae487a2bd7cc4eb1fc64162e1a85c5b39002bc5fe0d7d7373ece0fdb3fd494\\\"\\nelastic.co.\\t300\\tIN\\ttxt\\t\\\"atlassian-domain-verification=eFQHgCgWimOfFj3Ol7kfJg9RGDmaS8X6V2M6YZRgnEY6/iKi0SUYWRlOvBOmgV7H\\\"\\nelastic.co.\\t300\\tIN\\ttxt...\",\"responseCode\":\"NOERROR\",\"serverLatency\":12,\"sourceIP\":\"10.154.0.3\",\"sourceNetwork\":\"default\",\"vmInstanceId\":8340998530665147,\"vmInstanceIdString\":\"8340998530665147\",\"vmInstanceName\":\"694119234537.instance\",\"vmProjectId\":\"project\",\"vmZoneName\":\"europe-west2-a\"},\"logName\":\"projects/project/logs/dns.googleapis.com%2Fdns_queries\",\"receiveTimestamp\":\"2022-01-23T09:16:17.932779800Z\",\"resource\":{\"labels\":{\"location\":\"europe-west2\",\"project_id\":\"project\",\"source_type\":\"gce-vm\",\"target_name\":\"\",\"target_type\":\"external\"},\"type\":\"dns_query\"},\"severity\":\"INFO\",\"timestamp\":\"2022-01-23T09:16:17.088350121Z\"}", + "outcome": "success" }, "gcp": { "dns": { diff --git a/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml index eca01434a2e..87aa020b9cc 100644 --- a/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/dns/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud DNS logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/dns/sample_event.json b/packages/gcp/data_stream/dns/sample_event.json index 9cd568cf68f..7bf4d443265 100644 --- a/packages/gcp/data_stream/dns/sample_event.json +++ b/packages/gcp/data_stream/dns/sample_event.json @@ -33,7 +33,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "id": "vwroyze8pg7y", diff --git a/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json index 22ac1a0a696..008128d3f09 100644 --- a/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json +++ b/packages/gcp/data_stream/firewall/_dev/test/pipeline/test-firewall.log-expected.json @@ -1,2197 +1,2197 @@ { "expected": [ { - "log": { - "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" - }, - "destination": { - "address": "10.128.0.16", - "port": 80, - "domain": "local-adrian-test", - "ip": "10.128.0.16" - }, - "rule": { - "name": "network:default/firewall:adrian-test-3" - }, - "source": { - "address": "10.142.0.10", - "port": 57794, - "domain": "test-es", - "ip": "10.142.0.10" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "name": "mysubnet", - "community_id": "1:r5Cn2Gb1aK8/KMnjNxp64xRRxCw=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + "@timestamp": "2019-11-06T16:41:38.394Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "local-test" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.128.0.16", + "domain": "local-adrian-test", + "ip": "10.128.0.16", + "port": 80 }, - "@timestamp": "2019-11-06T16:41:38.394Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.142.0.10", - "10.128.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1dobeotg13df9f5", + "kind": "event", + "original": "{\"insertId\":\"1dobeotg13df9f5\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.128.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"10.142.0.10\",\"src_port\":57794},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"local-test\",\"region\":\"us-central1\",\"vm_name\":\"local-adrian-test\",\"zone\":\"us-central1-a\"},\"remote_instance\":{\"project_id\":\"remote-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_vpc\":{\"project_id\":\"remote-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-06T16:41:45.009675991Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"12345667\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-06T16:41:38.394575419Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "local-test", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "mysubnet", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "local-test", - "zone": "us-central1-a" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } }, "source": { + "instance": { + "project_id": "remote-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "remote-beats", "subnetwork_name": "mysubnet", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "remote-beats", - "zone": "us-east1-b" } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1dobeotg13df9f5\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.128.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"10.142.0.10\",\"src_port\":57794},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"local-test\",\"region\":\"us-central1\",\"vm_name\":\"local-adrian-test\",\"zone\":\"us-central1-a\"},\"remote_instance\":{\"project_id\":\"remote-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_vpc\":{\"project_id\":\"remote-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-06T16:41:45.009675991Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"12345667\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-06T16:41:38.394575419Z\"}", - "id": "1dobeotg13df9f5", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.128.0.10", - "port": 57794, - "domain": "test-es", - "ip": "10.128.0.10" + "network": { + "community_id": "1:r5Cn2Gb1aK8/KMnjNxp64xRRxCw=", + "direction": "inbound", + "iana_number": "6", + "name": "mysubnet", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.142.0.10", + "10.128.0.16" + ] }, "rule": { "name": "network:default/firewall:adrian-test-3" }, "source": { - "address": "10.142.0.16", - "port": 80, - "domain": "local-adrian-test", - "ip": "10.142.0.16" + "address": "10.142.0.10", + "domain": "test-es", + "ip": "10.142.0.10", + "port": 57794 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "mysubnet", - "community_id": "1:PX8Huj8++6RLuv25K7VfHPger5I=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "outbound" - }, + ] + }, + { + "@timestamp": "2019-11-06T16:41:38.394Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "local-test" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.128.0.10", + "domain": "test-es", + "ip": "10.128.0.10", + "port": 57794 }, - "@timestamp": "2019-11-06T16:41:38.394Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.142.0.16", - "10.128.0.10" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1dobeotg13df9f7", + "kind": "event", + "original": "{\"insertId\":\"1dobeotg13df9f7\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.128.0.10\",\"dest_port\":57794,\"protocol\":6,\"src_ip\":\"10.142.0.16\",\"src_port\":80},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"local-test\",\"region\":\"us-central1\",\"vm_name\":\"local-adrian-test\",\"zone\":\"us-central1-a\"},\"remote_instance\":{\"project_id\":\"remote-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_vpc\":{\"project_id\":\"remote-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-06T16:41:45.009675991Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"892378332\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-06T16:41:38.394575419Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "remote-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "remote-beats", "subnetwork_name": "mysubnet", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "remote-beats", - "zone": "us-east1-b" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "EGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "EGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } }, "source": { + "instance": { + "project_id": "local-test", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "mysubnet", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "local-test", - "zone": "us-central1-a" } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1dobeotg13df9f7\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.128.0.10\",\"dest_port\":57794,\"protocol\":6,\"src_ip\":\"10.142.0.16\",\"src_port\":80},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"local-test\",\"region\":\"us-central1\",\"vm_name\":\"local-adrian-test\",\"zone\":\"us-central1-a\"},\"remote_instance\":{\"project_id\":\"remote-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_vpc\":{\"project_id\":\"remote-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"mysubnet\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-06T16:41:45.009675991Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"892378332\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-06T16:41:38.394575419Z\"}", - "id": "1dobeotg13df9f7", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 53, - "ip": "67.43.156.13" + "network": { + "community_id": "1:PX8Huj8++6RLuv25K7VfHPger5I=", + "direction": "outbound", + "iana_number": "6", + "name": "mysubnet", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.142.0.16", + "10.128.0.10" + ] }, "rule": { - "name": "network:default/firewall:adrian-test-1" + "name": "network:default/firewall:adrian-test-3" }, "source": { - "address": "10.128.0.16", - "port": 60094, - "domain": "adrian-test", - "ip": "10.128.0.16" + "address": "10.142.0.16", + "domain": "local-adrian-test", + "ip": "10.142.0.16", + "port": 80 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:9+6dmqk1gTfOBuneEQYO+4ye504=", - "transport": "udp", - "type": "ipv4", - "iana_number": "17", - "direction": "outbound" - }, + ] + }, + { + "@timestamp": "2019-11-12T12:35:17.214Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 53 }, - "@timestamp": "2019-11-12T12:35:17.214Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.128.0.16", - "67.43.156.13" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "4zuj4nfn4llkb", + "kind": "event", + "original": "{\"insertId\":\"4zuj4nfn4llkb\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":53,\"protocol\":17,\"src_ip\":\"10.128.0.16\",\"src_port\":60094},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"rule_details\":{\"action\":\"DENY\",\"destination_range\":[\"8.8.8.0/24\"],\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"ALL\"}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-1\",\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-12T12:35:24.466374097Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-12T12:35:17.214711274Z\"}", + "type": "connection" }, "gcp": { "firewall": { "rule_details": { "action": "DENY", - "target_tag": [ - "adrian-test" - ], - "priority": 1000, "destination_range": [ "8.8.8.0/24" ], + "direction": "EGRESS", "ip_port_info": [ { "ip_protocol": "ALL" } ], - "direction": "EGRESS" + "priority": 1000, + "target_tag": [ + "adrian-test" + ] } }, "source": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"4zuj4nfn4llkb\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":53,\"protocol\":17,\"src_ip\":\"10.128.0.16\",\"src_port\":60094},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"rule_details\":{\"action\":\"DENY\",\"destination_range\":[\"8.8.8.0/24\"],\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"ALL\"}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-1\",\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-12T12:35:24.466374097Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-12T12:35:17.214711274Z\"}", - "id": "4zuj4nfn4llkb", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.42.0.2", - "port": 3389, - "domain": "test-windows", - "ip": "10.42.0.2" - }, - "rule": { - "name": "network:windows-isolated/firewall:windows-isolated-allow-rdp" + "network": { + "community_id": "1:9+6dmqk1gTfOBuneEQYO+4ye504=", + "direction": "outbound", + "iana_number": "17", + "name": "default", + "transport": "udp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.128.0.16", + "67.43.156.13" + ] + }, + "rule": { + "name": "network:default/firewall:adrian-test-1" }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "omn" - }, - "address": "192.168.2.126", - "port": 64853, - "ip": "192.168.2.126" + "address": "10.128.0.16", + "domain": "adrian-test", + "ip": "10.128.0.16", + "port": 60094 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "windows-isolated", - "community_id": "1:OdLB9eXsBDLz8m97ao4LepX6q+4=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-10-30T13:52:42.191Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "test-beats" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.42.0.2", + "domain": "test-windows", + "ip": "10.42.0.2", + "port": 3389 }, - "@timestamp": "2019-10-30T13:52:42.191Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.126", - "10.42.0.2" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1f21ciqfpfssuo", + "kind": "event", + "original": "{\"insertId\":\"1f21ciqfpfssuo\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.2\",\"dest_port\":3389,\"protocol\":6,\"src_ip\":\"192.168.2.126\",\"src_port\":64853},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-windows\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"Asia\",\"country\":\"omn\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"3389\"]}],\"priority\":1000,\"reference\":\"network:windows-isolated/firewall:windows-isolated-allow-rdp\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow-rdp\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-10-30T13:52:54.473174731Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"3238409883146034900\",\"subnetwork_name\":\"windows-isolated\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-10-30T13:52:42.191988835Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "windows-isolated", "vpc_name": "windows-isolated" - }, - "instance": { - "region": "us-east1", - "project_id": "test-beats", - "zone": "us-east1-b" } }, "firewall": { "rule_details": { "action": "ALLOW", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "allow-rdp" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "3389" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow-rdp" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1f21ciqfpfssuo\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.2\",\"dest_port\":3389,\"protocol\":6,\"src_ip\":\"192.168.2.126\",\"src_port\":64853},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-windows\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"Asia\",\"country\":\"omn\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"3389\"]}],\"priority\":1000,\"reference\":\"network:windows-isolated/firewall:windows-isolated-allow-rdp\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow-rdp\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-10-30T13:52:54.473174731Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"3238409883146034900\",\"subnetwork_name\":\"windows-isolated\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-10-30T13:52:42.191988835Z\"}", - "id": "1f21ciqfpfssuo", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.28.0.16", - "port": 8080, - "domain": "adrian-test", - "ip": "10.28.0.16" + "network": { + "community_id": "1:OdLB9eXsBDLz8m97ao4LepX6q+4=", + "direction": "inbound", + "iana_number": "6", + "name": "windows-isolated", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.126", + "10.42.0.2" + ] }, "rule": { - "name": "network:default/firewall:adrian-test-3" + "name": "network:windows-isolated/firewall:windows-isolated-allow-rdp" }, "source": { + "address": "192.168.2.126", "geo": { - "continent_name": "Europe", - "country_name": "rus", - "city_name": "Krasnodar", - "region_name": "Krasnodar Krai" + "continent_name": "Asia", + "country_name": "omn" }, - "address": "192.168.2.219", - "port": 2897, - "ip": "192.168.2.219" + "ip": "192.168.2.126", + "port": 64853 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:A5iOU96ubdRLq+4VydLZgZGU+Ns=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T12:31:19.421Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 8080 }, - "@timestamp": "2019-11-11T12:31:19.421Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.219", - "10.28.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "8vcfeailjd", + "kind": "event", + "original": "{\"insertId\":\"8vcfeailjd\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.168.2.219\",\"src_port\":2897},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Krasnodar\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Krasnodar Krai\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:31:22.738796433Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:31:19.421478847Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"8vcfeailjd\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.168.2.219\",\"src_port\":2897},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Krasnodar\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Krasnodar Krai\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:31:22.738796433Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:31:19.421478847Z\"}", - "id": "8vcfeailjd", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.28.0.16", - "port": 80, - "domain": "adrian-test", - "ip": "10.28.0.16" + "network": { + "community_id": "1:A5iOU96ubdRLq+4VydLZgZGU+Ns=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.219", + "10.28.0.16" + ] }, "rule": { "name": "network:default/firewall:adrian-test-3" }, "source": { + "address": "192.168.2.219", "geo": { + "city_name": "Krasnodar", "continent_name": "Europe", - "country_name": "deu" + "country_name": "rus", + "region_name": "Krasnodar Krai" }, - "address": "192.168.2.14", - "port": 61000, - "ip": "192.168.2.14" + "ip": "192.168.2.219", + "port": 2897 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:oI8iImLuHWwNxzRIIpsZbSUF2fE=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T12:41:31.079Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 80 }, - "@timestamp": "2019-11-11T12:41:31.079Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.14", - "10.28.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1bqgmw9feiabij", + "kind": "event", + "original": "{\"insertId\":\"1bqgmw9feiabij\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.14\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"Europe\",\"country\":\"deu\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:41:35.727004321Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:41:31.079508196Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1bqgmw9feiabij\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.14\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"Europe\",\"country\":\"deu\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:41:35.727004321Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:41:31.079508196Z\"}", - "id": "1bqgmw9feiabij", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.28.0.16", - "port": 80, - "domain": "adrian-test", - "ip": "10.28.0.16" + "network": { + "community_id": "1:oI8iImLuHWwNxzRIIpsZbSUF2fE=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.14", + "10.28.0.16" + ] }, "rule": { "name": "network:default/firewall:adrian-test-3" }, "source": { + "address": "192.168.2.14", "geo": { "continent_name": "Europe", "country_name": "deu" }, - "address": "192.168.2.14", - "port": 61000, - "ip": "192.168.2.14" + "ip": "192.168.2.14", + "port": 61000 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:oI8iImLuHWwNxzRIIpsZbSUF2fE=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, - "cloud": { - "region": "us-central1", + ] + }, + { + "@timestamp": "2019-11-11T12:41:34.190Z", + "cloud": { "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 80 }, - "@timestamp": "2019-11-11T12:41:34.190Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.14", - "10.28.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1jrxaqbfe48bir", + "kind": "event", + "original": "{\"insertId\":\"1jrxaqbfe48bir\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.14\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"Europe\",\"country\":\"deu\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:41:40.791816098Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:41:34.190831607Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1jrxaqbfe48bir\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.14\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"Europe\",\"country\":\"deu\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:41:40.791816098Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:41:34.190831607Z\"}", - "id": "1jrxaqbfe48bir", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.28.0.16", - "port": 8080, - "domain": "adrian-test", - "ip": "10.28.0.16" + "network": { + "community_id": "1:oI8iImLuHWwNxzRIIpsZbSUF2fE=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.14", + "10.28.0.16" + ] }, "rule": { "name": "network:default/firewall:adrian-test-3" }, "source": { + "address": "192.168.2.14", "geo": { "continent_name": "Europe", - "country_name": "ukr", - "city_name": "Berdychiv", - "region_name": "Zhytomyr Oblast" + "country_name": "deu" }, - "address": "192.168.2.151", - "port": 62551, - "ip": "192.168.2.151" + "ip": "192.168.2.14", + "port": 61000 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:SKVztg1DPAOr3jK41SNPB1GNIVg=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T12:48:41.449Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 8080 }, - "@timestamp": "2019-11-11T12:48:41.449Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.151", - "10.28.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1fw7drlfe2ty27", + "kind": "event", + "original": "{\"insertId\":\"1fw7drlfe2ty27\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.168.2.151\",\"src_port\":62551},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Berdychiv\",\"continent\":\"Europe\",\"country\":\"ukr\",\"region\":\"Zhytomyr Oblast\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:48:47.038820509Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:48:41.449552758Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1fw7drlfe2ty27\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.168.2.151\",\"src_port\":62551},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Berdychiv\",\"continent\":\"Europe\",\"country\":\"ukr\",\"region\":\"Zhytomyr Oblast\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:48:47.038820509Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:48:41.449552758Z\"}", - "id": "1fw7drlfe2ty27", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.28.0.16", - "port": 8080, - "domain": "adrian-test", - "ip": "10.28.0.16" + "network": { + "community_id": "1:SKVztg1DPAOr3jK41SNPB1GNIVg=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.151", + "10.28.0.16" + ] }, "rule": { "name": "network:default/firewall:adrian-test-3" }, "source": { + "address": "192.168.2.151", "geo": { + "city_name": "Berdychiv", "continent_name": "Europe", - "country_name": "ita", - "city_name": "Vicenza", - "region_name": "Veneto" + "country_name": "ukr", + "region_name": "Zhytomyr Oblast" }, - "address": "192.168.2.241", - "port": 44542, - "ip": "192.168.2.241" + "ip": "192.168.2.151", + "port": 62551 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:Ju3t0rAM8ZPZaqr/NXVTm2rCcOQ=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T13:10:24.214Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 8080 }, - "@timestamp": "2019-11-11T13:10:24.214Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.241", - "10.28.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1yre751fekaxzs", + "kind": "event", + "original": "{\"insertId\":\"1yre751fekaxzs\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.168.2.241\",\"src_port\":44542},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Vicenza\",\"continent\":\"Europe\",\"country\":\"ita\",\"region\":\"Veneto\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T13:10:30.804549999Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T13:10:24.214995318Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1yre751fekaxzs\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.168.2.241\",\"src_port\":44542},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Vicenza\",\"continent\":\"Europe\",\"country\":\"ita\",\"region\":\"Veneto\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T13:10:30.804549999Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T13:10:24.214995318Z\"}", - "id": "1yre751fekaxzs", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.28.0.16", - "port": 80, - "domain": "adrian-test", - "ip": "10.28.0.16" + "network": { + "community_id": "1:Ju3t0rAM8ZPZaqr/NXVTm2rCcOQ=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.241", + "10.28.0.16" + ] }, "rule": { "name": "network:default/firewall:adrian-test-3" }, "source": { + "address": "192.168.2.241", "geo": { + "city_name": "Vicenza", "continent_name": "Europe", - "country_name": "rus", - "city_name": "Tula", - "region_name": "Tula Oblast" + "country_name": "ita", + "region_name": "Veneto" }, - "address": "192.168.2.114", - "port": 41293, - "ip": "192.168.2.114" + "ip": "192.168.2.241", + "port": 44542 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:3p2S4HNdJf2gfA2403VPmsMxi5E=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T13:35:23.504Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 80 }, - "@timestamp": "2019-11-11T13:35:23.504Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.114", - "10.28.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "5kanfzfiqepkh", + "kind": "event", + "original": "{\"insertId\":\"5kanfzfiqepkh\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.114\",\"src_port\":41293},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Tula\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Tula Oblast\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T13:35:28.934918322Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T13:35:23.504719962Z\"}", + "type": "connection" }, "gcp": { "destination": { - "vpc": { + "instance": { "project_id": "test-beats", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { "region": "us-central1", - "project_id": "test-beats", "zone": "us-central1-a" + }, + "vpc": { + "project_id": "test-beats", + "subnetwork_name": "default", + "vpc_name": "default" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"5kanfzfiqepkh\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.114\",\"src_port\":41293},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Tula\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Tula Oblast\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T13:35:28.934918322Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T13:35:23.504719962Z\"}", - "id": "5kanfzfiqepkh", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.28.0.16", - "port": 80, - "domain": "adrian-test", - "ip": "10.28.0.16" + "network": { + "community_id": "1:3p2S4HNdJf2gfA2403VPmsMxi5E=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.114", + "10.28.0.16" + ] }, "rule": { "name": "network:default/firewall:adrian-test-3" }, "source": { + "address": "192.168.2.114", "geo": { + "city_name": "Tula", "continent_name": "Europe", "country_name": "rus", - "city_name": "Stavropol", - "region_name": "Stavropol Krai" + "region_name": "Tula Oblast" }, - "address": "192.168.2.251", - "port": 59106, - "ip": "192.168.2.251" + "ip": "192.168.2.114", + "port": 41293 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:TLgRm8s0Er+HDrnrkeenWw+/I0g=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T13:36:52.135Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 80 }, - "@timestamp": "2019-11-11T13:36:52.135Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.251", - "10.28.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "59z0t8fiow9vg", + "kind": "event", + "original": "{\"insertId\":\"59z0t8fiow9vg\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.251\",\"src_port\":59106},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Stavropol\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Stavropol Krai\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T13:36:54.238077643Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T13:36:52.135887769Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"59z0t8fiow9vg\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.251\",\"src_port\":59106},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Stavropol\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Stavropol Krai\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T13:36:54.238077643Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T13:36:52.135887769Z\"}", - "id": "59z0t8fiow9vg", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.28.0.16", - "port": 80, - "domain": "adrian-test", - "ip": "10.28.0.16" + "network": { + "community_id": "1:TLgRm8s0Er+HDrnrkeenWw+/I0g=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.251", + "10.28.0.16" + ] }, "rule": { "name": "network:default/firewall:adrian-test-3" }, "source": { + "address": "192.168.2.251", "geo": { + "city_name": "Stavropol", "continent_name": "Europe", - "country_name": "fra", - "city_name": "Violès", - "region_name": "Provence-Alpes-Côte d'Azur" + "country_name": "rus", + "region_name": "Stavropol Krai" }, - "address": "192.168.2.189", - "port": 61000, - "ip": "192.168.2.189" + "ip": "192.168.2.251", + "port": 59106 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:fazVU7VcvYIcDuTD7cy31u/SVLg=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T14:06:16.593Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 80 }, - "@timestamp": "2019-11-11T14:06:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.189", - "10.28.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1y7e4yzff816cq", + "kind": "event", + "original": "{\"insertId\":\"1y7e4yzff816cq\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.189\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Violès\",\"continent\":\"Europe\",\"country\":\"fra\",\"region\":\"Provence-Alpes-Côte d'Azur\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T14:06:26.357446279Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T14:06:16.59353182Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1y7e4yzff816cq\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.189\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Violès\",\"continent\":\"Europe\",\"country\":\"fra\",\"region\":\"Provence-Alpes-Côte d'Azur\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T14:06:26.357446279Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T14:06:16.59353182Z\"}", - "id": "1y7e4yzff816cq", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.28.0.16", - "port": 80, - "domain": "adrian-test", - "ip": "10.28.0.16" + "network": { + "community_id": "1:fazVU7VcvYIcDuTD7cy31u/SVLg=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.189", + "10.28.0.16" + ] }, "rule": { "name": "network:default/firewall:adrian-test-3" }, "source": { + "address": "192.168.2.189", "geo": { + "city_name": "Violès", "continent_name": "Europe", "country_name": "fra", - "city_name": "Violès", "region_name": "Provence-Alpes-Côte d'Azur" }, - "address": "192.168.2.189", - "port": 61000, - "ip": "192.168.2.189" + "ip": "192.168.2.189", + "port": 61000 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:fazVU7VcvYIcDuTD7cy31u/SVLg=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T14:06:22.930Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 80 }, - "@timestamp": "2019-11-11T14:06:22.930Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.189", - "10.28.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "lx5jlsfggpr0q", + "kind": "event", + "original": "{\"insertId\":\"lx5jlsfggpr0q\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.189\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Violès\",\"continent\":\"Europe\",\"country\":\"fra\",\"region\":\"Provence-Alpes-Côte d'Azur\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T14:06:28.203068653Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T14:06:22.930570324Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"lx5jlsfggpr0q\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"192.168.2.189\",\"src_port\":61000},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"Violès\",\"continent\":\"Europe\",\"country\":\"fra\",\"region\":\"Provence-Alpes-Côte d'Azur\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T14:06:28.203068653Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T14:06:22.930570324Z\"}", - "id": "lx5jlsfggpr0q", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.28.0.16", - "port": 8080, - "domain": "adrian-test", - "ip": "10.28.0.16" + "network": { + "community_id": "1:fazVU7VcvYIcDuTD7cy31u/SVLg=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.189", + "10.28.0.16" + ] }, "rule": { "name": "network:default/firewall:adrian-test-3" }, "source": { + "address": "192.168.2.189", "geo": { - "continent_name": "Asia", - "country_name": "tur", - "city_name": "İzmir", - "region_name": "İzmir" + "city_name": "Violès", + "continent_name": "Europe", + "country_name": "fra", + "region_name": "Provence-Alpes-Côte d'Azur" }, - "address": "192.168.2.200", - "port": 42716, - "ip": "192.168.2.200" + "ip": "192.168.2.189", + "port": 61000 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:5cdw7jmZns9wqKsd7hRHlQJgaQ4=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T14:32:07.407Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 8080 }, - "@timestamp": "2019-11-11T14:32:07.407Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.200", - "10.28.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "18ynfbufer19m1", + "kind": "event", + "original": "{\"insertId\":\"18ynfbufer19m1\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.168.2.200\",\"src_port\":42716},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"İzmir\",\"continent\":\"Asia\",\"country\":\"tur\",\"region\":\"İzmir\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T14:32:14.038485761Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T14:32:07.407039908Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"18ynfbufer19m1\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":8080,\"protocol\":6,\"src_ip\":\"192.168.2.200\",\"src_port\":42716},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"city\":\"İzmir\",\"continent\":\"Asia\",\"country\":\"tur\",\"region\":\"İzmir\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T14:32:14.038485761Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T14:32:07.407039908Z\"}", - "id": "18ynfbufer19m1", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 80, - "ip": "67.43.156.13" + "network": { + "community_id": "1:5cdw7jmZns9wqKsd7hRHlQJgaQ4=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.200", + "10.28.0.16" + ] }, "rule": { - "name": "network:default/firewall:adrian-test-1" + "name": "network:default/firewall:adrian-test-3" }, "source": { - "address": "10.28.0.16", - "port": 46418, - "domain": "adrian-test", - "ip": "10.28.0.16" + "address": "192.168.2.200", + "geo": { + "city_name": "İzmir", + "continent_name": "Asia", + "country_name": "tur", + "region_name": "İzmir" + }, + "ip": "192.168.2.200", + "port": 42716 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:t2QQzu4ufNOZo7NH5i90Aqyel1Q=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "outbound" - }, + ] + }, + { + "@timestamp": "2019-11-12T12:41:20.972Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 80 }, - "@timestamp": "2019-11-12T12:41:20.972Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.28.0.16", - "67.43.156.13" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "tzddthfsr6fv5", + "kind": "event", + "original": "{\"insertId\":\"tzddthfsr6fv5\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"10.28.0.16\",\"src_port\":46418},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"rule_details\":{\"action\":\"DENY\",\"destination_range\":[\"8.8.8.0/24\"],\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"ALL\"}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-1\",\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-12T12:41:28.971534988Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-12T12:41:20.972747063Z\"}", + "type": "connection" }, "gcp": { "firewall": { "rule_details": { "action": "DENY", - "target_tag": [ - "adrian-test" - ], - "priority": 1000, "destination_range": [ "8.8.8.0/24" ], + "direction": "EGRESS", "ip_port_info": [ { "ip_protocol": "ALL" } ], - "direction": "EGRESS" + "priority": 1000, + "target_tag": [ + "adrian-test" + ] } }, "source": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"tzddthfsr6fv5\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"10.28.0.16\",\"src_port\":46418},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"rule_details\":{\"action\":\"DENY\",\"destination_range\":[\"8.8.8.0/24\"],\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"ALL\"}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-1\",\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-12T12:41:28.971534988Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-12T12:41:20.972747063Z\"}", - "id": "tzddthfsr6fv5", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 80, - "ip": "67.43.156.13" + "network": { + "community_id": "1:t2QQzu4ufNOZo7NH5i90Aqyel1Q=", + "direction": "outbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.28.0.16", + "67.43.156.13" + ] }, "rule": { "name": "network:default/firewall:adrian-test-1" }, "source": { "address": "10.28.0.16", - "port": 58725, "domain": "adrian-test", - "ip": "10.28.0.16" + "ip": "10.28.0.16", + "port": 46418 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:91bfvmXgXGnCZmHTsH6bUtpBCwY=", - "transport": "udp", - "type": "ipv4", - "iana_number": "17", - "direction": "outbound" - }, + ] + }, + { + "@timestamp": "2019-11-12T12:42:26.505Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 80 }, - "@timestamp": "2019-11-12T12:42:26.505Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.28.0.16", - "67.43.156.13" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1k2b7kefsnhzq7", + "kind": "event", + "original": "{\"insertId\":\"1k2b7kefsnhzq7\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":80,\"protocol\":17,\"src_ip\":\"10.28.0.16\",\"src_port\":58725},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"rule_details\":{\"action\":\"DENY\",\"destination_range\":[\"8.8.8.0/24\"],\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"ALL\"}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-1\",\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-12T12:42:33.671883883Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-12T12:42:26.50532921Z\"}", + "type": "connection" }, "gcp": { "firewall": { "rule_details": { "action": "DENY", - "target_tag": [ - "adrian-test" - ], - "priority": 1000, "destination_range": [ "8.8.8.0/24" ], + "direction": "EGRESS", "ip_port_info": [ { "ip_protocol": "ALL" } ], - "direction": "EGRESS" + "priority": 1000, + "target_tag": [ + "adrian-test" + ] } }, "source": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1k2b7kefsnhzq7\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":80,\"protocol\":17,\"src_ip\":\"10.28.0.16\",\"src_port\":58725},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"rule_details\":{\"action\":\"DENY\",\"destination_range\":[\"8.8.8.0/24\"],\"direction\":\"EGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"ALL\"}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-1\",\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-12T12:42:33.671883883Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-12T12:42:26.50532921Z\"}", - "id": "1k2b7kefsnhzq7", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.42.0.10", - "port": 9200, - "domain": "test-es", - "ip": "10.42.0.10" + "network": { + "community_id": "1:91bfvmXgXGnCZmHTsH6bUtpBCwY=", + "direction": "outbound", + "iana_number": "17", + "name": "default", + "transport": "udp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.28.0.16", + "67.43.156.13" + ] }, "rule": { - "name": "network:default/firewall:allow9200" + "name": "network:default/firewall:adrian-test-1" }, "source": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, - "address": "192.168.2.114", - "port": 44666, - "domain": "test-kibana", - "ip": "192.168.2.114" + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 58725 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:71E7EwkkBhmIXFYLBhatQg26r3M=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T12:54:13.531Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "test-beats" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.42.0.10", + "domain": "test-es", + "ip": "10.42.0.10", + "port": 9200 }, - "@timestamp": "2019-11-11T12:54:13.531Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.114", - "10.42.0.10" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1sdfuwxfk8hq1c", + "kind": "event", + "original": "{\"insertId\":\"1sdfuwxfk8hq1c\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.114\",\"src_port\":44666},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:15.188832255Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:13.531819246Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "test-beats", - "zone": "us-east1-b" } }, "firewall": { "rule_details": { "action": "ALLOW", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "allow9200" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "9200" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow9200" + ] } }, "source": { + "instance": { + "project_id": "test-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "test-beats", - "zone": "us-east1-b" } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1sdfuwxfk8hq1c\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.114\",\"src_port\":44666},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:15.188832255Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:13.531819246Z\"}", - "id": "1sdfuwxfk8hq1c", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.42.0.10", - "port": 9200, - "domain": "test-es", - "ip": "10.42.0.10" + "network": { + "community_id": "1:71E7EwkkBhmIXFYLBhatQg26r3M=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.114", + "10.42.0.10" + ] }, "rule": { "name": "network:default/firewall:allow9200" }, "source": { + "address": "192.168.2.114", + "domain": "test-kibana", "geo": { "continent_name": "America", "country_name": "usa" }, - "address": "192.168.2.114", - "port": 44668, - "domain": "test-kibana", - "ip": "192.168.2.114" + "ip": "192.168.2.114", + "port": 44666 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:kjnX5ow0hgQpA+DuU3FS4Bz+93M=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T12:54:13.551Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "test-beats" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.42.0.10", + "domain": "test-es", + "ip": "10.42.0.10", + "port": 9200 }, - "@timestamp": "2019-11-11T12:54:13.551Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.114", - "10.42.0.10" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1sdfuwxfk8hq1b", + "kind": "event", + "original": "{\"insertId\":\"1sdfuwxfk8hq1b\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.114\",\"src_port\":44668},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:15.188832255Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:13.551617516Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "test-beats", - "zone": "us-east1-b" } }, "firewall": { "rule_details": { "action": "ALLOW", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "allow9200" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "9200" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow9200" + ] } }, "source": { + "instance": { + "project_id": "test-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "test-beats", - "zone": "us-east1-b" } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1sdfuwxfk8hq1b\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.114\",\"src_port\":44668},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:15.188832255Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:13.551617516Z\"}", - "id": "1sdfuwxfk8hq1b", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.42.0.2", - "port": 3389, - "domain": "test-windows", - "ip": "10.42.0.2" + "network": { + "community_id": "1:kjnX5ow0hgQpA+DuU3FS4Bz+93M=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.114", + "10.42.0.10" + ] }, "rule": { - "name": "network:windows-isolated/firewall:windows-isolated-allow-rdp" + "name": "network:default/firewall:allow9200" }, "source": { + "address": "192.168.2.114", + "domain": "test-kibana", "geo": { - "continent_name": "Europe", - "country_name": "nld", - "city_name": "Almelo", - "region_name": "Overijssel" + "continent_name": "America", + "country_name": "usa" }, - "address": "192.168.2.7", - "port": 1683, - "ip": "192.168.2.7" + "ip": "192.168.2.114", + "port": 44668 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "windows-isolated", - "community_id": "1:FnXfTcArp/LffPC0tx64B4rTV6E=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T12:54:15.771Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "test-beats" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.42.0.2", + "domain": "test-windows", + "ip": "10.42.0.2", + "port": 3389 }, - "@timestamp": "2019-11-11T12:54:15.771Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.7", - "10.42.0.2" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "yot1ojetjdiw", + "kind": "event", + "original": "{\"insertId\":\"yot1ojetjdiw\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.2\",\"dest_port\":3389,\"protocol\":6,\"src_ip\":\"192.168.2.7\",\"src_port\":1683},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-windows\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"city\":\"Almelo\",\"continent\":\"Europe\",\"country\":\"nld\",\"region\":\"Overijssel\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"3389\"]}],\"priority\":1000,\"reference\":\"network:windows-isolated/firewall:windows-isolated-allow-rdp\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow-rdp\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:28.477733837Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"3238409883146034900\",\"subnetwork_name\":\"windows-isolated\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:15.771161946Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "windows-isolated", "vpc_name": "windows-isolated" - }, - "instance": { - "region": "us-east1", - "project_id": "test-beats", - "zone": "us-east1-b" } }, "firewall": { "rule_details": { "action": "ALLOW", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "allow-rdp" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "3389" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow-rdp" + ] } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"yot1ojetjdiw\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.2\",\"dest_port\":3389,\"protocol\":6,\"src_ip\":\"192.168.2.7\",\"src_port\":1683},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-windows\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"city\":\"Almelo\",\"continent\":\"Europe\",\"country\":\"nld\",\"region\":\"Overijssel\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"3389\"]}],\"priority\":1000,\"reference\":\"network:windows-isolated/firewall:windows-isolated-allow-rdp\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow-rdp\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:28.477733837Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"3238409883146034900\",\"subnetwork_name\":\"windows-isolated\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:15.771161946Z\"}", - "id": "yot1ojetjdiw", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.42.0.10", - "port": 9200, - "domain": "test-es", - "ip": "10.42.0.10" + "network": { + "community_id": "1:FnXfTcArp/LffPC0tx64B4rTV6E=", + "direction": "inbound", + "iana_number": "6", + "name": "windows-isolated", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.7", + "10.42.0.2" + ] }, "rule": { - "name": "network:default/firewall:allow9200" + "name": "network:windows-isolated/firewall:windows-isolated-allow-rdp" }, "source": { + "address": "192.168.2.7", "geo": { - "continent_name": "America", - "country_name": "usa" + "city_name": "Almelo", + "continent_name": "Europe", + "country_name": "nld", + "region_name": "Overijssel" }, - "address": "192.168.2.114", - "port": 45068, - "domain": "test-kibana", - "ip": "192.168.2.114" + "ip": "192.168.2.7", + "port": 1683 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:/ut7lWVheWNhh3UrQNn/8O2iPS0=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T12:54:35.850Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "test-beats" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.42.0.10", + "domain": "test-es", + "ip": "10.42.0.10", + "port": 9200 }, - "@timestamp": "2019-11-11T12:54:35.850Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.114", - "10.42.0.10" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "5a27u1g22jks9e", + "kind": "event", + "original": "{\"insertId\":\"5a27u1g22jks9e\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.114\",\"src_port\":45068},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:45.189726185Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:35.850729583Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "test-beats", - "zone": "us-east1-b" } }, "firewall": { "rule_details": { "action": "ALLOW", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "allow9200" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "9200" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow9200" + ] } }, "source": { + "instance": { + "project_id": "test-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "test-beats", - "zone": "us-east1-b" } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"5a27u1g22jks9e\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.114\",\"src_port\":45068},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:45.189726185Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:35.850729583Z\"}", - "id": "5a27u1g22jks9e", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.42.0.10", - "port": 9200, - "domain": "test-es", - "ip": "10.42.0.10" + "network": { + "community_id": "1:/ut7lWVheWNhh3UrQNn/8O2iPS0=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.114", + "10.42.0.10" + ] }, "rule": { "name": "network:default/firewall:allow9200" }, "source": { + "address": "192.168.2.114", + "domain": "test-kibana", "geo": { "continent_name": "America", "country_name": "usa" }, - "address": "192.168.2.114", - "port": 45062, - "domain": "test-kibana", - "ip": "192.168.2.114" + "ip": "192.168.2.114", + "port": 45068 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:59vjEXNOC6W+KGAxHCndM//owm0=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-11T12:54:35.850Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "test-beats" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.42.0.10", + "domain": "test-es", + "ip": "10.42.0.10", + "port": 9200 }, - "@timestamp": "2019-11-11T12:54:35.850Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.114", - "10.42.0.10" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "5a27u1g22jks8t", + "kind": "event", + "original": "{\"insertId\":\"5a27u1g22jks8t\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.114\",\"src_port\":45062},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:45.189726185Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:35.85023465Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "test-beats", - "zone": "us-east1-b" } }, "firewall": { "rule_details": { "action": "ALLOW", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "allow9200" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "9200" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "allow9200" + ] } }, "source": { + "instance": { + "project_id": "test-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "test-beats", - "zone": "us-east1-b" } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"5a27u1g22jks8t\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.42.0.10\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.114\",\"src_port\":45062},\"disposition\":\"ALLOWED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-kibana\",\"zone\":\"us-east1-b\"},\"remote_location\":{\"continent\":\"America\",\"country\":\"usa\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"ALLOW\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"9200\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:allow9200\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"allow9200\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-11T12:54:45.189726185Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-11T12:54:35.85023465Z\"}", - "id": "5a27u1g22jks8t", - "category": "network", - "type": "connection", - "kind": "event" - } - }, - { "log": { "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" }, - "destination": { - "address": "10.28.0.16", - "port": 80, - "domain": "adrian-test", - "ip": "10.28.0.16" + "network": { + "community_id": "1:59vjEXNOC6W+KGAxHCndM//owm0=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.114", + "10.42.0.10" + ] }, "rule": { - "name": "network:default/firewall:adrian-test-3" + "name": "network:default/firewall:allow9200" }, "source": { - "address": "10.42.0.10", - "port": 57794, - "domain": "test-es", - "ip": "10.42.0.10" + "address": "192.168.2.114", + "domain": "test-kibana", + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.114", + "port": 45062 }, "tags": [ "preserve_original_event" - ], - "network": { - "name": "default", - "community_id": "1:6Q1oPyCPH/prdYU6FXBpxAgFrP8=", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "direction": "inbound" - }, + ] + }, + { + "@timestamp": "2019-11-06T16:41:38.394Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "test-beats" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.28.0.16", + "domain": "adrian-test", + "ip": "10.28.0.16", + "port": 80 }, - "@timestamp": "2019-11-06T16:41:38.394Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.42.0.10", - "10.28.0.16" - ] + "event": { + "action": "firewall-rule", + "category": "network", + "id": "1dobeotg13df9f5", + "kind": "event", + "original": "{\"insertId\":\"1dobeotg13df9f5\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"10.42.0.10\",\"src_port\":57794},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-06T16:41:45.009675991Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-06T16:41:38.394575419Z\"}", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "test-beats", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "test-beats", - "zone": "us-central1-a" } }, "firewall": { "rule_details": { "action": "DENY", - "source_range": [ - "0.0.0.0/0" - ], - "target_tag": [ - "adrian-test" - ], - "priority": 1000, + "direction": "INGRESS", "ip_port_info": [ { + "ip_protocol": "TCP", "port_range": [ "80", "8080" - ], - "ip_protocol": "TCP" + ] } ], - "direction": "INGRESS" + "priority": 1000, + "source_range": [ + "0.0.0.0/0" + ], + "target_tag": [ + "adrian-test" + ] } }, "source": { + "instance": { + "project_id": "test-beats", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "test-beats", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "test-beats", - "zone": "us-east1-b" } } }, - "event": { - "action": "firewall-rule", - "original": "{\"insertId\":\"1dobeotg13df9f5\",\"jsonPayload\":{\"connection\":{\"dest_ip\":\"10.28.0.16\",\"dest_port\":80,\"protocol\":6,\"src_ip\":\"10.42.0.10\",\"src_port\":57794},\"disposition\":\"DENIED\",\"instance\":{\"project_id\":\"test-beats\",\"region\":\"us-central1\",\"vm_name\":\"adrian-test\",\"zone\":\"us-central1-a\"},\"remote_instance\":{\"project_id\":\"test-beats\",\"region\":\"us-east1\",\"vm_name\":\"test-es\",\"zone\":\"us-east1-b\"},\"remote_vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"rule_details\":{\"action\":\"DENY\",\"direction\":\"INGRESS\",\"ip_port_info\":[{\"ip_protocol\":\"TCP\",\"port_range\":[\"80\",\"8080\"]}],\"priority\":1000,\"reference\":\"network:default/firewall:adrian-test-3\",\"source_range\":[\"0.0.0.0/0\"],\"target_tag\":[\"adrian-test\"]},\"vpc\":{\"project_id\":\"test-beats\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"}},\"logName\":\"projects/test-beats/logs/compute.googleapis.com%2Ffirewall\",\"receiveTimestamp\":\"2019-11-06T16:41:45.009675991Z\",\"resource\":{\"labels\":{\"location\":\"us-central1-a\",\"project_id\":\"test-beats\",\"subnetwork_id\":\"1266623735137648253\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-11-06T16:41:38.394575419Z\"}", - "id": "1dobeotg13df9f5", - "category": "network", - "type": "connection", - "kind": "event" - } + "log": { + "logger": "projects/test-beats/logs/compute.googleapis.com%2Ffirewall" + }, + "network": { + "community_id": "1:6Q1oPyCPH/prdYU6FXBpxAgFrP8=", + "direction": "inbound", + "iana_number": "6", + "name": "default", + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.42.0.10", + "10.28.0.16" + ] + }, + "rule": { + "name": "network:default/firewall:adrian-test-3" + }, + "source": { + "address": "10.42.0.10", + "domain": "test-es", + "ip": "10.42.0.10", + "port": 57794 + }, + "tags": [ + "preserve_original_event" + ] } ] } \ No newline at end of file diff --git a/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index a23c18f27e6..6fc4b28e095 100644 --- a/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud Firewall Logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/firewall/sample_event.json b/packages/gcp/data_stream/firewall/sample_event.json index 34c5396a1dd..13f6dbd6fb7 100644 --- a/packages/gcp/data_stream/firewall/sample_event.json +++ b/packages/gcp/data_stream/firewall/sample_event.json @@ -26,7 +26,7 @@ "port": 3389 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json index e6eae7a6c85..9c7a8e9dc7c 100644 --- a/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json +++ b/packages/gcp/data_stream/vpcflow/_dev/test/pipeline/test-vpcflow.log-expected.json @@ -2,156 +2,135 @@ "expected": [ { "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.13" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33478, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 33478 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1776, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"ut8lbrffooxyw\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33478,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:37.301953198Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:37.186193305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:45:37.186193305Z", + "category": "network", "end": "2019-06-14T03:45:37.301953198Z", "id": "ut8lbrffooxyw", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxyw\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33478,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:37.301953198Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:37.186193305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:45:37.186193305Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:Wa+aonxAQZ59AWtNdQD0CH6FnsM=", "bytes": 1776, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:Wa+aonxAQZ59AWtNdQD0CH6FnsM=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33970, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 173663, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 68 + "address": "10.87.40.76", + "bytes": 1776, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:MxkJSlVhiCttfItp2SdfNMtLgEY=", - "bytes": 173663, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 68, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33970 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "ut8lbrffooxzb", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxzb\",\"jsonPayload\":{\"bytes_sent\":\"173663\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33970,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"68\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466657665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:08.466657665Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -159,101 +138,113 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxzb\",\"jsonPayload\":{\"bytes_sent\":\"173663\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33970,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"68\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466657665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466657665Z", - "end": "2019-06-14T03:49:51.821302149Z", - "id": "ut8lbrffooxzb", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 173663, + "community_id": "1:MxkJSlVhiCttfItp2SdfNMtLgEY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 68, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 173663, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33576, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 155707, - "packets": 78, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.14", + "packets": 68, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:FYaJFSEAKLcBCMFoT6sR5TMHf/s=", - "bytes": 155707, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 78, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" }, - "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33576 }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "ecs": { + "version": "8.2.0" }, - "gcp": { - "destination": { + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821143836Z", + "id": "ut8lbrffooxze", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxze\",\"jsonPayload\":{\"bytes_sent\":\"155707\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33576,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821143836Z\",\"packets_sent\":\"78\",\"reporter\":\"SRC\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510622432Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:20.510622432Z", + "type": "connection" + }, + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -261,634 +252,622 @@ "rtt": { "ms": 201 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxze\",\"jsonPayload\":{\"bytes_sent\":\"155707\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33576,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821143836Z\",\"packets_sent\":\"78\",\"reporter\":\"SRC\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510622432Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.510622432Z", - "end": "2019-06-14T03:49:51.821143836Z", - "id": "ut8lbrffooxze", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 155707, + "community_id": "1:FYaJFSEAKLcBCMFoT6sR5TMHf/s=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 78, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ "10.139.99.242", - "192.168.2.23" + "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC" - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 155707, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 78, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "destination": { + "address": "192.168.2.23", + "as": { + "number": 49505 + }, "geo": { + "city_name": "Saint Petersburg", "continent_name": "Europe", "country_name": "rus", - "city_name": "Saint Petersburg", "region_name": "Saint Petersburg" }, - "as": { - "number": 49505 - }, - "address": "192.168.2.23", - "port": 59679, - "ip": "192.168.2.23" + "ip": "192.168.2.23", + "port": 59679 }, - "source": { - "address": "10.139.99.242", - "port": 22, - "bytes": 0, - "packets": 1, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"ut8lbrffooxyz\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"192.168.2.23\",\"dest_port\":59679,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":49505,\"city\":\"Saint Petersburg\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Saint Petersburg\"},\"end_time\":\"2019-06-14T03:40:46.031032701Z\",\"packets_sent\":\"1\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:45.860349247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:45.860349247Z", + "category": "network", "end": "2019-06-14T03:40:46.031032701Z", "id": "ut8lbrffooxyz", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxyz\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"192.168.2.23\",\"dest_port\":59679,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":49505,\"city\":\"Saint Petersburg\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Saint Petersburg\"},\"end_time\":\"2019-06-14T03:40:46.031032701Z\",\"packets_sent\":\"1\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:45.860349247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:45.860349247Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC" + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:MRmF95Hv0PHOjUO7gqbVt98osmo=", "bytes": 0, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:MRmF95Hv0PHOjUO7gqbVt98osmo=", + "direction": "outbound", "iana_number": "6", "packets": 1, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "192.168.2.117" + "10.139.99.242", + "192.168.2.23" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 0, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 1, + "port": 22 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "destination": { + "address": "192.168.2.117", + "as": { + "number": 15169 + }, "geo": { "continent_name": "America", "country_name": "usa" }, - "as": { - "number": 15169 - }, - "address": "192.168.2.117", - "port": 50646, - "ip": "192.168.2.117" + "ip": "192.168.2.117", + "port": 50646 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1784, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"ut8lbrffooxz6\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":50646,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:37.048196137Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:36.895188084Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:36.895188084Z", + "category": "network", "end": "2019-06-14T03:40:37.048196137Z", "id": "ut8lbrffooxz6", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxz6\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":50646,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:37.048196137Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:36.895188084Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:36.895188084Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:++9/JiESSUdwTGGcxwXk4RA0lY8=", - "bytes": 1784, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "192.168.2.117", - "10.87.40.76" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, "gcp": { - "destination": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { "ms": 36 } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, - "as": { - "number": 15169 - }, - "address": "192.168.2.117", - "port": 50646, - "bytes": 1464, - "ip": "192.168.2.117", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxzf\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":50646},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:37.048196137Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:36.895188084Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:36.895188084Z", - "end": "2019-06-14T03:40:37.048196137Z", - "id": "ut8lbrffooxzf", - "category": "network", - "type": "connection" - }, - "tags": [ - "preserve_original_event" - ], "network": { + "bytes": 1784, "community_id": "1:++9/JiESSUdwTGGcxwXk4RA0lY8=", - "bytes": 1464, - "transport": "tcp", - "type": "ipv4", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33692, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "10.87.40.76", + "192.168.2.117" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 186151, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 251 + "address": "10.87.40.76", + "bytes": 1784, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:pWEbJIgG8triE8M05SRo2qQc0c8=", - "bytes": 186151, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 251, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } - }, + ] + }, + { "@timestamp": "2019-06-14T03:50:10.845Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:40:37.048196137Z", + "id": "ut8lbrffooxzf", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxzf\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":50646},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:37.048196137Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:36.895188084Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:36.895188084Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { "reporter": "DEST", "rtt": { - "ms": 1 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "ms": 36 } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxz1\",\"jsonPayload\":{\"bytes_sent\":\"186151\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33692,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500498059Z", - "end": "2019-06-14T03:49:59.565287007Z", - "id": "ut8lbrffooxz1", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "network": { + "bytes": 1464, + "community_id": "1:++9/JiESSUdwTGGcxwXk4RA0lY8=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.117", + "10.87.40.76" + ] }, "source": { - "address": "10.87.40.76", - "port": 33880, - "bytes": 15169, - "packets": 92, - "domain": "kibana", - "ip": "10.87.40.76" + "address": "192.168.2.117", + "as": { + "number": 15169 + }, + "bytes": 1464, + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.117", + "packets": 7, + "port": 50646 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:NAY9D1IuyJAG+Hm34t3LIlP6/4c=", - "bytes": 15169, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 92, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33692 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "ut8lbrffooxz1", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxz1\",\"jsonPayload\":{\"bytes_sent\":\"186151\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33692,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:39:59.500498059Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 3 } }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxyp\",\"jsonPayload\":{\"bytes_sent\":\"15169\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33880},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821308944Z\",\"packets_sent\":\"92\",\"reporter\":\"SRC\",\"rtt_msec\":\"3\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469099728Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.469099728Z", - "end": "2019-06-14T03:49:51.821308944Z", - "id": "ut8lbrffooxyp", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33554, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 186151, + "community_id": "1:pWEbJIgG8triE8M05SRo2qQc0c8=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 251, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 186151, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 250864, - "domain": "elasticsearch", "ip": "67.43.156.14", - "packets": 247 + "packets": 251, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:inP0peZrjQuMumAL2dZH5u0O354=", - "bytes": 250864, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 247, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821308944Z", + "id": "ut8lbrffooxyp", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxyp\",\"jsonPayload\":{\"bytes_sent\":\"15169\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33880},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821308944Z\",\"packets_sent\":\"92\",\"reporter\":\"SRC\",\"rtt_msec\":\"3\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469099728Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:08.469099728Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { - "ms": 1 + "ms": 3 } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 15169, + "community_id": "1:NAY9D1IuyJAG+Hm34t3LIlP6/4c=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 92, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] + }, + "source": { + "address": "10.87.40.76", + "bytes": 15169, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 92, + "port": 33880 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" }, - "source": { + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33554 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "ut8lbrffooxzd", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxzd\",\"jsonPayload\":{\"bytes_sent\":\"250864\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33554,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"247\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500506974Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:39:59.500506974Z", + "type": "connection" + }, + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxzd\",\"jsonPayload\":{\"bytes_sent\":\"250864\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33554,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"247\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500506974Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500506974Z", - "end": "2019-06-14T03:49:59.565311154Z", - "id": "ut8lbrffooxzd", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33880, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 250864, + "community_id": "1:inP0peZrjQuMumAL2dZH5u0O354=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 247, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 250864, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 167939, - "domain": "elasticsearch", "ip": "67.43.156.14", - "packets": 63 + "packets": 247, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:NAY9D1IuyJAG+Hm34t3LIlP6/4c=", - "bytes": 167939, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 63, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33880 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821308944Z", + "id": "ut8lbrffooxz8", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxz8\",\"jsonPayload\":{\"bytes_sent\":\"167939\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33880,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821308944Z\",\"packets_sent\":\"63\",\"reporter\":\"DEST\",\"rtt_msec\":\"3\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469099728Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:08.469099728Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -896,176 +875,176 @@ "rtt": { "ms": 3 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxz8\",\"jsonPayload\":{\"bytes_sent\":\"167939\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33880,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821308944Z\",\"packets_sent\":\"63\",\"reporter\":\"DEST\",\"rtt_msec\":\"3\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469099728Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.469099728Z", - "end": "2019-06-14T03:49:51.821308944Z", - "id": "ut8lbrffooxz8", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "192.168.2.23", - "10.139.99.242" - ] - }, "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "gcp": { - "destination": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "network": { + "bytes": 167939, + "community_id": "1:NAY9D1IuyJAG+Hm34t3LIlP6/4c=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 63, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 167939, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } }, - "vpcflow": { - "reporter": "DEST" - } + "ip": "67.43.156.14", + "packets": 63, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "destination": { "address": "10.139.99.242", - "port": 22, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "port": 22 }, - "source": { - "geo": { - "continent_name": "Europe", - "country_name": "rus", - "city_name": "Saint Petersburg", - "region_name": "Saint Petersburg" - }, - "as": { - "number": 49505 - }, - "address": "192.168.2.23", - "port": 59679, - "bytes": 0, - "ip": "192.168.2.23", - "packets": 3 + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"ut8lbrffooxyt\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.168.2.23\",\"src_port\":59679},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:46.031032701Z\",\"packets_sent\":\"3\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":49505,\"city\":\"Saint Petersburg\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Saint Petersburg\"},\"start_time\":\"2019-06-14T03:40:45.860349247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:45.860349247Z", + "category": "network", "end": "2019-06-14T03:40:46.031032701Z", "id": "ut8lbrffooxyt", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxyt\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.168.2.23\",\"src_port\":59679},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:46.031032701Z\",\"packets_sent\":\"3\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":49505,\"city\":\"Saint Petersburg\",\"continent\":\"Europe\",\"country\":\"rus\",\"region\":\"Saint Petersburg\"},\"start_time\":\"2019-06-14T03:40:45.860349247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:45.860349247Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "DEST" + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:MRmF95Hv0PHOjUO7gqbVt98osmo=", "bytes": 0, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:MRmF95Hv0PHOjUO7gqbVt98osmo=", + "direction": "inbound", "iana_number": "6", "packets": 3, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "192.168.2.23", + "10.139.99.242" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, + "address": "192.168.2.23", "as": { - "number": 35908 + "number": 49505 }, - "address": "67.43.156.13", - "port": 33576, - "bytes": 11773, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 94 + "bytes": 0, + "geo": { + "city_name": "Saint Petersburg", + "continent_name": "Europe", + "country_name": "rus", + "region_name": "Saint Petersburg" + }, + "ip": "192.168.2.23", + "packets": 3, + "port": 59679 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:FYaJFSEAKLcBCMFoT6sR5TMHf/s=", - "bytes": 11773, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 94, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821056075Z", + "id": "ut8lbrffooxz5", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxz5\",\"jsonPayload\":{\"bytes_sent\":\"11773\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33576},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"94\",\"reporter\":\"DEST\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510622432Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:20.510622432Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -1073,101 +1052,101 @@ "rtt": { "ms": 201 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxz5\",\"jsonPayload\":{\"bytes_sent\":\"11773\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33576},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"94\",\"reporter\":\"DEST\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510622432Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.510622432Z", - "end": "2019-06-14T03:49:51.821056075Z", - "id": "ut8lbrffooxz5", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 11773, + "community_id": "1:FYaJFSEAKLcBCMFoT6sR5TMHf/s=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 94, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 11773, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33562, - "bytes": 65699, - "domain": "kibana", "ip": "67.43.156.13", - "packets": 356 + "packets": 94, + "port": 33576 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:zUvAQSLCTNOIkUn3aNG0HbYxPv8=", - "bytes": 65699, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 356, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" }, - "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "gcp": { - "destination": { - "vpc": { - "project_id": "my-sample-project", + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.393910944Z", + "id": "ut8lbrffooxza", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxza\",\"jsonPayload\":{\"bytes_sent\":\"65699\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33562},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393910944Z\",\"packets_sent\":\"356\",\"reporter\":\"DEST\",\"rtt_msec\":\"192\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074897435Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:01.074897435Z", + "type": "connection" + }, + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -1175,101 +1154,113 @@ "rtt": { "ms": 192 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxza\",\"jsonPayload\":{\"bytes_sent\":\"65699\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33562},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393910944Z\",\"packets_sent\":\"356\",\"reporter\":\"DEST\",\"rtt_msec\":\"192\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074897435Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.074897435Z", - "end": "2019-06-14T03:49:56.393910944Z", - "id": "ut8lbrffooxza", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 65699, + "community_id": "1:zUvAQSLCTNOIkUn3aNG0HbYxPv8=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 356, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 65699, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33692, - "bytes": 66029, - "packets": 361, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "67.43.156.13", + "packets": 356, + "port": 33562 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:pWEbJIgG8triE8M05SRo2qQc0c8=", - "bytes": 66029, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 361, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "ut8lbrffooxyq", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxyq\",\"jsonPayload\":{\"bytes_sent\":\"66029\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33692},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"361\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:39:59.500498059Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -1277,101 +1268,101 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxyq\",\"jsonPayload\":{\"bytes_sent\":\"66029\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33692},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"361\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500498059Z", - "end": "2019-06-14T03:49:59.565287007Z", - "id": "ut8lbrffooxyq", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "network": { + "bytes": 66029, + "community_id": "1:pWEbJIgG8triE8M05SRo2qQc0c8=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 361, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 33542, - "bytes": 65154, - "packets": 360, + "bytes": 66029, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "packets": 361, + "port": 33692 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:6IVVaT8jMDNLIBHaC8OISRVYWS4=", - "bytes": 65154, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 360, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565272745Z", + "id": "ut8lbrffooxz2", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxz2\",\"jsonPayload\":{\"bytes_sent\":\"65154\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33542},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"360\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150720950Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:08.150720950Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -1379,101 +1370,101 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxz2\",\"jsonPayload\":{\"bytes_sent\":\"65154\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33542},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"360\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150720950Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.150720950Z", - "end": "2019-06-14T03:49:59.565272745Z", - "id": "ut8lbrffooxz2", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "network": { + "bytes": 65154, + "community_id": "1:6IVVaT8jMDNLIBHaC8OISRVYWS4=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 360, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 33970, - "bytes": 13643, - "packets": 99, + "bytes": 65154, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "packets": 360, + "port": 33542 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:MxkJSlVhiCttfItp2SdfNMtLgEY=", - "bytes": 13643, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 99, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "ut8lbrffooxyo", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxyo\",\"jsonPayload\":{\"bytes_sent\":\"13643\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33970},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"99\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466657665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:08.466657665Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -1481,55 +1472,70 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxyo\",\"jsonPayload\":{\"bytes_sent\":\"13643\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33970},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"99\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466657665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466657665Z", - "end": "2019-06-14T03:49:51.821302149Z", - "id": "ut8lbrffooxyo", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 13643, + "community_id": "1:MxkJSlVhiCttfItp2SdfNMtLgEY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 99, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.49.136.133" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 13643, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 99, + "port": 33970 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "destination": { + "address": "10.49.136.133", + "domain": "simianhacker-demo", + "ip": "10.49.136.133", + "port": 46864 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:29.432367659Z", + "id": "ut8lbrffooxzc", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxzc\",\"jsonPayload\":{\"bytes_sent\":\"34509840\",\"connection\":{\"dest_ip\":\"10.49.136.133\",\"dest_port\":46864,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":9243},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:29.432367659Z\",\"packets_sent\":\"8690\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"start_time\":\"2019-06-14T03:40:17.343890802Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:17.343890802Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -1539,78 +1545,78 @@ } } }, - "destination": { - "address": "10.49.136.133", - "port": 46864, - "domain": "simianhacker-demo", - "ip": "10.49.136.133" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 34509840, + "community_id": "1:j0PdUfLhQ/r+kYCVQX20c/nfCSc=", + "direction": "inbound", + "iana_number": "6", + "packets": 8690, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.49.136.133" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 34509840, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 9243, - "bytes": 34509840, "ip": "67.43.156.13", - "packets": 8690 - }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxzc\",\"jsonPayload\":{\"bytes_sent\":\"34509840\",\"connection\":{\"dest_ip\":\"10.49.136.133\",\"dest_port\":46864,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":9243},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:29.432367659Z\",\"packets_sent\":\"8690\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"start_time\":\"2019-06-14T03:40:17.343890802Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:17.343890802Z", - "end": "2019-06-14T03:49:29.432367659Z", - "id": "ut8lbrffooxzc", - "category": "network", - "type": "connection" + "packets": 8690, + "port": 9243 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:j0PdUfLhQ/r+kYCVQX20c/nfCSc=", - "bytes": 34509840, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 8690, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:48:39.076420731Z", + "id": "ut8lbrffooxz7", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxz7\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":34836},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:39.076420731Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:38.961050187Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:48:38.961050187Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -1620,124 +1626,109 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1467, + "community_id": "1:qoQEykwJ/Fqctc/3YyFJSUPTETc=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1467, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 34836, - "bytes": 1467, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxz7\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":34836},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:39.076420731Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:38.961050187Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:48:38.961050187Z", - "end": "2019-06-14T03:48:39.076420731Z", - "id": "ut8lbrffooxz7", - "category": "network", - "type": "connection" + "packets": 7, + "port": 34836 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:qoQEykwJ/Fqctc/3YyFJSUPTETc=", - "bytes": 1467, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33554, - "bytes": 63671, - "packets": 367, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:inP0peZrjQuMumAL2dZH5u0O354=", - "bytes": 63671, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 367, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "ut8lbrffooxyu", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxyu\",\"jsonPayload\":{\"bytes_sent\":\"63671\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33554},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"367\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500506974Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:39:59.500506974Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -1745,182 +1736,182 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxyu\",\"jsonPayload\":{\"bytes_sent\":\"63671\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33554},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"367\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500506974Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500506974Z", - "end": "2019-06-14T03:49:59.565311154Z", - "id": "ut8lbrffooxyu", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 63671, + "community_id": "1:inP0peZrjQuMumAL2dZH5u0O354=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 367, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", - "67.43.156.13" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 63671, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 367, + "port": 33554 }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 220 + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } }, + "ip": "67.43.156.13", + "port": 65320 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220714119Z", + "id": "ut8lbrffooxyv", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxyv\",\"jsonPayload\":{\"bytes_sent\":\"51075\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65320,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220714119Z\",\"packets_sent\":\"608\",\"reporter\":\"SRC\",\"rtt_msec\":\"220\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.560917237Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:00.560917237Z", + "type": "connection" + }, + "gcp": { "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 220 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 65320, - "ip": "67.43.156.13" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 51075, + "community_id": "1:35LvCkME5lZSqhiM4O+MxjttWtA=", + "direction": "outbound", + "iana_number": "6", + "packets": 608, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, "bytes": 51075, - "packets": 608, "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxyv\",\"jsonPayload\":{\"bytes_sent\":\"51075\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65320,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220714119Z\",\"packets_sent\":\"608\",\"reporter\":\"SRC\",\"rtt_msec\":\"220\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.560917237Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.560917237Z", - "end": "2019-06-14T03:49:56.220714119Z", - "id": "ut8lbrffooxyv", - "category": "network", - "type": "connection" + "ip": "10.139.99.242", + "packets": 608, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:35LvCkME5lZSqhiM4O+MxjttWtA=", - "bytes": 51075, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 608, - "direction": "outbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:10.845Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33562, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 197840, - "packets": 258, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:zUvAQSLCTNOIkUn3aNG0HbYxPv8=", - "bytes": 197840, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 258, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } + "ip": "67.43.156.13", + "port": 33562 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.393910944Z", + "id": "ut8lbrffooxz0", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxz0\",\"jsonPayload\":{\"bytes_sent\":\"197840\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33562,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393910944Z\",\"packets_sent\":\"258\",\"reporter\":\"SRC\",\"rtt_msec\":\"192\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074897435Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:01.074897435Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -1928,136 +1919,151 @@ "rtt": { "ms": 192 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxz0\",\"jsonPayload\":{\"bytes_sent\":\"197840\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33562,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393910944Z\",\"packets_sent\":\"258\",\"reporter\":\"SRC\",\"rtt_msec\":\"192\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074897435Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.074897435Z", - "end": "2019-06-14T03:49:56.393910944Z", - "id": "ut8lbrffooxz0", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 197840, + "community_id": "1:zUvAQSLCTNOIkUn3aNG0HbYxPv8=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 258, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.49.136.133", + "10.139.99.242", "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.139.99.242", + "bytes": 197840, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 258, + "port": 9200 }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } }, + "ip": "67.43.156.13", + "port": 9243 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:58.716492806Z", + "id": "ut8lbrffooxys", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxys\",\"jsonPayload\":{\"bytes_sent\":\"173805495\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":9243,\"protocol\":6,\"src_ip\":\"10.49.136.133\",\"src_port\":46864},\"end_time\":\"2019-06-14T03:49:58.716492806Z\",\"packets_sent\":\"44438\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:17.306085222Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:17.306085222Z", + "type": "connection" + }, + "gcp": { "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 9243, - "ip": "67.43.156.13" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 173805495, + "community_id": "1:j0PdUfLhQ/r+kYCVQX20c/nfCSc=", + "direction": "outbound", + "iana_number": "6", + "packets": 44438, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.49.136.133", + "67.43.156.13" + ] }, "source": { "address": "10.49.136.133", - "port": 46864, "bytes": 173805495, - "packets": 44438, "domain": "simianhacker-demo", - "ip": "10.49.136.133" - }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxys\",\"jsonPayload\":{\"bytes_sent\":\"173805495\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":9243,\"protocol\":6,\"src_ip\":\"10.49.136.133\",\"src_port\":46864},\"end_time\":\"2019-06-14T03:49:58.716492806Z\",\"packets_sent\":\"44438\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:17.306085222Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:17.306085222Z", - "end": "2019-06-14T03:49:58.716492806Z", - "id": "ut8lbrffooxys", - "category": "network", - "type": "connection" + "ip": "10.49.136.133", + "packets": 44438, + "port": 46864 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:j0PdUfLhQ/r+kYCVQX20c/nfCSc=", - "bytes": 173805495, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 44438, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:45:37.301953198Z", + "id": "ut8lbrffooxyx", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxyx\",\"jsonPayload\":{\"bytes_sent\":\"1468\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33478},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:37.301953198Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:37.186193305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:45:37.186193305Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -2067,124 +2073,109 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33478, + "network": { "bytes": 1468, - "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxyx\",\"jsonPayload\":{\"bytes_sent\":\"1468\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33478},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:37.301953198Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:37.186193305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:45:37.186193305Z", - "end": "2019-06-14T03:45:37.301953198Z", - "id": "ut8lbrffooxyx", - "category": "network", - "type": "connection" - }, - "tags": [ - "preserve_original_event" - ], - "network": { "community_id": "1:Wa+aonxAQZ59AWtNdQD0CH6FnsM=", - "bytes": 1468, - "transport": "tcp", - "type": "ipv4", + "direction": "inbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1468, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33548, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 159704, - "packets": 241, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.13", + "packets": 7, + "port": 33478 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:+S3/6PF+UXU7wlJD68HIrz0Mo6c=", - "bytes": 159704, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 241, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33548 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.393651211Z", + "id": "ut8lbrffooxz4", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxz4\",\"jsonPayload\":{\"bytes_sent\":\"159704\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33548,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393651211Z\",\"packets_sent\":\"241\",\"reporter\":\"SRC\",\"rtt_msec\":\"50\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147252064Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:05.147252064Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -2192,55 +2183,70 @@ "rtt": { "ms": 50 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxz4\",\"jsonPayload\":{\"bytes_sent\":\"159704\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33548,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393651211Z\",\"packets_sent\":\"241\",\"reporter\":\"SRC\",\"rtt_msec\":\"50\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147252064Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.147252064Z", - "end": "2019-06-14T03:49:56.393651211Z", - "id": "ut8lbrffooxz4", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 159704, + "community_id": "1:+S3/6PF+UXU7wlJD68HIrz0Mo6c=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 241, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.139.99.242" + "10.139.99.242", + "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.139.99.242", + "bytes": 159704, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 241, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220714119Z", + "id": "ut8lbrffooxz3", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxz3\",\"jsonPayload\":{\"bytes_sent\":\"70775\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65320},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220714119Z\",\"packets_sent\":\"732\",\"reporter\":\"DEST\",\"rtt_msec\":\"220\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.560917237Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:00.560917237Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -2250,124 +2256,97 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 65320, - "bytes": 70775, - "ip": "67.43.156.13", - "packets": 732 - }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxz3\",\"jsonPayload\":{\"bytes_sent\":\"70775\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65320},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220714119Z\",\"packets_sent\":\"732\",\"reporter\":\"DEST\",\"rtt_msec\":\"220\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.560917237Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.560917237Z", - "end": "2019-06-14T03:49:56.220714119Z", - "id": "ut8lbrffooxz3", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:35LvCkME5lZSqhiM4O+MxjttWtA=", "bytes": 70775, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:35LvCkME5lZSqhiM4O+MxjttWtA=", + "direction": "inbound", "iana_number": "6", "packets": 732, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33542, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 70775, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 281147, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 246 + "ip": "67.43.156.13", + "packets": 732, + "port": 65320 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:6IVVaT8jMDNLIBHaC8OISRVYWS4=", - "bytes": 281147, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 246, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33542 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565272745Z", + "id": "ut8lbrffooxz9", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxz9\",\"jsonPayload\":{\"bytes_sent\":\"281147\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33542,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150720950Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:08.150720950Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -2375,101 +2354,101 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxz9\",\"jsonPayload\":{\"bytes_sent\":\"281147\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33542,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150720950Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.150720950Z", - "end": "2019-06-14T03:49:59.565272745Z", - "id": "ut8lbrffooxz9", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 281147, + "community_id": "1:6IVVaT8jMDNLIBHaC8OISRVYWS4=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 246, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 281147, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33548, - "bytes": 63590, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 340 + "ip": "67.43.156.14", + "packets": 246, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:+S3/6PF+UXU7wlJD68HIrz0Mo6c=", - "bytes": 63590, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 340, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:10.845Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:48.537763242Z", + "id": "ut8lbrffooxyr", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxyr\",\"jsonPayload\":{\"bytes_sent\":\"63590\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33548},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:48.537763242Z\",\"packets_sent\":\"340\",\"reporter\":\"DEST\",\"rtt_msec\":\"50\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147252064Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:40:05.147252064Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -2477,260 +2456,272 @@ "rtt": { "ms": 50 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ut8lbrffooxyr\",\"jsonPayload\":{\"bytes_sent\":\"63590\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33548},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:48.537763242Z\",\"packets_sent\":\"340\",\"reporter\":\"DEST\",\"rtt_msec\":\"50\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147252064Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.147252064Z", - "end": "2019-06-14T03:49:48.537763242Z", - "id": "ut8lbrffooxyr", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:10.845Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 63590, + "community_id": "1:+S3/6PF+UXU7wlJD68HIrz0Mo6c=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 340, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "67.43.156.13" + "67.43.156.13", + "10.139.99.242" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 63590, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "packets": 340, + "port": 33548 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:10.845Z", + "destination": { + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 34836, - "ip": "67.43.156.13" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 34836 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1780, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"ut8lbrffooxyy\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":34836,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:39.076420731Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:38.961050187Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", - "kind": "event", - "start": "2019-06-14T03:48:38.961050187Z", + "category": "network", "end": "2019-06-14T03:48:39.076420731Z", "id": "ut8lbrffooxyy", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"ut8lbrffooxyy\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":34836,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:39.076420731Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:38.961050187Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:10.845445834Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:10.845445834Z\"}", + "start": "2019-06-14T03:48:38.961050187Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:qoQEykwJ/Fqctc/3YyFJSUPTETc=", - "bytes": 1780, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "192.168.2.165", - "10.139.99.242" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, "gcp": { - "destination": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { - "ms": 233 + "ms": 36 } } }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1780, + "community_id": "1:qoQEykwJ/Fqctc/3YyFJSUPTETc=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] + }, + "source": { + "address": "10.87.40.76", + "bytes": 1780, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "destination": { "address": "10.139.99.242", - "port": 22, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "port": 22 }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "vnm", - "city_name": "Vĩnh Yên", - "region_name": "Vinh Phuc Province" - }, - "as": { - "number": 45899 - }, - "address": "192.168.2.165", - "port": 59623, - "bytes": 1239, - "ip": "192.168.2.165", - "packets": 18 + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1ulp77rfdvho4g\",\"jsonPayload\":{\"bytes_sent\":\"1239\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.168.2.165\",\"src_port\":59623},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:52.361155668Z\",\"packets_sent\":\"18\",\"reporter\":\"DEST\",\"rtt_msec\":\"233\",\"src_location\":{\"asn\":45899,\"city\":\"Vĩnh Yên\",\"continent\":\"Asia\",\"country\":\"vnm\",\"region\":\"Vinh Phuc Province\"},\"start_time\":\"2019-06-14T03:40:46.541094678Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:46.541094678Z", + "category": "network", "end": "2019-06-14T03:40:52.361155668Z", "id": "1ulp77rfdvho4g", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho4g\",\"jsonPayload\":{\"bytes_sent\":\"1239\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.168.2.165\",\"src_port\":59623},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:52.361155668Z\",\"packets_sent\":\"18\",\"reporter\":\"DEST\",\"rtt_msec\":\"233\",\"src_location\":{\"asn\":45899,\"city\":\"Vĩnh Yên\",\"continent\":\"Asia\",\"country\":\"vnm\",\"region\":\"Vinh Phuc Province\"},\"start_time\":\"2019-06-14T03:40:46.541094678Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:46.541094678Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 233 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:FsRs9Upw/72M8FLScc+hnC6ByYQ=", "bytes": 1239, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:FsRs9Upw/72M8FLScc+hnC6ByYQ=", + "direction": "inbound", "iana_number": "6", "packets": 18, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { + "related": { + "ip": [ + "192.168.2.165", + "10.139.99.242" + ] + }, + "source": { + "address": "192.168.2.165", + "as": { + "number": 45899 + }, + "bytes": 1239, "geo": { + "city_name": "Vĩnh Yên", "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "country_name": "vnm", + "region_name": "Vinh Phuc Province" }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33552, - "bytes": 63853, - "packets": 363, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "192.168.2.165", + "packets": 18, + "port": 59623 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:VmSf9DDKsJGi5cMJABVFKp5r22M=", - "bytes": 63853, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 363, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:55.213244028Z", + "id": "1ulp77rfdvho5r", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5r\",\"jsonPayload\":{\"bytes_sent\":\"63853\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33552},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213244028Z\",\"packets_sent\":\"363\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075811571Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:06.075811571Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -2738,55 +2729,70 @@ "rtt": { "ms": 2 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5r\",\"jsonPayload\":{\"bytes_sent\":\"63853\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33552},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213244028Z\",\"packets_sent\":\"363\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075811571Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075811571Z", - "end": "2019-06-14T03:49:55.213244028Z", - "id": "1ulp77rfdvho5r", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 63853, + "community_id": "1:VmSf9DDKsJGi5cMJABVFKp5r22M=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 363, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.14", - "10.87.40.76" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 63853, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 363, + "port": 33552 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:46:20.745658276Z", + "id": "1ulp77rfdvho5k", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5k\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":33924},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:20.745658276Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:20.634435179Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:46:20.634435179Z", + "type": "connection" }, "gcp": { "destination": { - "vpc": { + "instance": { "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { "region": "us-east1", - "project_id": "my-sample-project", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -2796,124 +2802,109 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1458, + "community_id": "1:zZLAweyUiKKYNJrw7Pxer9kCofQ=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 1458, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 33924, - "bytes": 1458, "ip": "67.43.156.14", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5k\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":33924},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:20.745658276Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:20.634435179Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:46:20.634435179Z", - "end": "2019-06-14T03:46:20.745658276Z", - "id": "1ulp77rfdvho5k", - "category": "network", - "type": "connection" + "packets": 7, + "port": 33924 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:zZLAweyUiKKYNJrw7Pxer9kCofQ=", - "bytes": 1458, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:11.981Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33534, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 252397, - "packets": 260, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:kmu70zI5WDvD+rP/FihJUhIgim4=", - "bytes": 252397, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 260, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } + "ip": "67.43.156.13", + "port": 33534 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.597088427Z", + "id": "1ulp77rfdvho55", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho55\",\"jsonPayload\":{\"bytes_sent\":\"252397\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33534,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597088427Z\",\"packets_sent\":\"260\",\"reporter\":\"SRC\",\"rtt_msec\":\"311\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075942176Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:06.075942176Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -2921,101 +2912,101 @@ "rtt": { "ms": 311 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho55\",\"jsonPayload\":{\"bytes_sent\":\"252397\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33534,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597088427Z\",\"packets_sent\":\"260\",\"reporter\":\"SRC\",\"rtt_msec\":\"311\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075942176Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075942176Z", - "end": "2019-06-14T03:49:59.597088427Z", - "id": "1ulp77rfdvho55", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33694, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 252397, + "community_id": "1:kmu70zI5WDvD+rP/FihJUhIgim4=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 260, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 205787, - "packets": 265, + "bytes": 252397, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 260, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:YFlTqXDJr36riIZMLbrmKhw38gg=", - "bytes": 205787, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 265, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33694 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565117754Z", + "id": "1ulp77rfdvho60", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho60\",\"jsonPayload\":{\"bytes_sent\":\"205787\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33694,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565117754Z\",\"packets_sent\":\"265\",\"reporter\":\"SRC\",\"rtt_msec\":\"216\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566551903Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:05.566551903Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -3023,34 +3014,20 @@ "rtt": { "ms": 216 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho60\",\"jsonPayload\":{\"bytes_sent\":\"205787\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33694,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565117754Z\",\"packets_sent\":\"265\",\"reporter\":\"SRC\",\"rtt_msec\":\"216\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566551903Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.566551903Z", - "end": "2019-06-14T03:49:59.565117754Z", - "id": "1ulp77rfdvho60", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 205787, + "community_id": "1:YFlTqXDJr36riIZMLbrmKhw38gg=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 265, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -3058,147 +3035,149 @@ "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 87 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 205787, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 265, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65263, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 65263 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 106409, - "packets": 607, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1ulp77rfdvho49\",\"jsonPayload\":{\"bytes_sent\":\"106409\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65263,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220748025Z\",\"packets_sent\":\"607\",\"reporter\":\"SRC\",\"rtt_msec\":\"87\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.270990648Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.270990648Z", + "category": "network", "end": "2019-06-14T03:49:56.220748025Z", "id": "1ulp77rfdvho49", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho49\",\"jsonPayload\":{\"bytes_sent\":\"106409\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65263,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220748025Z\",\"packets_sent\":\"607\",\"reporter\":\"SRC\",\"rtt_msec\":\"87\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.270990648Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:01.270990648Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 87 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:NVPn1fsNGKIWh4nC6Og4qM8A3kY=", "bytes": 106409, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:NVPn1fsNGKIWh4nC6Og4qM8A3kY=", + "direction": "outbound", "iana_number": "6", "packets": 607, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33534, - "bytes": 61242, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 356 + "address": "10.139.99.242", + "bytes": 106409, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 607, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:kmu70zI5WDvD+rP/FihJUhIgim4=", - "bytes": 61242, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 356, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.597088427Z", + "id": "1ulp77rfdvho4t", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho4t\",\"jsonPayload\":{\"bytes_sent\":\"61242\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33534},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597088427Z\",\"packets_sent\":\"356\",\"reporter\":\"DEST\",\"rtt_msec\":\"311\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075942176Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:06.075942176Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -3206,101 +3185,113 @@ "rtt": { "ms": 311 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho4t\",\"jsonPayload\":{\"bytes_sent\":\"61242\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33534},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597088427Z\",\"packets_sent\":\"356\",\"reporter\":\"DEST\",\"rtt_msec\":\"311\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075942176Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075942176Z", - "end": "2019-06-14T03:49:59.597088427Z", - "id": "1ulp77rfdvho4t", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 61242, + "community_id": "1:kmu70zI5WDvD+rP/FihJUhIgim4=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 356, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 61242, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 49680, - "domain": "siem-windows", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 248826, - "packets": 735, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.13", + "packets": 356, + "port": 33534 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:cHKWt/bhFFzMhXHYkr/P9HZG8V0=", - "bytes": 248826, - "name": "windows-isolated", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 735, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } - }, - "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + }, + "region": "us-east1" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "siem-windows", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 49680 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:55.705469925Z", + "id": "1ulp77rfdvho68", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho68\",\"jsonPayload\":{\"bytes_sent\":\"248826\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":49680,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"siem-windows\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"},\"end_time\":\"2019-06-14T03:49:55.705469925Z\",\"packets_sent\":\"735\",\"reporter\":\"SRC\",\"rtt_msec\":\"113\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.711043814Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:39:59.711043814Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "windows-isolated", "vpc_name": "windows-isolated" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -3308,258 +3299,246 @@ "rtt": { "ms": 113 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho68\",\"jsonPayload\":{\"bytes_sent\":\"248826\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":49680,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"siem-windows\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"},\"end_time\":\"2019-06-14T03:49:55.705469925Z\",\"packets_sent\":\"735\",\"reporter\":\"SRC\",\"rtt_msec\":\"113\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.711043814Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.711043814Z", - "end": "2019-06-14T03:49:55.705469925Z", - "id": "1ulp77rfdvho68", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 248826, + "community_id": "1:cHKWt/bhFFzMhXHYkr/P9HZG8V0=", + "direction": "internal", + "iana_number": "6", + "name": "windows-isolated", + "packets": 735, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "192.168.2.117" + "10.139.99.242", + "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 248826, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 735, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "destination": { + "address": "192.168.2.117", + "as": { + "number": 15169 + }, "geo": { "continent_name": "America", "country_name": "usa" }, - "as": { - "number": 15169 - }, - "address": "192.168.2.117", - "port": 33862, - "ip": "192.168.2.117" + "ip": "192.168.2.117", + "port": 33862 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1777, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5n\",\"jsonPayload\":{\"bytes_sent\":\"1777\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":33862,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:11.779780615Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:11.655143526Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:46:11.655143526Z", + "category": "network", "end": "2019-06-14T03:46:11.779780615Z", "id": "1ulp77rfdvho5n", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5n\",\"jsonPayload\":{\"bytes_sent\":\"1777\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":33862,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:11.779780615Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:11.655143526Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:46:11.655143526Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:HWHsV+dz7l0NO6OLlewyD4wOVhc=", "bytes": 1777, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:HWHsV+dz7l0NO6OLlewyD4wOVhc=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", - "67.43.156.13" + "10.87.40.76", + "192.168.2.117" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 219 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.87.40.76", + "bytes": 1777, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65321, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 65321 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 116845, - "packets": 594, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5l\",\"jsonPayload\":{\"bytes_sent\":\"116845\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65321,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"594\",\"reporter\":\"SRC\",\"rtt_msec\":\"219\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.843986502Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.843986502Z", + "category": "network", "end": "2019-06-14T03:49:56.312105537Z", "id": "1ulp77rfdvho5l", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5l\",\"jsonPayload\":{\"bytes_sent\":\"116845\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65321,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"594\",\"reporter\":\"SRC\",\"rtt_msec\":\"219\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.843986502Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:39:59.843986502Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 219 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:CLTnKCsx3XAJV3yhtJSs+Vn6Xsc=", "bytes": 116845, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:CLTnKCsx3XAJV3yhtJSs+Vn6Xsc=", + "direction": "outbound", "iana_number": "6", "packets": 594, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33524, - "bytes": 4614, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 58 + "address": "10.139.99.242", + "bytes": 116845, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 594, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:6nRZDTz3kwMjD/sK6/2SvfZM7Ks=", - "bytes": 4614, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 58, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.461087350Z", + "id": "1ulp77rfdvho65", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho65\",\"jsonPayload\":{\"bytes_sent\":\"4614\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33524},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461087350Z\",\"packets_sent\":\"58\",\"reporter\":\"DEST\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.790136141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:24.790136141Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -3567,96 +3546,108 @@ "rtt": { "ms": 0 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho65\",\"jsonPayload\":{\"bytes_sent\":\"4614\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33524},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461087350Z\",\"packets_sent\":\"58\",\"reporter\":\"DEST\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.790136141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:24.790136141Z", - "end": "2019-06-14T03:49:56.461087350Z", - "id": "1ulp77rfdvho65", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, - "as": { - "number": 15169 - }, - "address": "192.168.2.177", - "port": 60112, - "domain": "suricata-iowa", - "ip": "192.168.2.177" + "network": { + "bytes": 4614, + "community_id": "1:6nRZDTz3kwMjD/sK6/2SvfZM7Ks=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 58, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 50379, - "packets": 130, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 4614, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "packets": 58, + "port": 33524 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:tEFDnW0zs/Y86QZ+V6iUmdJfre4=", - "bytes": 50379, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 130, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "192.168.2.177", + "as": { + "number": 15169 + }, + "domain": "suricata-iowa", + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.177", + "port": 60112 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "192.168.2.177" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:18.224268993Z", + "id": "1ulp77rfdvho4b", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho4b\",\"jsonPayload\":{\"bytes_sent\":\"50379\",\"connection\":{\"dest_ip\":\"192.168.2.177\",\"dest_port\":60112,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:18.224268993Z\",\"packets_sent\":\"130\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:14.031541248Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:14.031541248Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-central1", "project_id": "my-sample-project", - "zone": "us-central1-a" + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -3664,101 +3655,89 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho4b\",\"jsonPayload\":{\"bytes_sent\":\"50379\",\"connection\":{\"dest_ip\":\"192.168.2.177\",\"dest_port\":60112,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:18.224268993Z\",\"packets_sent\":\"130\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:14.031541248Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:14.031541248Z", - "end": "2019-06-14T03:49:18.224268993Z", - "id": "1ulp77rfdvho4b", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33552, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 50379, + "community_id": "1:tEFDnW0zs/Y86QZ+V6iUmdJfre4=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 130, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "192.168.2.177" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 200417, + "address": "10.139.99.242", + "bytes": 50379, "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 250 + "ip": "10.139.99.242", + "packets": 130, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:VmSf9DDKsJGi5cMJABVFKp5r22M=", - "bytes": 200417, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 250, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33552 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:55.213244028Z", + "id": "1ulp77rfdvho4m", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho4m\",\"jsonPayload\":{\"bytes_sent\":\"200417\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33552,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213244028Z\",\"packets_sent\":\"250\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075811571Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:06.075811571Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -3766,101 +3745,113 @@ "rtt": { "ms": 2 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho4m\",\"jsonPayload\":{\"bytes_sent\":\"200417\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33552,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213244028Z\",\"packets_sent\":\"250\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075811571Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075811571Z", - "end": "2019-06-14T03:49:55.213244028Z", - "id": "1ulp77rfdvho4m", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 200417, + "community_id": "1:VmSf9DDKsJGi5cMJABVFKp5r22M=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 250, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 200417, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33524, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 30233, - "packets": 37, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.14", + "packets": 250, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:6nRZDTz3kwMjD/sK6/2SvfZM7Ks=", - "bytes": 30233, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 37, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33524 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.461087350Z", + "id": "1ulp77rfdvho5t", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5t\",\"jsonPayload\":{\"bytes_sent\":\"30233\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33524,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461087350Z\",\"packets_sent\":\"37\",\"reporter\":\"SRC\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.790136141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:24.790136141Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -3868,203 +3859,191 @@ "rtt": { "ms": 0 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5t\",\"jsonPayload\":{\"bytes_sent\":\"30233\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33524,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461087350Z\",\"packets_sent\":\"37\",\"reporter\":\"SRC\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.790136141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:24.790136141Z", - "end": "2019-06-14T03:49:56.461087350Z", - "id": "1ulp77rfdvho5t", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33548, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 30233, + "community_id": "1:6nRZDTz3kwMjD/sK6/2SvfZM7Ks=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 37, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 160693, + "address": "10.139.99.242", + "bytes": 30233, "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 237 + "ip": "10.139.99.242", + "packets": 37, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:if1o1IHC+FQXkxdlwDLZoOhwlFs=", - "bytes": 160693, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 237, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33548 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565451051Z", + "id": "1ulp77rfdvho50", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho50\",\"jsonPayload\":{\"bytes_sent\":\"160693\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33548,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565451051Z\",\"packets_sent\":\"237\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147072949Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:05.147072949Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "DEST", - "rtt": { - "ms": 1 - } - }, - "source": { + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho50\",\"jsonPayload\":{\"bytes_sent\":\"160693\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33548,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565451051Z\",\"packets_sent\":\"237\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147072949Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.147072949Z", - "end": "2019-06-14T03:49:59.565451051Z", - "id": "1ulp77rfdvho50", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 160693, + "community_id": "1:if1o1IHC+FQXkxdlwDLZoOhwlFs=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 237, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 160693, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33694, - "bytes": 59903, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 353 + "ip": "67.43.156.14", + "packets": 237, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:YFlTqXDJr36riIZMLbrmKhw38gg=", - "bytes": 59903, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 353, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565117754Z", + "id": "1ulp77rfdvho63", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho63\",\"jsonPayload\":{\"bytes_sent\":\"59903\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33694},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565117754Z\",\"packets_sent\":\"353\",\"reporter\":\"DEST\",\"rtt_msec\":\"216\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566551903Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:05.566551903Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -4072,217 +4051,244 @@ "rtt": { "ms": 216 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho63\",\"jsonPayload\":{\"bytes_sent\":\"59903\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33694},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565117754Z\",\"packets_sent\":\"353\",\"reporter\":\"DEST\",\"rtt_msec\":\"216\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566551903Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.566551903Z", - "end": "2019-06-14T03:49:59.565117754Z", - "id": "1ulp77rfdvho63", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 59903, + "community_id": "1:YFlTqXDJr36riIZMLbrmKhw38gg=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 353, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "67.43.156.14" + "67.43.156.13", + "10.139.99.242" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 59903, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "packets": 353, + "port": 33694 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "destination": { + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 33924, - "ip": "67.43.156.14" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 33924 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1780, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1ulp77rfdvho4r\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":33924,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:20.745658276Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:20.634545217Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:46:20.634545217Z", + "category": "network", "end": "2019-06-14T03:46:20.745658276Z", "id": "1ulp77rfdvho4r", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho4r\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":33924,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:20.745658276Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:20.634545217Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:46:20.634545217Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:zZLAweyUiKKYNJrw7Pxer9kCofQ=", "bytes": 1780, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:zZLAweyUiKKYNJrw7Pxer9kCofQ=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", - "67.43.156.13" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 1780, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 89 + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } }, + "ip": "67.43.156.13", + "port": 65271 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:55.318940798Z", + "id": "1ulp77rfdvho4i", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho4i\",\"jsonPayload\":{\"bytes_sent\":\"129335\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65271,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:55.318940798Z\",\"packets_sent\":\"605\",\"reporter\":\"SRC\",\"rtt_msec\":\"89\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.155378070Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:00.155378070Z", + "type": "connection" + }, + "gcp": { "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 89 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 65271, - "ip": "67.43.156.13" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 129335, + "community_id": "1:qv0hIE4qzHUK+++IYF3H4yaOdYA=", + "direction": "outbound", + "iana_number": "6", + "packets": 605, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, "bytes": 129335, - "packets": 605, "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho4i\",\"jsonPayload\":{\"bytes_sent\":\"129335\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65271,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:55.318940798Z\",\"packets_sent\":\"605\",\"reporter\":\"SRC\",\"rtt_msec\":\"89\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.155378070Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.155378070Z", - "end": "2019-06-14T03:49:55.318940798Z", - "id": "1ulp77rfdvho4i", - "category": "network", - "type": "connection" + "ip": "10.139.99.242", + "packets": 605, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:qv0hIE4qzHUK+++IYF3H4yaOdYA=", - "bytes": 129335, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 605, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "192.168.2.117", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:46:11.779780615Z", + "id": "1ulp77rfdvho5v", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5v\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":33862},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:11.779780615Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:11.655143526Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:46:11.655143526Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -4292,73 +4298,73 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1464, + "community_id": "1:HWHsV+dz7l0NO6OLlewyD4wOVhc=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.117", + "10.87.40.76" + ] }, "source": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, + "address": "192.168.2.117", "as": { "number": 15169 }, - "address": "192.168.2.117", - "port": 33862, "bytes": 1464, + "geo": { + "continent_name": "America", + "country_name": "usa" + }, "ip": "192.168.2.117", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5v\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":33862},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:11.779780615Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:11.655143526Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:46:11.655143526Z", - "end": "2019-06-14T03:46:11.779780615Z", - "id": "1ulp77rfdvho5v", - "category": "network", - "type": "connection" + "packets": 7, + "port": 33862 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:HWHsV+dz7l0NO6OLlewyD4wOVhc=", - "bytes": 1464, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.312105537Z", + "id": "1ulp77rfdvho5i", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5i\",\"jsonPayload\":{\"bytes_sent\":\"75477\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65321},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"737\",\"reporter\":\"DEST\",\"rtt_msec\":\"219\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.843986502Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:39:59.843986502Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -4368,205 +4374,178 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 75477, + "community_id": "1:CLTnKCsx3XAJV3yhtJSs+Vn6Xsc=", + "direction": "inbound", + "iana_number": "6", + "packets": 737, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 75477, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65321, - "bytes": 75477, "ip": "67.43.156.13", - "packets": 737 - }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5i\",\"jsonPayload\":{\"bytes_sent\":\"75477\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65321},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"737\",\"reporter\":\"DEST\",\"rtt_msec\":\"219\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.843986502Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.843986502Z", - "end": "2019-06-14T03:49:56.312105537Z", - "id": "1ulp77rfdvho5i", - "category": "network", - "type": "connection" + "packets": 737, + "port": 65321 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:CLTnKCsx3XAJV3yhtJSs+Vn6Xsc=", - "bytes": 75477, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 737, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:11.981Z", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 65316 + }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220838853Z", + "id": "1ulp77rfdvho5c", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5c\",\"jsonPayload\":{\"bytes_sent\":\"102119\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65316,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"600\",\"reporter\":\"SRC\",\"rtt_msec\":\"86\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.565831992Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:00.565831992Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 86 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } - } - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 }, - "address": "67.43.156.13", - "port": 65316, - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 102119, - "packets": 600, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 86 + } + } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5c\",\"jsonPayload\":{\"bytes_sent\":\"102119\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65316,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"600\",\"reporter\":\"SRC\",\"rtt_msec\":\"86\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.565831992Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.565831992Z", - "end": "2019-06-14T03:49:56.220838853Z", - "id": "1ulp77rfdvho5c", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:dJhBeC2A7KY1uJpWS48QzGUUwxY=", "bytes": 102119, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:dJhBeC2A7KY1uJpWS48QzGUUwxY=", + "direction": "outbound", "iana_number": "6", "packets": 600, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 49680, - "bytes": 1541638, - "domain": "siem-windows", - "ip": "67.43.156.13", - "packets": 949 + "address": "10.139.99.242", + "bytes": 102119, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 600, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:cHKWt/bhFFzMhXHYkr/P9HZG8V0=", - "bytes": 1541638, - "name": "windows-isolated", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 949, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:55.705469925Z", + "id": "1ulp77rfdvho5p", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5p\",\"jsonPayload\":{\"bytes_sent\":\"1541638\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":49680},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.705469925Z\",\"packets_sent\":\"949\",\"reporter\":\"DEST\",\"rtt_msec\":\"113\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"siem-windows\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"},\"start_time\":\"2019-06-14T03:39:59.711043814Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:39:59.711043814Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "windows-isolated", + "vpc_name": "windows-isolated" } }, "vpcflow": { @@ -4574,96 +4553,101 @@ "rtt": { "ms": 113 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "windows-isolated", - "vpc_name": "windows-isolated" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5p\",\"jsonPayload\":{\"bytes_sent\":\"1541638\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":49680},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.705469925Z\",\"packets_sent\":\"949\",\"reporter\":\"DEST\",\"rtt_msec\":\"113\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"siem-windows\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"windows-isolated\",\"vpc_name\":\"windows-isolated\"},\"start_time\":\"2019-06-14T03:39:59.711043814Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.711043814Z", - "end": "2019-06-14T03:49:55.705469925Z", - "id": "1ulp77rfdvho5p", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 1541638, + "community_id": "1:cHKWt/bhFFzMhXHYkr/P9HZG8V0=", + "direction": "internal", + "iana_number": "6", + "name": "windows-isolated", + "packets": 949, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, + "address": "67.43.156.13", "as": { - "number": 15169 + "number": 35908 }, - "address": "192.168.2.177", - "port": 60112, - "bytes": 755901, - "domain": "suricata-iowa", - "ip": "192.168.2.177", - "packets": 227 + "bytes": 1541638, + "domain": "siem-windows", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "packets": 949, + "port": 49680 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:tEFDnW0zs/Y86QZ+V6iUmdJfre4=", - "bytes": 755901, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 227, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.177", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:18.224268993Z", + "id": "1ulp77rfdvho4y", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho4y\",\"jsonPayload\":{\"bytes_sent\":\"755901\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.177\",\"src_port\":60112},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:18.224268993Z\",\"packets_sent\":\"227\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:14.031541248Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:14.031541248Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", - "zone": "us-east1-b" + "region": "us-central1", + "zone": "us-central1-a" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -4671,101 +4655,108 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "my-sample-project", - "zone": "us-central1-a" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho4y\",\"jsonPayload\":{\"bytes_sent\":\"755901\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.177\",\"src_port\":60112},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:18.224268993Z\",\"packets_sent\":\"227\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:14.031541248Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:14.031541248Z", - "end": "2019-06-14T03:49:18.224268993Z", - "id": "1ulp77rfdvho4y", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33558, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 755901, + "community_id": "1:tEFDnW0zs/Y86QZ+V6iUmdJfre4=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 227, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.177", + "10.139.99.242" + ] }, "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 248715, - "packets": 270, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "address": "192.168.2.177", + "as": { + "number": 15169 + }, + "bytes": 755901, + "domain": "suricata-iowa", + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.177", + "packets": 227, + "port": 60112 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:OXveH9jdApjuJYvfxS0cJZ8eAbI=", - "bytes": 248715, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 270, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33558 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.394676451Z", + "id": "1ulp77rfdvho4o", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho4o\",\"jsonPayload\":{\"bytes_sent\":\"248715\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33558,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.394676451Z\",\"packets_sent\":\"270\",\"reporter\":\"SRC\",\"rtt_msec\":\"144\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:58.492572765Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:39:58.492572765Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -4773,55 +4764,70 @@ "rtt": { "ms": 144 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho4o\",\"jsonPayload\":{\"bytes_sent\":\"248715\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33558,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.394676451Z\",\"packets_sent\":\"270\",\"reporter\":\"SRC\",\"rtt_msec\":\"144\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:58.492572765Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:58.492572765Z", - "end": "2019-06-14T03:49:56.394676451Z", - "id": "1ulp77rfdvho4o", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 248715, + "community_id": "1:OXveH9jdApjuJYvfxS0cJZ8eAbI=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 270, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.139.99.242" + "10.139.99.242", + "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.139.99.242", + "bytes": 248715, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 270, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220838853Z", + "id": "1ulp77rfdvho5g", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5g\",\"jsonPayload\":{\"bytes_sent\":\"69757\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65316},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"709\",\"reporter\":\"DEST\",\"rtt_msec\":\"86\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.565831992Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:00.565831992Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -4831,78 +4837,78 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 69757, + "community_id": "1:dJhBeC2A7KY1uJpWS48QzGUUwxY=", + "direction": "inbound", + "iana_number": "6", + "packets": 709, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 69757, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65316, - "bytes": 69757, "ip": "67.43.156.13", - "packets": 709 - }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5g\",\"jsonPayload\":{\"bytes_sent\":\"69757\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65316},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"709\",\"reporter\":\"DEST\",\"rtt_msec\":\"86\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.565831992Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.565831992Z", - "end": "2019-06-14T03:49:56.220838853Z", - "id": "1ulp77rfdvho5g", - "category": "network", - "type": "connection" + "packets": 709, + "port": 65316 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:dJhBeC2A7KY1uJpWS48QzGUUwxY=", - "bytes": 69757, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 709, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220748025Z", + "id": "1ulp77rfdvho59", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho59\",\"jsonPayload\":{\"bytes_sent\":\"69440\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65263},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220748025Z\",\"packets_sent\":\"728\",\"reporter\":\"DEST\",\"rtt_msec\":\"87\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:01.270990648Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:01.270990648Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -4912,78 +4918,78 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 69440, + "community_id": "1:NVPn1fsNGKIWh4nC6Og4qM8A3kY=", + "direction": "inbound", + "iana_number": "6", + "packets": 728, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 69440, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65263, - "bytes": 69440, "ip": "67.43.156.13", - "packets": 728 - }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho59\",\"jsonPayload\":{\"bytes_sent\":\"69440\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65263},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220748025Z\",\"packets_sent\":\"728\",\"reporter\":\"DEST\",\"rtt_msec\":\"87\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:01.270990648Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.270990648Z", - "end": "2019-06-14T03:49:56.220748025Z", - "id": "1ulp77rfdvho59", - "category": "network", - "type": "connection" + "packets": 728, + "port": 65263 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:NVPn1fsNGKIWh4nC6Og4qM8A3kY=", - "bytes": 69440, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 728, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "192.168.2.117", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:40:20.569744903Z", + "id": "1ulp77rfdvho57", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho57\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":50438},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:20.569744903Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:20.454046087Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:20.454046087Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -4993,52 +4999,99 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1457, + "community_id": "1:+C/3qZp81mU+xJgorNlBHR/BmTE=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.117", + "10.87.40.76" + ] }, "source": { + "address": "192.168.2.117", + "as": { + "number": 15169 + }, + "bytes": 1457, "geo": { "continent_name": "America", "country_name": "usa" }, + "ip": "192.168.2.117", + "packets": 7, + "port": 50438 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "destination": { + "address": "192.168.2.117", "as": { "number": 15169 }, - "address": "192.168.2.117", - "port": 50438, - "bytes": 1457, + "geo": { + "continent_name": "America", + "country_name": "usa" + }, "ip": "192.168.2.117", - "packets": 7 + "port": 50438 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1ulp77rfdvho57\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":50438},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:20.569744903Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:20.454046087Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "category": "network", + "end": "2019-06-14T03:40:20.569744903Z", + "id": "1ulp77rfdvho5e", "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5e\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":50438,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:20.569744903Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.454046087Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", "start": "2019-06-14T03:40:20.454046087Z", - "end": "2019-06-14T03:40:20.569744903Z", - "id": "1ulp77rfdvho57", - "category": "network", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { + "bytes": 1784, "community_id": "1:+C/3qZp81mU+xJgorNlBHR/BmTE=", - "bytes": 1457, - "transport": "tcp", - "type": "ipv4", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -5046,220 +5099,146 @@ "192.168.2.117" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, - "as": { - "number": 15169 - }, - "address": "192.168.2.117", - "port": 50438, - "ip": "192.168.2.117" - }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1784, - "packets": 7, "domain": "kibana", - "ip": "10.87.40.76" - }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5e\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":50438,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:20.569744903Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.454046087Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.454046087Z", - "end": "2019-06-14T03:40:20.569744903Z", - "id": "1ulp77rfdvho5e", - "category": "network", - "type": "connection" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:+C/3qZp81mU+xJgorNlBHR/BmTE=", - "bytes": 1784, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.139.99.242", - "192.168.2.165" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 233 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, "destination": { + "address": "192.168.2.165", + "as": { + "number": 45899 + }, "geo": { + "city_name": "Vĩnh Yên", "continent_name": "Asia", "country_name": "vnm", - "city_name": "Vĩnh Yên", "region_name": "Vinh Phuc Province" }, - "as": { - "number": 45899 - }, - "address": "192.168.2.165", - "port": 59623, - "ip": "192.168.2.165" + "ip": "192.168.2.165", + "port": 59623 }, - "source": { - "address": "10.139.99.242", - "port": 22, - "bytes": 2395, - "packets": 11, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1ulp77rfdvho4d\",\"jsonPayload\":{\"bytes_sent\":\"2395\",\"connection\":{\"dest_ip\":\"192.168.2.165\",\"dest_port\":59623,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":45899,\"city\":\"Vĩnh Yên\",\"continent\":\"Asia\",\"country\":\"vnm\",\"region\":\"Vinh Phuc Province\"},\"end_time\":\"2019-06-14T03:40:52.361155668Z\",\"packets_sent\":\"11\",\"reporter\":\"SRC\",\"rtt_msec\":\"233\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:46.541094678Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:46.541094678Z", + "category": "network", "end": "2019-06-14T03:40:52.361155668Z", "id": "1ulp77rfdvho4d", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho4d\",\"jsonPayload\":{\"bytes_sent\":\"2395\",\"connection\":{\"dest_ip\":\"192.168.2.165\",\"dest_port\":59623,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":45899,\"city\":\"Vĩnh Yên\",\"continent\":\"Asia\",\"country\":\"vnm\",\"region\":\"Vinh Phuc Province\"},\"end_time\":\"2019-06-14T03:40:52.361155668Z\",\"packets_sent\":\"11\",\"reporter\":\"SRC\",\"rtt_msec\":\"233\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:46.541094678Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:46.541094678Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 233 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:FsRs9Upw/72M8FLScc+hnC6ByYQ=", "bytes": 2395, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:FsRs9Upw/72M8FLScc+hnC6ByYQ=", + "direction": "outbound", "iana_number": "6", "packets": 11, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "10.139.99.242", + "192.168.2.165" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33558, - "bytes": 60335, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 353 + "address": "10.139.99.242", + "bytes": 2395, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 11, + "port": 22 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:OXveH9jdApjuJYvfxS0cJZ8eAbI=", - "bytes": 60335, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 353, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:48.538257098Z", + "id": "1ulp77rfdvho5y", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho5y\",\"jsonPayload\":{\"bytes_sent\":\"60335\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33558},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:48.538257098Z\",\"packets_sent\":\"353\",\"reporter\":\"DEST\",\"rtt_msec\":\"144\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:58.492572765Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:39:58.492572765Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -5267,101 +5246,113 @@ "rtt": { "ms": 144 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho5y\",\"jsonPayload\":{\"bytes_sent\":\"60335\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33558},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:48.538257098Z\",\"packets_sent\":\"353\",\"reporter\":\"DEST\",\"rtt_msec\":\"144\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:58.492572765Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:58.492572765Z", - "end": "2019-06-14T03:49:48.538257098Z", - "id": "1ulp77rfdvho5y", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 60335, + "community_id": "1:OXveH9jdApjuJYvfxS0cJZ8eAbI=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 353, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 60335, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33548, - "bytes": 65565, - "packets": 354, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "67.43.156.13", + "packets": 353, + "port": 33558 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:if1o1IHC+FQXkxdlwDLZoOhwlFs=", - "bytes": 65565, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 354, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:11.981Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565451051Z", + "id": "1ulp77rfdvho6a", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho6a\",\"jsonPayload\":{\"bytes_sent\":\"65565\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33548},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565451051Z\",\"packets_sent\":\"354\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147072949Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:05.147072949Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -5369,55 +5360,70 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho6a\",\"jsonPayload\":{\"bytes_sent\":\"65565\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33548},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565451051Z\",\"packets_sent\":\"354\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147072949Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.147072949Z", - "end": "2019-06-14T03:49:59.565451051Z", - "id": "1ulp77rfdvho6a", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:11.981Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 65565, + "community_id": "1:if1o1IHC+FQXkxdlwDLZoOhwlFs=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 354, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.139.99.242" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 65565, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 354, + "port": 33548 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:11.981Z", + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:55.318940798Z", + "id": "1ulp77rfdvho4v", + "kind": "event", + "original": "{\"insertId\":\"1ulp77rfdvho4v\",\"jsonPayload\":{\"bytes_sent\":\"70174\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65271},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.318940798Z\",\"packets_sent\":\"717\",\"reporter\":\"DEST\",\"rtt_msec\":\"89\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.155378070Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", + "start": "2019-06-14T03:40:00.155378070Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -5427,78 +5433,78 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 70174, + "community_id": "1:qv0hIE4qzHUK+++IYF3H4yaOdYA=", + "direction": "inbound", + "iana_number": "6", + "packets": 717, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 70174, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65271, - "bytes": 70174, "ip": "67.43.156.13", - "packets": 717 - }, - "event": { - "original": "{\"insertId\":\"1ulp77rfdvho4v\",\"jsonPayload\":{\"bytes_sent\":\"70174\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65271},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.318940798Z\",\"packets_sent\":\"717\",\"reporter\":\"DEST\",\"rtt_msec\":\"89\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.155378070Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:11.981912845Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:11.981912845Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.155378070Z", - "end": "2019-06-14T03:49:55.318940798Z", - "id": "1ulp77rfdvho4v", - "category": "network", - "type": "connection" + "packets": 717, + "port": 65271 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:qv0hIE4qzHUK+++IYF3H4yaOdYA=", - "bytes": 70174, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 717, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:46:51.355687385Z", + "id": "bnj3cofh3cdk1", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdk1\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":34178},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:51.355687385Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:51.237256499Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:46:51.237256499Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -5508,78 +5514,78 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1461, + "community_id": "1:ZAwMkhzg8iPFTne4VZtPZ10WSQw=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1461, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 34178, - "bytes": 1461, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdk1\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":34178},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:51.355687385Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:51.237256499Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:46:51.237256499Z", - "end": "2019-06-14T03:46:51.355687385Z", - "id": "bnj3cofh3cdk1", - "category": "network", - "type": "connection" + "packets": 7, + "port": 34178 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:ZAwMkhzg8iPFTne4VZtPZ10WSQw=", - "bytes": 1461, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:45:51.090104692Z", + "id": "bnj3cofh3cdjx", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdjx\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":33602},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:51.090104692Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:50.954948790Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:45:50.954948790Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -5589,124 +5595,97 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1460, + "community_id": "1:Gt7dopsBY+UOS/rgstf7QtnWxMI=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 1460, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 33602, - "bytes": 1460, "ip": "67.43.156.14", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdjx\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":33602},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:51.090104692Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:50.954948790Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:45:50.954948790Z", - "end": "2019-06-14T03:45:51.090104692Z", - "id": "bnj3cofh3cdjx", - "category": "network", - "type": "connection" + "packets": 7, + "port": 33602 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:Gt7dopsBY+UOS/rgstf7QtnWxMI=", - "bytes": 1460, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33554, - "bytes": 66736, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 366 - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:8vM4z84sXvUT94gexJfa2ZSNZ/c=", - "bytes": 66736, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 366, - "direction": "internal" - }, + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565131125Z", + "id": "bnj3cofh3cdju", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdju\",\"jsonPayload\":{\"bytes_sent\":\"66736\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33554},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565131125Z\",\"packets_sent\":\"366\",\"reporter\":\"DEST\",\"rtt_msec\":\"224\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.143837873Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:40:02.143837873Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -5714,136 +5693,163 @@ "rtt": { "ms": 224 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdju\",\"jsonPayload\":{\"bytes_sent\":\"66736\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33554},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565131125Z\",\"packets_sent\":\"366\",\"reporter\":\"DEST\",\"rtt_msec\":\"224\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.143837873Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:02.143837873Z", - "end": "2019-06-14T03:49:59.565131125Z", - "id": "bnj3cofh3cdju", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 66736, + "community_id": "1:8vM4z84sXvUT94gexJfa2ZSNZ/c=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 366, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "67.43.156.14" + "67.43.156.13", + "10.139.99.242" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 66736, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "packets": 366, + "port": 33554 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "destination": { + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 33602, - "ip": "67.43.156.14" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 33602 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1776, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bnj3cofh3cdjz\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":33602,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:51.090104692Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:50.954948790Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:45:50.954948790Z", + "category": "network", "end": "2019-06-14T03:45:51.090104692Z", "id": "bnj3cofh3cdjz", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdjz\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":33602,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:51.090104692Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:50.954948790Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:45:50.954948790Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:Gt7dopsBY+UOS/rgstf7QtnWxMI=", "bytes": 1776, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:Gt7dopsBY+UOS/rgstf7QtnWxMI=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.87.40.76" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 1776, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:42:40.888804332Z", + "id": "bnj3cofh3cdkk", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkk\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":52454},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:40.888804332Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:40.779893091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:42:40.779893091Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -5853,124 +5859,97 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 52454, - "bytes": 1464, - "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkk\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":52454},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:40.888804332Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:40.779893091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:42:40.779893091Z", - "end": "2019-06-14T03:42:40.888804332Z", - "id": "bnj3cofh3cdkk", - "category": "network", - "type": "connection" - }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:WoYlUsEVcZcFfg615Q+r2a53t50=", "bytes": 1464, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:WoYlUsEVcZcFfg615Q+r2a53t50=", + "direction": "inbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33534, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1464, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 259510, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 251 + "ip": "67.43.156.13", + "packets": 7, + "port": 52454 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:C7B7lD6dSCm1Xnh0Cv/Rl2jt7CY=", - "bytes": 259510, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 251, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33534 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.597279654Z", + "id": "bnj3cofh3cdk0", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdk0\",\"jsonPayload\":{\"bytes_sent\":\"259510\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33534,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597279654Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075756033Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:40:06.075756033Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -5978,182 +5957,194 @@ "rtt": { "ms": 2 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdk0\",\"jsonPayload\":{\"bytes_sent\":\"259510\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33534,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597279654Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075756033Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075756033Z", - "end": "2019-06-14T03:49:59.597279654Z", - "id": "bnj3cofh3cdk0", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 259510, + "community_id": "1:C7B7lD6dSCm1Xnh0Cv/Rl2jt7CY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 251, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "67.43.156.13" + "67.43.156.14", + "10.87.40.76" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 259510, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.14", + "packets": 251, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "destination": { + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 52260, - "ip": "67.43.156.13" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 52260 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1781, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bnj3cofh3cdk8\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":52260,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:11.183868408Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:11.063146265Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:42:11.063146265Z", + "category": "network", "end": "2019-06-14T03:42:11.183868408Z", "id": "bnj3cofh3cdk8", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdk8\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":52260,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:11.183868408Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:11.063146265Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:42:11.063146265Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:jQQ6l4o1MZQiUFoVCT++dIYahM8=", "bytes": 1781, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:jQQ6l4o1MZQiUFoVCT++dIYahM8=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] }, "source": { "address": "10.87.40.76", - "port": 33530, - "bytes": 65069, - "packets": 361, + "bytes": 1781, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:IEnrf1LJAN4LjLMkDE8yTRHo3KA=", - "bytes": 65069, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 361, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565300944Z", + "id": "bnj3cofh3cdkp", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkp\",\"jsonPayload\":{\"bytes_sent\":\"65069\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33530},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565300944Z\",\"packets_sent\":\"361\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140119099Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:40:00.140119099Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -6161,101 +6152,101 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkp\",\"jsonPayload\":{\"bytes_sent\":\"65069\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33530},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565300944Z\",\"packets_sent\":\"361\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140119099Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.140119099Z", - "end": "2019-06-14T03:49:59.565300944Z", - "id": "bnj3cofh3cdkp", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "network": { + "bytes": 65069, + "community_id": "1:IEnrf1LJAN4LjLMkDE8yTRHo3KA=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 361, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 33556, - "bytes": 60530, - "packets": 366, + "bytes": 65069, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "packets": 361, + "port": 33530 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:xlc9p+qqPBlTtvXaxYaz5GAWNls=", - "bytes": 60530, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 366, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565335113Z", + "id": "bnj3cofh3cdkc", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkc\",\"jsonPayload\":{\"bytes_sent\":\"60530\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33556},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"366\",\"reporter\":\"SRC\",\"rtt_msec\":\"15\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:39:59.500498059Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -6263,101 +6254,89 @@ "rtt": { "ms": 15 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkc\",\"jsonPayload\":{\"bytes_sent\":\"60530\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33556},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"366\",\"reporter\":\"SRC\",\"rtt_msec\":\"15\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500498059Z", - "end": "2019-06-14T03:49:59.565335113Z", - "id": "bnj3cofh3cdkc", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 60530, + "community_id": "1:xlc9p+qqPBlTtvXaxYaz5GAWNls=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 366, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33570, - "bytes": 11384, + "address": "10.87.40.76", + "bytes": 60530, "domain": "kibana", - "ip": "67.43.156.13", - "packets": 86 + "ip": "10.87.40.76", + "packets": 366, + "port": 33556 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:F7T6LmH5wVzEgGnm1LS0ir3ltmg=", - "bytes": 11384, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 86, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821047175Z", + "id": "bnj3cofh3cdkm", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkm\",\"jsonPayload\":{\"bytes_sent\":\"11384\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33570},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821047175Z\",\"packets_sent\":\"86\",\"reporter\":\"DEST\",\"rtt_msec\":\"230\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469473010Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:40:08.469473010Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -6365,101 +6344,113 @@ "rtt": { "ms": 230 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkm\",\"jsonPayload\":{\"bytes_sent\":\"11384\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33570},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821047175Z\",\"packets_sent\":\"86\",\"reporter\":\"DEST\",\"rtt_msec\":\"230\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469473010Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.469473010Z", - "end": "2019-06-14T03:49:51.821047175Z", - "id": "bnj3cofh3cdkm", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 11384, + "community_id": "1:F7T6LmH5wVzEgGnm1LS0ir3ltmg=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 86, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 11384, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33554, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 272063, - "packets": 247, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.13", + "packets": 86, + "port": 33570 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:8vM4z84sXvUT94gexJfa2ZSNZ/c=", - "bytes": 272063, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 247, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33554 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565131125Z", + "id": "bnj3cofh3cdjy", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdjy\",\"jsonPayload\":{\"bytes_sent\":\"272063\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33554,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565131125Z\",\"packets_sent\":\"247\",\"reporter\":\"SRC\",\"rtt_msec\":\"224\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.143837873Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:40:02.143837873Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -6467,182 +6458,170 @@ "rtt": { "ms": 224 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdjy\",\"jsonPayload\":{\"bytes_sent\":\"272063\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33554,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565131125Z\",\"packets_sent\":\"247\",\"reporter\":\"SRC\",\"rtt_msec\":\"224\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.143837873Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:02.143837873Z", - "end": "2019-06-14T03:49:59.565131125Z", - "id": "bnj3cofh3cdjy", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 272063, + "community_id": "1:8vM4z84sXvUT94gexJfa2ZSNZ/c=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 247, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", + "10.139.99.242", "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 43 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 272063, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 247, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 53706, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 53706 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1791, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bnj3cofh3cdjv\",\"jsonPayload\":{\"bytes_sent\":\"1791\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":53706,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:50.822333871Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"43\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:50.703302550Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:43:50.703302550Z", + "category": "network", "end": "2019-06-14T03:43:50.822333871Z", "id": "bnj3cofh3cdjv", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdjv\",\"jsonPayload\":{\"bytes_sent\":\"1791\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":53706,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:50.822333871Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"43\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:50.703302550Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:43:50.703302550Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 43 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:FnUL58e/2lopFxzyH6NB4ZfRZYg=", "bytes": 1791, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:FnUL58e/2lopFxzyH6NB4ZfRZYg=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33858, - "bytes": 18295, + "address": "10.87.40.76", + "bytes": 1791, "domain": "kibana", - "ip": "67.43.156.13", - "packets": 118 + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:FZaxwdeLVaVT2X3mtyj9cQcUk8w=", - "bytes": 18295, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 118, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.789039435Z", + "id": "bnj3cofh3cdkh", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkh\",\"jsonPayload\":{\"bytes_sent\":\"18295\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33858},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789039435Z\",\"packets_sent\":\"118\",\"reporter\":\"DEST\",\"rtt_msec\":\"253\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458515996Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:40:08.458515996Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -6650,55 +6629,82 @@ "rtt": { "ms": 253 } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 18295, + "community_id": "1:FZaxwdeLVaVT2X3mtyj9cQcUk8w=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 118, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "bytes": 18295, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } - } + }, + "ip": "67.43.156.13", + "packets": 118, + "port": 33858 }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkh\",\"jsonPayload\":{\"bytes_sent\":\"18295\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33858},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789039435Z\",\"packets_sent\":\"118\",\"reporter\":\"DEST\",\"rtt_msec\":\"253\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458515996Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.458515996Z", - "end": "2019-06-14T03:49:51.789039435Z", - "id": "bnj3cofh3cdkh", - "category": "network", - "type": "connection" - } + "tags": [ + "preserve_original_event" + ] }, { "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:44:40.243022993Z", + "id": "bnj3cofh3cdkg", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkg\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":33064},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:40.243022993Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:40.125336665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:44:40.125336665Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -6708,124 +6714,97 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 33064, - "bytes": 1467, - "ip": "67.43.156.14", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkg\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":33064},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:40.243022993Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:40.125336665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:44:40.125336665Z", - "end": "2019-06-14T03:44:40.243022993Z", - "id": "bnj3cofh3cdkg", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:1YXDYMIDmqablN3iIS5sgm7U7jU=", "bytes": 1467, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:1YXDYMIDmqablN3iIS5sgm7U7jU=", + "direction": "inbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33556, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 1467, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 165290, - "domain": "elasticsearch", "ip": "67.43.156.14", - "packets": 251 + "packets": 7, + "port": 33064 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:xlc9p+qqPBlTtvXaxYaz5GAWNls=", - "bytes": 165290, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 251, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33556 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565335113Z", + "id": "bnj3cofh3cdk7", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdk7\",\"jsonPayload\":{\"bytes_sent\":\"165290\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33556,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"15\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:39:59.500498059Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -6833,55 +6812,82 @@ "rtt": { "ms": 15 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdk7\",\"jsonPayload\":{\"bytes_sent\":\"165290\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33556,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"15\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500498059Z", - "end": "2019-06-14T03:49:59.565335113Z", - "id": "bnj3cofh3cdk7", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 165290, + "community_id": "1:xlc9p+qqPBlTtvXaxYaz5GAWNls=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 251, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", + "67.43.156.14", "10.87.40.76" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 165290, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "packets": 251, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:43:50.822333871Z", + "id": "bnj3cofh3cdk9", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdk9\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":53706},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:50.822333871Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"43\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:50.703302550Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:43:50.703302550Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -6891,78 +6897,78 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1458, + "community_id": "1:FnUL58e/2lopFxzyH6NB4ZfRZYg=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1458, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 53706, - "bytes": 1458, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdk9\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":53706},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:50.822333871Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"43\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:50.703302550Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:43:50.703302550Z", - "end": "2019-06-14T03:43:50.822333871Z", - "id": "bnj3cofh3cdk9", - "category": "network", - "type": "connection" + "packets": 7, + "port": 53706 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:FnUL58e/2lopFxzyH6NB4ZfRZYg=", - "bytes": 1458, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:42:11.183868408Z", + "id": "bnj3cofh3cdkj", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkj\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":52260},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:11.183868408Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:11.063146265Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:42:11.063146265Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -6972,138 +6978,109 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1464, + "community_id": "1:jQQ6l4o1MZQiUFoVCT++dIYahM8=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1464, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 52260, - "bytes": 1464, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkj\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":52260},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:11.183868408Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:11.063146265Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:42:11.063146265Z", - "end": "2019-06-14T03:42:11.183868408Z", - "id": "bnj3cofh3cdkj", - "category": "network", - "type": "connection" + "packets": 7, + "port": 52260 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:jQQ6l4o1MZQiUFoVCT++dIYahM8=", - "bytes": 1464, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.13" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 34090, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 34090 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1780, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bnj3cofh3cdki\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":34090,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:37.827345444Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:37.712749588Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:46:37.712749588Z", + "category": "network", "end": "2019-06-14T03:46:37.827345444Z", "id": "bnj3cofh3cdki", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdki\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":34090,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:37.827345444Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:37.712749588Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:46:37.712749588Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:r0YXIwQbyBtxc4laQWML5QBB+Tw=", "bytes": 1780, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:r0YXIwQbyBtxc4laQWML5QBB+Tw=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -7111,182 +7088,211 @@ "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.87.40.76", + "bytes": 1780, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 34178, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 34178 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1780, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkd\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":34178,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:51.355687385Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:51.237256499Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:46:51.237256499Z", + "category": "network", "end": "2019-06-14T03:46:51.355687385Z", "id": "bnj3cofh3cdkd", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkd\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":34178,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:46:51.355687385Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:46:51.237256499Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:46:51.237256499Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:ZAwMkhzg8iPFTne4VZtPZ10WSQw=", "bytes": 1780, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:ZAwMkhzg8iPFTne4VZtPZ10WSQw=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ "10.87.40.76", - "67.43.156.14" + "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 1780, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } }, + "ip": "67.43.156.14", + "port": 33064 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:44:40.243022993Z", + "id": "bnj3cofh3cdjw", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdjw\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":33064,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:40.243022993Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:40.125336665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:44:40.125336665Z", + "type": "connection" + }, + "gcp": { "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 33064, - "ip": "67.43.156.14" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1776, + "community_id": "1:1YXDYMIDmqablN3iIS5sgm7U7jU=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1776, - "packets": 7, "domain": "kibana", - "ip": "10.87.40.76" - }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdjw\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":33064,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:40.243022993Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:40.125336665Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:44:40.125336665Z", - "end": "2019-06-14T03:44:40.243022993Z", - "id": "bnj3cofh3cdjw", - "category": "network", - "type": "connection" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:1YXDYMIDmqablN3iIS5sgm7U7jU=", - "bytes": 1776, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:48:50.757255245Z", + "id": "bnj3cofh3cdk3", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdk3\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":34906},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:50.757255245Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:50.642206049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:48:50.642206049Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -7296,205 +7302,190 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1461, + "community_id": "1:w9XiZoaEVIGVzEG0jduGM1uQWNw=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 1461, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 34906, - "bytes": 1461, "ip": "67.43.156.14", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdk3\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":34906},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:50.757255245Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:50.642206049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:48:50.642206049Z", - "end": "2019-06-14T03:48:50.757255245Z", - "id": "bnj3cofh3cdk3", - "category": "network", - "type": "connection" + "packets": 7, + "port": 34906 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:w9XiZoaEVIGVzEG0jduGM1uQWNw=", - "bytes": 1461, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.13" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 58216, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 58216 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1781, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkb\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":58216,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:36.982303071Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:36.865198297Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:49:36.865198297Z", + "category": "network", "end": "2019-06-14T03:49:36.982303071Z", "id": "bnj3cofh3cdkb", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkb\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":58216,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:36.982303071Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:36.865198297Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:49:36.865198297Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:fAWVAPDjem3VSliUyZGusurhkpQ=", "bytes": 1781, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:fAWVAPDjem3VSliUyZGusurhkpQ=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] }, "source": { "address": "10.87.40.76", - "port": 33534, - "bytes": 60222, - "packets": 361, + "bytes": 1781, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:C7B7lD6dSCm1Xnh0Cv/Rl2jt7CY=", - "bytes": 60222, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 361, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.597279654Z", + "id": "bnj3cofh3cdk4", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdk4\",\"jsonPayload\":{\"bytes_sent\":\"60222\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33534},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597279654Z\",\"packets_sent\":\"361\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075756033Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:40:06.075756033Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -7502,101 +7493,101 @@ "rtt": { "ms": 2 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdk4\",\"jsonPayload\":{\"bytes_sent\":\"60222\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33534},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597279654Z\",\"packets_sent\":\"361\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075756033Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075756033Z", - "end": "2019-06-14T03:49:59.597279654Z", - "id": "bnj3cofh3cdk4", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33510, - "bytes": 61810, - "packets": 358, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:XmuS4IfRKFgBkcu5l3y4LFKss2g=", - "bytes": 61810, + "bytes": 60222, + "community_id": "1:C7B7lD6dSCm1Xnh0Cv/Rl2jt7CY=", + "direction": "internal", + "iana_number": "6", "name": "default", + "packets": 361, "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 358, - "direction": "internal" + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] + }, + "source": { + "address": "10.87.40.76", + "bytes": 60222, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 361, + "port": 33534 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565335113Z", + "id": "bnj3cofh3cdkf", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkf\",\"jsonPayload\":{\"bytes_sent\":\"61810\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33510},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"358\",\"reporter\":\"SRC\",\"rtt_msec\":\"16\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500418290Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:39:59.500418290Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -7604,55 +7595,70 @@ "rtt": { "ms": 16 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkf\",\"jsonPayload\":{\"bytes_sent\":\"61810\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33510},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"358\",\"reporter\":\"SRC\",\"rtt_msec\":\"16\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500418290Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500418290Z", - "end": "2019-06-14T03:49:59.565335113Z", - "id": "bnj3cofh3cdkf", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 61810, + "community_id": "1:XmuS4IfRKFgBkcu5l3y4LFKss2g=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 358, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.87.40.76" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 61810, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 358, + "port": 33510 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:36.982303071Z", + "id": "bnj3cofh3cdkl", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkl\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":58216},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:36.982303071Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:36.865198297Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:49:36.865198297Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -7662,124 +7668,97 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 58216, - "bytes": 1467, - "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkl\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":58216},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:36.982303071Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:36.865198297Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:49:36.865198297Z", - "end": "2019-06-14T03:49:36.982303071Z", - "id": "bnj3cofh3cdkl", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:fAWVAPDjem3VSliUyZGusurhkpQ=", "bytes": 1467, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:fAWVAPDjem3VSliUyZGusurhkpQ=", + "direction": "inbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33510, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1467, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 136558, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 243 + "ip": "67.43.156.13", + "packets": 7, + "port": 58216 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:XmuS4IfRKFgBkcu5l3y4LFKss2g=", - "bytes": 136558, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 243, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33510 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565335113Z", + "id": "bnj3cofh3cdk2", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdk2\",\"jsonPayload\":{\"bytes_sent\":\"136558\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33510,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"243\",\"reporter\":\"DEST\",\"rtt_msec\":\"16\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500418290Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:39:59.500418290Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -7787,344 +7766,344 @@ "rtt": { "ms": 16 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdk2\",\"jsonPayload\":{\"bytes_sent\":\"136558\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33510,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565335113Z\",\"packets_sent\":\"243\",\"reporter\":\"DEST\",\"rtt_msec\":\"16\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500418290Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500418290Z", - "end": "2019-06-14T03:49:59.565335113Z", - "id": "bnj3cofh3cdk2", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 136558, + "community_id": "1:XmuS4IfRKFgBkcu5l3y4LFKss2g=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 243, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "67.43.156.14" + "67.43.156.14", + "10.87.40.76" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 136558, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.14", + "packets": 243, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", + "destination": { + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 34906, - "ip": "67.43.156.14" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 34906 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1781, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bnj3cofh3cdko\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":34906,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:50.757255245Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:50.642206049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:48:50.642206049Z", + "category": "network", "end": "2019-06-14T03:48:50.757255245Z", "id": "bnj3cofh3cdko", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdko\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":34906,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:50.757255245Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:50.642206049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:48:50.642206049Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:w9XiZoaEVIGVzEG0jduGM1uQWNw=", "bytes": 1781, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:w9XiZoaEVIGVzEG0jduGM1uQWNw=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ "10.87.40.76", - "67.43.156.13" + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.87.40.76", + "bytes": 1781, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 52454, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 52454 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1781, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bnj3cofh3cdke\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":52454,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:40.888804332Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:40.779893091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:42:40.779893091Z", + "category": "network", "end": "2019-06-14T03:42:40.888804332Z", "id": "bnj3cofh3cdke", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdke\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":52454,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:40.888804332Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:40.779893091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:42:40.779893091Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:WoYlUsEVcZcFfg615Q+r2a53t50=", - "bytes": 1781, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:13.921Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, "gcp": { - "destination": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { "ms": 36 } } }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1781, + "community_id": "1:WoYlUsEVcZcFfg615Q+r2a53t50=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] + }, + "source": { + "address": "10.87.40.76", + "bytes": 1781, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "destination": { "address": "10.87.40.76", - "port": 5601, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "port": 5601 }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 34090, - "bytes": 1467, - "ip": "67.43.156.13", - "packets": 7 + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bnj3cofh3cdka\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":34090},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:37.827345444Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:37.712749588Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:46:37.712749588Z", + "category": "network", "end": "2019-06-14T03:46:37.827345444Z", "id": "bnj3cofh3cdka", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdka\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":34090},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:46:37.827345444Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:46:37.712749588Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:46:37.712749588Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:r0YXIwQbyBtxc4laQWML5QBB+Tw=", "bytes": 1467, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:r0YXIwQbyBtxc4laQWML5QBB+Tw=", + "direction": "inbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33530, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1467, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 170396, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 246 + "ip": "67.43.156.13", + "packets": 7, + "port": 34090 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:IEnrf1LJAN4LjLMkDE8yTRHo3KA=", - "bytes": 170396, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 246, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33530 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565300944Z", + "id": "bnj3cofh3cdkn", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdkn\",\"jsonPayload\":{\"bytes_sent\":\"170396\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33530,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565300944Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140119099Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:40:00.140119099Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -8132,101 +8111,113 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdkn\",\"jsonPayload\":{\"bytes_sent\":\"170396\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33530,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565300944Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140119099Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.140119099Z", - "end": "2019-06-14T03:49:59.565300944Z", - "id": "bnj3cofh3cdkn", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 170396, + "community_id": "1:IEnrf1LJAN4LjLMkDE8yTRHo3KA=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 246, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 170396, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33570, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 171610, - "packets": 71, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.14", + "packets": 246, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:F7T6LmH5wVzEgGnm1LS0ir3ltmg=", - "bytes": 171610, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 71, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33570 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821129119Z", + "id": "bnj3cofh3cdk5", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdk5\",\"jsonPayload\":{\"bytes_sent\":\"171610\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33570,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821129119Z\",\"packets_sent\":\"71\",\"reporter\":\"SRC\",\"rtt_msec\":\"230\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469473010Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:40:08.469473010Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -8234,101 +8225,101 @@ "rtt": { "ms": 230 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdk5\",\"jsonPayload\":{\"bytes_sent\":\"171610\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33570,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821129119Z\",\"packets_sent\":\"71\",\"reporter\":\"SRC\",\"rtt_msec\":\"230\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.469473010Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.469473010Z", - "end": "2019-06-14T03:49:51.821129119Z", - "id": "bnj3cofh3cdk5", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33858, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 171610, + "community_id": "1:F7T6LmH5wVzEgGnm1LS0ir3ltmg=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 71, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 15186, - "packets": 75, + "bytes": 171610, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 71, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:FZaxwdeLVaVT2X3mtyj9cQcUk8w=", - "bytes": 15186, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 75, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:13.921Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33858 }, - "@timestamp": "2019-06-14T03:50:13.921Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.933164456Z", + "id": "bnj3cofh3cdk6", + "kind": "event", + "original": "{\"insertId\":\"bnj3cofh3cdk6\",\"jsonPayload\":{\"bytes_sent\":\"15186\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33858,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933164456Z\",\"packets_sent\":\"75\",\"reporter\":\"SRC\",\"rtt_msec\":\"253\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458515996Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", + "start": "2019-06-14T03:40:08.458515996Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -8336,101 +8327,101 @@ "rtt": { "ms": 253 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bnj3cofh3cdk6\",\"jsonPayload\":{\"bytes_sent\":\"15186\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33858,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933164456Z\",\"packets_sent\":\"75\",\"reporter\":\"SRC\",\"rtt_msec\":\"253\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458515996Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:13.921248755Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:13.921248755Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.458515996Z", - "end": "2019-06-14T03:49:37.933164456Z", - "id": "bnj3cofh3cdk6", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33590, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 15186, + "community_id": "1:FZaxwdeLVaVT2X3mtyj9cQcUk8w=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 75, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 208416, - "packets": 249, + "bytes": 15186, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 75, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:hba8zo6o+Om2iBhvTc1A5aHscIQ=", - "bytes": 208416, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 249, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33590 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565116665Z", + "id": "y4wffpfk2ero3", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2ero3\",\"jsonPayload\":{\"bytes_sent\":\"208416\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33590,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565116665Z\",\"packets_sent\":\"249\",\"reporter\":\"SRC\",\"rtt_msec\":\"109\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147151100Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:05.147151100Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -8438,96 +8429,96 @@ "rtt": { "ms": 109 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2ero3\",\"jsonPayload\":{\"bytes_sent\":\"208416\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33590,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565116665Z\",\"packets_sent\":\"249\",\"reporter\":\"SRC\",\"rtt_msec\":\"109\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147151100Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.147151100Z", - "end": "2019-06-14T03:49:59.565116665Z", - "id": "y4wffpfk2ero3", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, - "as": { - "number": 15169 - }, - "address": "192.168.2.177", - "port": 60108, - "domain": "suricata-iowa", - "ip": "192.168.2.177" + "network": { + "bytes": 208416, + "community_id": "1:hba8zo6o+Om2iBhvTc1A5aHscIQ=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 249, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 90977, - "packets": 357, + "bytes": 208416, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 249, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:snu0k+vlENq/m4IvQF8L2f6rQrY=", - "bytes": 90977, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 357, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "192.168.2.177", + "as": { + "number": 15169 + }, + "domain": "suricata-iowa", + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.177", + "port": 60108 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "192.168.2.177" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:54.108975753Z", + "id": "y4wffpfk2eroh", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eroh\",\"jsonPayload\":{\"bytes_sent\":\"90977\",\"connection\":{\"dest_ip\":\"192.168.2.177\",\"dest_port\":60108,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:54.108975753Z\",\"packets_sent\":\"357\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.762958327Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:00.762958327Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-central1", "project_id": "my-sample-project", - "zone": "us-central1-a" + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -8535,101 +8526,101 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eroh\",\"jsonPayload\":{\"bytes_sent\":\"90977\",\"connection\":{\"dest_ip\":\"192.168.2.177\",\"dest_port\":60108,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:54.108975753Z\",\"packets_sent\":\"357\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.762958327Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.762958327Z", - "end": "2019-06-14T03:49:54.108975753Z", - "id": "y4wffpfk2eroh", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33536, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 90977, + "community_id": "1:snu0k+vlENq/m4IvQF8L2f6rQrY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 357, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "192.168.2.177" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 187301, - "packets": 242, + "bytes": 90977, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 357, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:LeOPi08ubqTh6aNT93e8m/GSF+Y=", - "bytes": 187301, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 242, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33536 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565156020Z", + "id": "y4wffpfk2erom", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erom\",\"jsonPayload\":{\"bytes_sent\":\"187301\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33536,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565156020Z\",\"packets_sent\":\"242\",\"reporter\":\"SRC\",\"rtt_msec\":\"194\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150481417Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:08.150481417Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -8637,198 +8628,191 @@ "rtt": { "ms": 194 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erom\",\"jsonPayload\":{\"bytes_sent\":\"187301\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33536,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565156020Z\",\"packets_sent\":\"242\",\"reporter\":\"SRC\",\"rtt_msec\":\"194\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150481417Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.150481417Z", - "end": "2019-06-14T03:49:59.565156020Z", - "id": "y4wffpfk2erom", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33560, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 187301, + "community_id": "1:LeOPi08ubqTh6aNT93e8m/GSF+Y=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 242, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 139106, + "address": "10.139.99.242", + "bytes": 187301, "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 244 + "ip": "10.139.99.242", + "packets": 242, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:VbVjklGBQiIYWy94d7CXlQ+ISxo=", - "bytes": 139106, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 244, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33560 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "y4wffpfk2ero9", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2ero9\",\"jsonPayload\":{\"bytes_sent\":\"139106\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33560,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"244\",\"reporter\":\"DEST\",\"rtt_msec\":\"11\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075859688Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:06.075859688Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "DEST", - "rtt": { - "ms": 11 - } - }, - "source": { + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 11 } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2ero9\",\"jsonPayload\":{\"bytes_sent\":\"139106\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33560,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"244\",\"reporter\":\"DEST\",\"rtt_msec\":\"11\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075859688Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075859688Z", - "end": "2019-06-14T03:49:59.565287007Z", - "id": "y4wffpfk2ero9", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 139106, + "community_id": "1:VbVjklGBQiIYWy94d7CXlQ+ISxo=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 244, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, + "address": "67.43.156.14", "as": { - "number": 15169 + "number": 35908 }, - "address": "192.168.2.177", - "port": 60108, - "bytes": 1733360, - "domain": "suricata-iowa", - "ip": "192.168.2.177", - "packets": 708 + "bytes": 139106, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "packets": 244, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:snu0k+vlENq/m4IvQF8L2f6rQrY=", - "bytes": 1733360, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 708, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.177", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:54.108975753Z", + "id": "y4wffpfk2erog", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erog\",\"jsonPayload\":{\"bytes_sent\":\"1733360\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.177\",\"src_port\":60108},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:54.108975753Z\",\"packets_sent\":\"708\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.762958327Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:00.762958327Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", - "zone": "us-east1-b" + "region": "us-central1", + "zone": "us-central1-a" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -8836,101 +8820,108 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "my-sample-project", - "zone": "us-central1-a" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erog\",\"jsonPayload\":{\"bytes_sent\":\"1733360\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.177\",\"src_port\":60108},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:54.108975753Z\",\"packets_sent\":\"708\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.762958327Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.762958327Z", - "end": "2019-06-14T03:49:54.108975753Z", - "id": "y4wffpfk2erog", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33874, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 1733360, + "community_id": "1:snu0k+vlENq/m4IvQF8L2f6rQrY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 708, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.177", + "10.139.99.242" + ] }, "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 149157, - "packets": 74, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "address": "192.168.2.177", + "as": { + "number": 15169 + }, + "bytes": 1733360, + "domain": "suricata-iowa", + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.177", + "packets": 708, + "port": 60108 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:kUsQhMSOvL5RMyh4vWwz55fq9ss=", - "bytes": 149157, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 74, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33874 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.933099658Z", + "id": "y4wffpfk2ero7", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2ero7\",\"jsonPayload\":{\"bytes_sent\":\"149157\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33874,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933099658Z\",\"packets_sent\":\"74\",\"reporter\":\"SRC\",\"rtt_msec\":\"142\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.513551480Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:20.513551480Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -8938,101 +8929,89 @@ "rtt": { "ms": 142 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2ero7\",\"jsonPayload\":{\"bytes_sent\":\"149157\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33874,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933099658Z\",\"packets_sent\":\"74\",\"reporter\":\"SRC\",\"rtt_msec\":\"142\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.513551480Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.513551480Z", - "end": "2019-06-14T03:49:37.933099658Z", - "id": "y4wffpfk2ero7", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 149157, + "community_id": "1:kUsQhMSOvL5RMyh4vWwz55fq9ss=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 74, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33968, - "bytes": 11108, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 95 + "address": "10.139.99.242", + "bytes": 149157, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 74, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:F4uNaOBelKx7k5b/GMkE00x7/lw=", - "bytes": 11108, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 95, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.965119632Z", + "id": "y4wffpfk2eroe", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eroe\",\"jsonPayload\":{\"bytes_sent\":\"11108\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33968},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965119632Z\",\"packets_sent\":\"95\",\"reporter\":\"DEST\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480430427Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:08.480430427Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -9040,101 +9019,101 @@ "rtt": { "ms": 201 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eroe\",\"jsonPayload\":{\"bytes_sent\":\"11108\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33968},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965119632Z\",\"packets_sent\":\"95\",\"reporter\":\"DEST\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480430427Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.480430427Z", - "end": "2019-06-14T03:49:37.965119632Z", - "id": "y4wffpfk2eroe", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 11108, + "community_id": "1:F4uNaOBelKx7k5b/GMkE00x7/lw=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 95, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 11108, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33590, - "bytes": 67337, - "domain": "kibana", "ip": "67.43.156.13", - "packets": 351 + "packets": 95, + "port": 33968 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:hba8zo6o+Om2iBhvTc1A5aHscIQ=", - "bytes": 67337, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 351, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565116665Z", + "id": "y4wffpfk2eroa", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eroa\",\"jsonPayload\":{\"bytes_sent\":\"67337\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33590},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565116665Z\",\"packets_sent\":\"351\",\"reporter\":\"DEST\",\"rtt_msec\":\"109\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147151100Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:05.147151100Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -9142,101 +9121,101 @@ "rtt": { "ms": 109 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eroa\",\"jsonPayload\":{\"bytes_sent\":\"67337\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33590},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565116665Z\",\"packets_sent\":\"351\",\"reporter\":\"DEST\",\"rtt_msec\":\"109\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.147151100Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.147151100Z", - "end": "2019-06-14T03:49:59.565116665Z", - "id": "y4wffpfk2eroa", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33538, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 67337, + "community_id": "1:hba8zo6o+Om2iBhvTc1A5aHscIQ=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 351, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 67337, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 136375, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 246 + "ip": "67.43.156.13", + "packets": 351, + "port": 33590 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:Z4JXA8xt+j3ewQW8WvNJAPaHMoA=", - "bytes": 136375, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 246, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33538 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "y4wffpfk2eroi", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eroi\",\"jsonPayload\":{\"bytes_sent\":\"136375\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33538,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:39:59.500483335Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -9244,101 +9223,113 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eroi\",\"jsonPayload\":{\"bytes_sent\":\"136375\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33538,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500483335Z", - "end": "2019-06-14T03:49:59.565287007Z", - "id": "y4wffpfk2eroi", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 136375, + "community_id": "1:Z4JXA8xt+j3ewQW8WvNJAPaHMoA=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 246, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 136375, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33690, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 181424, - "packets": 241, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.14", + "packets": 246, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:R07THsJrApr+LxzJU52QZR3EPhM=", - "bytes": 181424, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 241, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33690 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.393929808Z", + "id": "y4wffpfk2ero8", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2ero8\",\"jsonPayload\":{\"bytes_sent\":\"181424\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33690,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393929808Z\",\"packets_sent\":\"241\",\"reporter\":\"SRC\",\"rtt_msec\":\"196\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075867049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:06.075867049Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -9346,101 +9337,89 @@ "rtt": { "ms": 196 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2ero8\",\"jsonPayload\":{\"bytes_sent\":\"181424\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33690,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.393929808Z\",\"packets_sent\":\"241\",\"reporter\":\"SRC\",\"rtt_msec\":\"196\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075867049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075867049Z", - "end": "2019-06-14T03:49:56.393929808Z", - "id": "y4wffpfk2ero8", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 181424, + "community_id": "1:R07THsJrApr+LxzJU52QZR3EPhM=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 241, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33874, - "bytes": 9303, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 94 + "address": "10.139.99.242", + "bytes": 181424, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 241, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:kUsQhMSOvL5RMyh4vWwz55fq9ss=", - "bytes": 9303, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 94, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.933099658Z", + "id": "y4wffpfk2erol", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erol\",\"jsonPayload\":{\"bytes_sent\":\"9303\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33874},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933099658Z\",\"packets_sent\":\"94\",\"reporter\":\"DEST\",\"rtt_msec\":\"142\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.513551480Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:20.513551480Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -9448,101 +9427,113 @@ "rtt": { "ms": 142 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erol\",\"jsonPayload\":{\"bytes_sent\":\"9303\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33874},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933099658Z\",\"packets_sent\":\"94\",\"reporter\":\"DEST\",\"rtt_msec\":\"142\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.513551480Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.513551480Z", - "end": "2019-06-14T03:49:37.933099658Z", - "id": "y4wffpfk2erol", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 9303, + "community_id": "1:kUsQhMSOvL5RMyh4vWwz55fq9ss=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 94, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 9303, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33572, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 142871, - "packets": 77, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.13", + "packets": 94, + "port": 33874 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:yNQZdh5JH2wK9uzpK/mTdNYogpE=", - "bytes": 142871, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 77, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33572 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821149051Z", + "id": "y4wffpfk2ero4", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2ero4\",\"jsonPayload\":{\"bytes_sent\":\"142871\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33572,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821149051Z\",\"packets_sent\":\"77\",\"reporter\":\"SRC\",\"rtt_msec\":\"335\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470754779Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:08.470754779Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -9550,101 +9541,101 @@ "rtt": { "ms": 335 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2ero4\",\"jsonPayload\":{\"bytes_sent\":\"142871\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33572,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821149051Z\",\"packets_sent\":\"77\",\"reporter\":\"SRC\",\"rtt_msec\":\"335\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470754779Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.470754779Z", - "end": "2019-06-14T03:49:51.821149051Z", - "id": "y4wffpfk2ero4", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33968, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 142871, + "community_id": "1:yNQZdh5JH2wK9uzpK/mTdNYogpE=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 77, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 158811, - "packets": 69, + "bytes": 142871, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 77, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:F4uNaOBelKx7k5b/GMkE00x7/lw=", - "bytes": 158811, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 69, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33968 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.965119632Z", + "id": "y4wffpfk2eror", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eror\",\"jsonPayload\":{\"bytes_sent\":\"158811\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33968,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965119632Z\",\"packets_sent\":\"69\",\"reporter\":\"SRC\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480430427Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:08.480430427Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -9652,101 +9643,89 @@ "rtt": { "ms": 201 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eror\",\"jsonPayload\":{\"bytes_sent\":\"158811\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33968,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965119632Z\",\"packets_sent\":\"69\",\"reporter\":\"SRC\",\"rtt_msec\":\"201\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480430427Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.480430427Z", - "end": "2019-06-14T03:49:37.965119632Z", - "id": "y4wffpfk2eror", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 158811, + "community_id": "1:F4uNaOBelKx7k5b/GMkE00x7/lw=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 69, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] + }, + "source": { "address": "10.139.99.242", - "port": 9200, + "bytes": 158811, "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33880, - "bytes": 13455, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 81 + "ip": "10.139.99.242", + "packets": 69, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:p34w66dg33j2mO1tBhizc/ISlFM=", - "bytes": 13455, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 81, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821047175Z", + "id": "y4wffpfk2erob", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erob\",\"jsonPayload\":{\"bytes_sent\":\"13455\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33880},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821047175Z\",\"packets_sent\":\"81\",\"reporter\":\"DEST\",\"rtt_msec\":\"252\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470071135Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:08.470071135Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -9754,136 +9733,163 @@ "rtt": { "ms": 252 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erob\",\"jsonPayload\":{\"bytes_sent\":\"13455\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33880},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821047175Z\",\"packets_sent\":\"81\",\"reporter\":\"DEST\",\"rtt_msec\":\"252\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470071135Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.470071135Z", - "end": "2019-06-14T03:49:51.821047175Z", - "id": "y4wffpfk2erob", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.453Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 13455, + "community_id": "1:p34w66dg33j2mO1tBhizc/ISlFM=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 81, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "67.43.156.13" + "67.43.156.13", + "10.139.99.242" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 13455, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "packets": 81, + "port": 33880 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "destination": { + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 57300, - "ip": "67.43.156.13" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 57300 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1780, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"y4wffpfk2erox\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":57300,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:22.156322353Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:22.044604322Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:48:22.044604322Z", + "category": "network", "end": "2019-06-14T03:48:22.156322353Z", "id": "y4wffpfk2erox", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erox\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":57300,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:22.156322353Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:22.044604322Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:48:22.044604322Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:Xvu/n5tUKDHRNKc/db6OBLZgf9A=", "bytes": 1780, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:Xvu/n5tUKDHRNKc/db6OBLZgf9A=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.453Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.139.99.242" + "10.87.40.76", + "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 1780, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220720811Z", + "id": "y4wffpfk2eroc", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eroc\",\"jsonPayload\":{\"bytes_sent\":\"71014\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65315},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220720811Z\",\"packets_sent\":\"728\",\"reporter\":\"DEST\",\"rtt_msec\":\"210\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.844068405Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:39:59.844068405Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -9893,363 +9899,415 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 71014, + "community_id": "1:Q4aMH1aaXCHezhMNJFHYthlXz1Y=", + "direction": "inbound", + "iana_number": "6", + "packets": 728, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 71014, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65315, - "bytes": 71014, "ip": "67.43.156.13", - "packets": 728 - }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eroc\",\"jsonPayload\":{\"bytes_sent\":\"71014\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65315},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220720811Z\",\"packets_sent\":\"728\",\"reporter\":\"DEST\",\"rtt_msec\":\"210\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.844068405Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.844068405Z", - "end": "2019-06-14T03:49:56.220720811Z", - "id": "y4wffpfk2eroc", - "category": "network", - "type": "connection" + "packets": 728, + "port": 65315 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:Q4aMH1aaXCHezhMNJFHYthlXz1Y=", - "bytes": 71014, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 728, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "y4wffpfk2erok", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erok\",\"jsonPayload\":{\"bytes_sent\":\"60749\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33538},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"362\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:39:59.500483335Z", + "type": "connection" + }, + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" }, - "country_iso_code": "BT" + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } }, - "as": { - "number": 35908 + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } }, - "source": { - "address": "10.87.40.76", - "port": 33538, - "bytes": 60749, - "packets": 362, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:Z4JXA8xt+j3ewQW8WvNJAPaHMoA=", "bytes": 60749, + "community_id": "1:Z4JXA8xt+j3ewQW8WvNJAPaHMoA=", + "direction": "internal", + "iana_number": "6", "name": "default", + "packets": 362, "transport": "tcp", - "type": "ipv4", - "iana_number": "6", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] + }, + "source": { + "address": "10.87.40.76", + "bytes": 60749, + "domain": "kibana", + "ip": "10.87.40.76", "packets": 362, - "direction": "internal" + "port": 33538 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33880 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821138391Z", + "id": "y4wffpfk2eros", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eros\",\"jsonPayload\":{\"bytes_sent\":\"160451\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33880,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821138391Z\",\"packets_sent\":\"66\",\"reporter\":\"SRC\",\"rtt_msec\":\"252\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470071135Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:08.470071135Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { "reporter": "SRC", "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "ms": 252 } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erok\",\"jsonPayload\":{\"bytes_sent\":\"60749\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33538},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"362\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500483335Z", - "end": "2019-06-14T03:49:59.565287007Z", - "id": "y4wffpfk2erok", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33880, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 160451, + "community_id": "1:p34w66dg33j2mO1tBhizc/ISlFM=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 66, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, "bytes": 160451, - "packets": 66, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 66, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:p34w66dg33j2mO1tBhizc/ISlFM=", - "bytes": 160451, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 66, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33574 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821291282Z", + "id": "y4wffpfk2erod", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erod\",\"jsonPayload\":{\"bytes_sent\":\"169173\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33574,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"64\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466811088Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:08.466811088Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { - "reporter": "SRC", + "reporter": "DEST", "rtt": { - "ms": 252 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "ms": 2 } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eros\",\"jsonPayload\":{\"bytes_sent\":\"160451\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33880,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821138391Z\",\"packets_sent\":\"66\",\"reporter\":\"SRC\",\"rtt_msec\":\"252\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470071135Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.470071135Z", - "end": "2019-06-14T03:49:51.821138391Z", - "id": "y4wffpfk2eros", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33574, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 169173, + "community_id": "1:yy2U6IJ6o+0ezyD0HfX5dcSPTyA=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 64, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 9200, "bytes": 169173, "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.14", - "packets": 64 + "packets": 64, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:yy2U6IJ6o+0ezyD0HfX5dcSPTyA=", - "bytes": 169173, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 64, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } - }, + ] + }, + { "@timestamp": "2019-06-14T03:50:16.453Z", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 65315 + }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220720811Z", + "id": "y4wffpfk2ero6", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2ero6\",\"jsonPayload\":{\"bytes_sent\":\"118762\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65315,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220720811Z\",\"packets_sent\":\"615\",\"reporter\":\"SRC\",\"rtt_msec\":\"210\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.844068405Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:39:59.844068405Z", + "type": "connection" }, "gcp": { - "destination": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { - "ms": 2 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "ms": 210 } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erod\",\"jsonPayload\":{\"bytes_sent\":\"169173\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33574,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"64\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466811088Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466811088Z", - "end": "2019-06-14T03:49:51.821291282Z", - "id": "y4wffpfk2erod", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.453Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 118762, + "community_id": "1:Q4aMH1aaXCHezhMNJFHYthlXz1Y=", + "direction": "outbound", + "iana_number": "6", + "packets": 615, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -10257,203 +10315,151 @@ "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 210 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 65315, - "ip": "67.43.156.13" - }, "source": { "address": "10.139.99.242", - "port": 9200, "bytes": 118762, - "packets": 615, "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2ero6\",\"jsonPayload\":{\"bytes_sent\":\"118762\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65315,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220720811Z\",\"packets_sent\":\"615\",\"reporter\":\"SRC\",\"rtt_msec\":\"210\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.844068405Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.844068405Z", - "end": "2019-06-14T03:49:56.220720811Z", - "id": "y4wffpfk2ero6", - "category": "network", - "type": "connection" + "ip": "10.139.99.242", + "packets": 615, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:Q4aMH1aaXCHezhMNJFHYthlXz1Y=", - "bytes": 118762, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 615, - "direction": "outbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33576, - "bytes": 11137, - "packets": 96, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:8HPuUT0Nn+eIY1y5PdvmF0aw60A=", - "bytes": 11137, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 96, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "version": "8.2.0" }, - "gcp": { - "destination": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "y4wffpfk2eron", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eron\",\"jsonPayload\":{\"bytes_sent\":\"11137\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33576},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"96\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510464198Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:20.510464198Z", + "type": "connection" + }, + "gcp": { + "destination": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 1 - } - }, - "source": { + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eron\",\"jsonPayload\":{\"bytes_sent\":\"11137\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33576},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"96\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510464198Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.510464198Z", - "end": "2019-06-14T03:49:51.821302149Z", - "id": "y4wffpfk2eron", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.453Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 11137, + "community_id": "1:8HPuUT0Nn+eIY1y5PdvmF0aw60A=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 96, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.87.40.76" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 11137, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 96, + "port": 33576 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:48:22.156322353Z", + "id": "y4wffpfk2eroy", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eroy\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":57300},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:22.156322353Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:22.044604322Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:48:22.044604322Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -10463,205 +10469,178 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1458, + "community_id": "1:Xvu/n5tUKDHRNKc/db6OBLZgf9A=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1458, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 57300, - "bytes": 1458, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eroy\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":57300},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:22.156322353Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:22.044604322Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:48:22.044604322Z", - "end": "2019-06-14T03:48:22.156322353Z", - "id": "y4wffpfk2eroy", - "category": "network", - "type": "connection" + "packets": 7, + "port": 57300 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:Xvu/n5tUKDHRNKc/db6OBLZgf9A=", - "bytes": 1458, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:16.453Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 54662 }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.13" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:45:12.142682672Z", + "id": "y4wffpfk2erof", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erof\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":54662,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:12.142682672Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:12.027895189Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:45:12.027895189Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 54662, - "ip": "67.43.156.13" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1776, + "community_id": "1:ODIAu0FZz5JAnJ3zuMNp2ecW7FE=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1776, - "packets": 7, "domain": "kibana", - "ip": "10.87.40.76" - }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erof\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":54662,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:12.142682672Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:12.027895189Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:45:12.027895189Z", - "end": "2019-06-14T03:45:12.142682672Z", - "id": "y4wffpfk2erof", - "category": "network", - "type": "connection" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:ODIAu0FZz5JAnJ3zuMNp2ecW7FE=", - "bytes": 1776, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { "address": "10.139.99.242", - "port": 9200, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "port": 9200 }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33572, - "bytes": 11674, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 96 - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:yNQZdh5JH2wK9uzpK/mTdNYogpE=", - "bytes": 11674, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 96, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } - }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821056075Z", + "id": "y4wffpfk2erov", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erov\",\"jsonPayload\":{\"bytes_sent\":\"11674\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33572},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"96\",\"reporter\":\"DEST\",\"rtt_msec\":\"335\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470754779Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:08.470754779Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -10669,101 +10648,101 @@ "rtt": { "ms": 335 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erov\",\"jsonPayload\":{\"bytes_sent\":\"11674\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33572},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"96\",\"reporter\":\"DEST\",\"rtt_msec\":\"335\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470754779Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.470754779Z", - "end": "2019-06-14T03:49:51.821056075Z", - "id": "y4wffpfk2erov", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 11674, + "community_id": "1:yNQZdh5JH2wK9uzpK/mTdNYogpE=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 96, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 11674, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33540, - "bytes": 62831, - "domain": "kibana", "ip": "67.43.156.13", - "packets": 346 + "packets": 96, + "port": 33572 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:F/7D/X852gHR0MKQ6f237loatS0=", - "bytes": 62831, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 346, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.789112562Z", + "id": "y4wffpfk2erop", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erop\",\"jsonPayload\":{\"bytes_sent\":\"62831\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33540},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789112562Z\",\"packets_sent\":\"346\",\"reporter\":\"DEST\",\"rtt_msec\":\"313\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074813982Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:01.074813982Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -10771,157 +10750,184 @@ "rtt": { "ms": 313 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erop\",\"jsonPayload\":{\"bytes_sent\":\"62831\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33540},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789112562Z\",\"packets_sent\":\"346\",\"reporter\":\"DEST\",\"rtt_msec\":\"313\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074813982Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.074813982Z", - "end": "2019-06-14T03:49:51.789112562Z", - "id": "y4wffpfk2erop", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 62831, + "community_id": "1:F/7D/X852gHR0MKQ6f237loatS0=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 346, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 62831, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33574, - "bytes": 15169, - "packets": 93, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "67.43.156.13", + "packets": 346, + "port": 33540 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:yy2U6IJ6o+0ezyD0HfX5dcSPTyA=", - "bytes": 15169, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 93, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" }, - "@timestamp": "2019-06-14T03:50:16.453Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "ecs": { + "version": "8.2.0" }, - "gcp": { - "destination": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821291282Z", + "id": "y4wffpfk2erou", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erou\",\"jsonPayload\":{\"bytes_sent\":\"15169\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33574},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"93\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466811088Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:08.466811088Z", + "type": "connection" + }, + "gcp": { + "destination": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 2 - } - }, - "source": { + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 2 } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erou\",\"jsonPayload\":{\"bytes_sent\":\"15169\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33574},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"93\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466811088Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466811088Z", - "end": "2019-06-14T03:49:51.821291282Z", - "id": "y4wffpfk2erou", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.453Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 15169, + "community_id": "1:yy2U6IJ6o+0ezyD0HfX5dcSPTyA=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 93, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.87.40.76" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 15169, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 93, + "port": 33574 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:45:12.142682672Z", + "id": "y4wffpfk2eroj", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eroj\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":54662},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:12.142682672Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:12.027895189Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:45:12.027895189Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -10931,124 +10937,109 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1464, + "community_id": "1:ODIAu0FZz5JAnJ3zuMNp2ecW7FE=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1464, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 54662, - "bytes": 1464, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eroj\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":54662},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:12.142682672Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:12.027895189Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:45:12.027895189Z", - "end": "2019-06-14T03:45:12.142682672Z", - "id": "y4wffpfk2eroj", - "category": "network", - "type": "connection" + "packets": 7, + "port": 54662 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:ODIAu0FZz5JAnJ3zuMNp2ecW7FE=", - "bytes": 1464, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:16.453Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33560, - "bytes": 64588, - "packets": 362, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:VbVjklGBQiIYWy94d7CXlQ+ISxo=", - "bytes": 64588, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 362, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "y4wffpfk2erow", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erow\",\"jsonPayload\":{\"bytes_sent\":\"64588\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33560},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"362\",\"reporter\":\"SRC\",\"rtt_msec\":\"11\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075859688Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:06.075859688Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -11056,101 +11047,89 @@ "rtt": { "ms": 11 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erow\",\"jsonPayload\":{\"bytes_sent\":\"64588\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33560},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"362\",\"reporter\":\"SRC\",\"rtt_msec\":\"11\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075859688Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075859688Z", - "end": "2019-06-14T03:49:59.565287007Z", - "id": "y4wffpfk2erow", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 64588, + "community_id": "1:VbVjklGBQiIYWy94d7CXlQ+ISxo=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 362, + "transport": "tcp", + "type": "ipv4" }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33536, - "bytes": 67315, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] + }, + "source": { + "address": "10.87.40.76", + "bytes": 64588, "domain": "kibana", - "ip": "67.43.156.13", - "packets": 354 + "ip": "10.87.40.76", + "packets": 362, + "port": 33560 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:LeOPi08ubqTh6aNT93e8m/GSF+Y=", - "bytes": 67315, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 354, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565156020Z", + "id": "y4wffpfk2erot", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2erot\",\"jsonPayload\":{\"bytes_sent\":\"67315\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33536},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565156020Z\",\"packets_sent\":\"354\",\"reporter\":\"DEST\",\"rtt_msec\":\"194\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150481417Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:08.150481417Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -11158,101 +11137,101 @@ "rtt": { "ms": 194 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2erot\",\"jsonPayload\":{\"bytes_sent\":\"67315\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33536},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565156020Z\",\"packets_sent\":\"354\",\"reporter\":\"DEST\",\"rtt_msec\":\"194\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150481417Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.150481417Z", - "end": "2019-06-14T03:49:59.565156020Z", - "id": "y4wffpfk2erot", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33576, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 67315, + "community_id": "1:LeOPi08ubqTh6aNT93e8m/GSF+Y=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 354, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 67315, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 175633, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 67 + "ip": "67.43.156.13", + "packets": 354, + "port": 33536 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:8HPuUT0Nn+eIY1y5PdvmF0aw60A=", - "bytes": 175633, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 67, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33576 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "y4wffpfk2eroq", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eroq\",\"jsonPayload\":{\"bytes_sent\":\"175633\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33576,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"67\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510464198Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:20.510464198Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -11260,101 +11239,113 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eroq\",\"jsonPayload\":{\"bytes_sent\":\"175633\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33576,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"67\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510464198Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.510464198Z", - "end": "2019-06-14T03:49:51.821302149Z", - "id": "y4wffpfk2eroq", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 175633, + "community_id": "1:8HPuUT0Nn+eIY1y5PdvmF0aw60A=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 67, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 175633, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33540, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 116981, - "packets": 234, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.14", + "packets": 67, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:F/7D/X852gHR0MKQ6f237loatS0=", - "bytes": 116981, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 234, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } - }, - "@timestamp": "2019-06-14T03:50:16.453Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + }, + "region": "us-east1" }, - "gcp": { - "destination": { - "vpc": { - "project_id": "my-sample-project", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33540 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.789112562Z", + "id": "y4wffpfk2ero5", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2ero5\",\"jsonPayload\":{\"bytes_sent\":\"116981\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33540,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789112562Z\",\"packets_sent\":\"234\",\"reporter\":\"SRC\",\"rtt_msec\":\"313\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074813982Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:01.074813982Z", + "type": "connection" + }, + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -11362,101 +11353,89 @@ "rtt": { "ms": 313 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2ero5\",\"jsonPayload\":{\"bytes_sent\":\"116981\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33540,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789112562Z\",\"packets_sent\":\"234\",\"reporter\":\"SRC\",\"rtt_msec\":\"313\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074813982Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.074813982Z", - "end": "2019-06-14T03:49:51.789112562Z", - "id": "y4wffpfk2ero5", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 116981, + "community_id": "1:F/7D/X852gHR0MKQ6f237loatS0=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 234, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33690, - "bytes": 67789, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 344 + "address": "10.139.99.242", + "bytes": 116981, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 234, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:R07THsJrApr+LxzJU52QZR3EPhM=", - "bytes": 67789, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 344, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.453Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.453Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:48.542406314Z", + "id": "y4wffpfk2eroo", + "kind": "event", + "original": "{\"insertId\":\"y4wffpfk2eroo\",\"jsonPayload\":{\"bytes_sent\":\"67789\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33690},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:48.542406314Z\",\"packets_sent\":\"344\",\"reporter\":\"DEST\",\"rtt_msec\":\"196\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075867049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", + "start": "2019-06-14T03:40:06.075867049Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -11464,101 +11443,113 @@ "rtt": { "ms": 196 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"y4wffpfk2eroo\",\"jsonPayload\":{\"bytes_sent\":\"67789\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33690},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:48.542406314Z\",\"packets_sent\":\"344\",\"reporter\":\"DEST\",\"rtt_msec\":\"196\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075867049Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.453102376Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.453102376Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075867049Z", - "end": "2019-06-14T03:49:48.542406314Z", - "id": "y4wffpfk2eroo", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 67789, + "community_id": "1:R07THsJrApr+LxzJU52QZR3EPhM=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 344, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 67789, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33538, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 136166, - "packets": 245, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.13", + "packets": 344, + "port": 33690 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:ZH1or4RA5RqLjC/iRPmayKRTLeA=", - "bytes": 136166, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 245, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33538 }, - "@timestamp": "2019-06-14T03:50:15.857Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565124617Z", + "id": "ptjoddfhmrhg9", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhg9\",\"jsonPayload\":{\"bytes_sent\":\"136166\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33538,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565124617Z\",\"packets_sent\":\"245\",\"reporter\":\"SRC\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074952616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:01.074952616Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -11566,55 +11557,70 @@ "rtt": { "ms": 250 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhg9\",\"jsonPayload\":{\"bytes_sent\":\"136166\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33538,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565124617Z\",\"packets_sent\":\"245\",\"reporter\":\"SRC\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074952616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.074952616Z", - "end": "2019-06-14T03:49:59.565124617Z", - "id": "ptjoddfhmrhg9", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 136166, + "community_id": "1:ZH1or4RA5RqLjC/iRPmayKRTLeA=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 245, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.139.99.242" + "10.139.99.242", + "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.139.99.242", + "bytes": 136166, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 245, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220614265Z", + "id": "ptjoddfhmrhgh", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgh\",\"jsonPayload\":{\"bytes_sent\":\"68262\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65257},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220614265Z\",\"packets_sent\":\"718\",\"reporter\":\"DEST\",\"rtt_msec\":\"220\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.403388091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:39:59.403388091Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -11624,78 +11630,78 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 68262, + "community_id": "1:IOiOyU4WA7IZikjr7eAoksKW7Mw=", + "direction": "inbound", + "iana_number": "6", + "packets": 718, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 68262, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65257, - "bytes": 68262, "ip": "67.43.156.13", - "packets": 718 - }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgh\",\"jsonPayload\":{\"bytes_sent\":\"68262\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65257},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220614265Z\",\"packets_sent\":\"718\",\"reporter\":\"DEST\",\"rtt_msec\":\"220\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.403388091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.403388091Z", - "end": "2019-06-14T03:49:56.220614265Z", - "id": "ptjoddfhmrhgh", - "category": "network", - "type": "connection" + "packets": 718, + "port": 65257 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:IOiOyU4WA7IZikjr7eAoksKW7Mw=", - "bytes": 68262, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 718, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:42:20.952481728Z", + "id": "ptjoddfhmrhgj", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgj\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":52328},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:20.952481728Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:20.842840991Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:42:20.842840991Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -11705,78 +11711,78 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1457, + "community_id": "1:zciDpB3TX5D1bnYbRXdjbgQDN+Q=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 1457, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 52328, - "bytes": 1457, "ip": "67.43.156.14", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgj\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":52328},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:20.952481728Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:20.842840991Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:42:20.842840991Z", - "end": "2019-06-14T03:42:20.952481728Z", - "id": "ptjoddfhmrhgj", - "category": "network", - "type": "connection" + "packets": 7, + "port": 52328 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:zciDpB3TX5D1bnYbRXdjbgQDN+Q=", - "bytes": 1457, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:40:50.702194466Z", + "id": "ptjoddfhmrhgr", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgr\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":59790},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:50.702194466Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:50.590894439Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:50.590894439Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -11786,78 +11792,78 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 59790, + "network": { "bytes": 1460, - "ip": "67.43.156.14", - "packets": 7 + "community_id": "1:tW5o1L9SEuS4pptFcAjo5fF6q5w=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgr\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":59790},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:50.702194466Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:50.590894439Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:50.590894439Z", - "end": "2019-06-14T03:40:50.702194466Z", - "id": "ptjoddfhmrhgr", - "category": "network", - "type": "connection" + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:tW5o1L9SEuS4pptFcAjo5fF6q5w=", + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, "bytes": 1460, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", "packets": 7, - "direction": "inbound" - } + "port": 59790 + }, + "tags": [ + "preserve_original_event" + ] }, { "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220599950Z", + "id": "ptjoddfhmrhgn", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgn\",\"jsonPayload\":{\"bytes_sent\":\"73681\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65317},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"728\",\"reporter\":\"DEST\",\"rtt_msec\":\"62\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.740491697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:39:59.740491697Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -11867,205 +11873,178 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 73681, + "community_id": "1:Z1gkzsFxPRA+wdZ4AaO0v0oQz34=", + "direction": "inbound", + "iana_number": "6", + "packets": 728, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 73681, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65317, - "bytes": 73681, "ip": "67.43.156.13", - "packets": 728 - }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgn\",\"jsonPayload\":{\"bytes_sent\":\"73681\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65317},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"728\",\"reporter\":\"DEST\",\"rtt_msec\":\"62\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.740491697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.740491697Z", - "end": "2019-06-14T03:49:56.220599950Z", - "id": "ptjoddfhmrhgn", - "category": "network", - "type": "connection" + "packets": 728, + "port": 65317 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:Z1gkzsFxPRA+wdZ4AaO0v0oQz34=", - "bytes": 73681, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 728, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 62 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65317, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 65317 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 92566, - "packets": 596, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"ptjoddfhmrhga\",\"jsonPayload\":{\"bytes_sent\":\"92566\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65317,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"596\",\"reporter\":\"SRC\",\"rtt_msec\":\"62\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.740491697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.740491697Z", + "category": "network", "end": "2019-06-14T03:49:56.220599950Z", "id": "ptjoddfhmrhga", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhga\",\"jsonPayload\":{\"bytes_sent\":\"92566\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65317,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"596\",\"reporter\":\"SRC\",\"rtt_msec\":\"62\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.740491697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:39:59.740491697Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 62 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:Z1gkzsFxPRA+wdZ4AaO0v0oQz34=", "bytes": 92566, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:Z1gkzsFxPRA+wdZ4AaO0v0oQz34=", + "direction": "outbound", "iana_number": "6", "packets": 596, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33692, - "bytes": 66094, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 360 + "address": "10.139.99.242", + "bytes": 92566, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 596, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:JliXl736rywggK/Xuo92yo5WPuY=", - "bytes": 66094, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 360, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:15.857Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565137912Z", + "id": "ptjoddfhmrhgk", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgk\",\"jsonPayload\":{\"bytes_sent\":\"66094\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33692},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565137912Z\",\"packets_sent\":\"360\",\"reporter\":\"DEST\",\"rtt_msec\":\"181\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.558259934Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:00.558259934Z", + "type": "connection" }, "gcp": { "destination": { - "vpc": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -12073,34 +12052,20 @@ "rtt": { "ms": 181 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgk\",\"jsonPayload\":{\"bytes_sent\":\"66094\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33692},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565137912Z\",\"packets_sent\":\"360\",\"reporter\":\"DEST\",\"rtt_msec\":\"181\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.558259934Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.558259934Z", - "end": "2019-06-14T03:49:59.565137912Z", - "id": "ptjoddfhmrhgk", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 66094, + "community_id": "1:JliXl736rywggK/Xuo92yo5WPuY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 360, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -12108,225 +12073,239 @@ "10.139.99.242" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 66094, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "packets": 360, + "port": 33692 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220741828Z", + "id": "ptjoddfhmrhgm", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgm\",\"jsonPayload\":{\"bytes_sent\":\"4900\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65262},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220741828Z\",\"packets_sent\":\"542\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.251430011Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:00.251430011Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { "reporter": "DEST" } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 4900, + "community_id": "1:0ZkH0evnSSMhLkKCLL1Ehnorl9s=", + "direction": "inbound", + "iana_number": "6", + "packets": 542, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 4900, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65262, - "bytes": 4900, "ip": "67.43.156.13", - "packets": 542 - }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgm\",\"jsonPayload\":{\"bytes_sent\":\"4900\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65262},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220741828Z\",\"packets_sent\":\"542\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.251430011Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.251430011Z", - "end": "2019-06-14T03:49:56.220741828Z", - "id": "ptjoddfhmrhgm", - "category": "network", - "type": "connection" + "packets": 542, + "port": 65262 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:0ZkH0evnSSMhLkKCLL1Ehnorl9s=", - "bytes": 4900, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 542, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 52328 }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:42:20.952481728Z", + "id": "ptjoddfhmrhgd", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgd\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":52328,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:20.952481728Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:20.842840991Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:42:20.842840991Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 52328, - "ip": "67.43.156.14" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1781, + "community_id": "1:zciDpB3TX5D1bnYbRXdjbgQDN+Q=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1781, - "packets": 7, "domain": "kibana", - "ip": "10.87.40.76" - }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgd\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":52328,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:20.952481728Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:20.842840991Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:42:20.842840991Z", - "end": "2019-06-14T03:42:20.952481728Z", - "id": "ptjoddfhmrhgd", - "category": "network", - "type": "connection" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:zciDpB3TX5D1bnYbRXdjbgQDN+Q=", - "bytes": 1781, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:15.857Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { "address": "10.139.99.242", - "port": 9200, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "port": 9200 }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33552, - "bytes": 63280, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 361 - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:RgpWxKDKI4bxYgUqX3Z0ZpipsO4=", - "bytes": 63280, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 361, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } - }, - "@timestamp": "2019-06-14T03:50:15.857Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:55.213081491Z", + "id": "ptjoddfhmrhgl", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgl\",\"jsonPayload\":{\"bytes_sent\":\"63280\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33552},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213081491Z\",\"packets_sent\":\"361\",\"reporter\":\"DEST\",\"rtt_msec\":\"21\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075957044Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:06.075957044Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -12334,235 +12313,262 @@ "rtt": { "ms": 21 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgl\",\"jsonPayload\":{\"bytes_sent\":\"63280\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33552},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213081491Z\",\"packets_sent\":\"361\",\"reporter\":\"DEST\",\"rtt_msec\":\"21\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075957044Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075957044Z", - "end": "2019-06-14T03:49:55.213081491Z", - "id": "ptjoddfhmrhgl", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 63280, + "community_id": "1:RgpWxKDKI4bxYgUqX3Z0ZpipsO4=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 361, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", - "67.43.156.14" + "67.43.156.13", + "10.139.99.242" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 102 - } + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 63280, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "packets": 361, + "port": 33552 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "destination": { + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 37292, - "ip": "67.43.156.14" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 37292 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 774029, - "packets": 403, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgi\",\"jsonPayload\":{\"bytes_sent\":\"774029\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":37292,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":24940,\"city\":\"Bucharest\",\"continent\":\"Europe\",\"country\":\"rou\",\"region\":\"Bucharest\"},\"end_time\":\"2019-06-14T03:49:35.841633589Z\",\"packets_sent\":\"403\",\"reporter\":\"SRC\",\"rtt_msec\":\"102\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:35.048156283Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:35.048156283Z", + "category": "network", "end": "2019-06-14T03:49:35.841633589Z", "id": "ptjoddfhmrhgi", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgi\",\"jsonPayload\":{\"bytes_sent\":\"774029\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":37292,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":24940,\"city\":\"Bucharest\",\"continent\":\"Europe\",\"country\":\"rou\",\"region\":\"Bucharest\"},\"end_time\":\"2019-06-14T03:49:35.841633589Z\",\"packets_sent\":\"403\",\"reporter\":\"SRC\",\"rtt_msec\":\"102\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:35.048156283Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:35.048156283Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 102 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:7OTMfKZcYuKruC84JJAOtMtMx6w=", "bytes": 774029, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:7OTMfKZcYuKruC84JJAOtMtMx6w=", + "direction": "outbound", "iana_number": "6", "packets": 403, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33876, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.14" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 359272, + "address": "10.139.99.242", + "bytes": 774029, "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 66 + "ip": "10.139.99.242", + "packets": 403, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:OhbIPr/28Fsp+gsHSdoT+T8vBZA=", - "bytes": 359272, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 66, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33876 }, - "@timestamp": "2019-06-14T03:50:15.857Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.933338264Z", + "id": "ptjoddfhmrhgo", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgo\",\"jsonPayload\":{\"bytes_sent\":\"359272\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33876,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933338264Z\",\"packets_sent\":\"66\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466706102Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:08.466706102Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { "reporter": "DEST" - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgo\",\"jsonPayload\":{\"bytes_sent\":\"359272\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33876,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933338264Z\",\"packets_sent\":\"66\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466706102Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466706102Z", - "end": "2019-06-14T03:49:37.933338264Z", - "id": "ptjoddfhmrhgo", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 359272, + "community_id": "1:OhbIPr/28Fsp+gsHSdoT+T8vBZA=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 66, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ "67.43.156.14", - "10.139.99.242" + "10.87.40.76" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 359272, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "packets": 66, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:35.841633589Z", + "id": "ptjoddfhmrhgp", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgp\",\"jsonPayload\":{\"bytes_sent\":\"310476\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":37292},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:35.841633589Z\",\"packets_sent\":\"214\",\"reporter\":\"DEST\",\"rtt_msec\":\"102\",\"src_location\":{\"asn\":24940,\"city\":\"Bucharest\",\"continent\":\"Europe\",\"country\":\"rou\",\"region\":\"Bucharest\"},\"start_time\":\"2019-06-14T03:40:35.048156283Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:35.048156283Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -12572,205 +12578,190 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 310476, + "community_id": "1:7OTMfKZcYuKruC84JJAOtMtMx6w=", + "direction": "inbound", + "iana_number": "6", + "packets": 214, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 310476, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 37292, - "bytes": 310476, "ip": "67.43.156.14", - "packets": 214 - }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgp\",\"jsonPayload\":{\"bytes_sent\":\"310476\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":37292},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:35.841633589Z\",\"packets_sent\":\"214\",\"reporter\":\"DEST\",\"rtt_msec\":\"102\",\"src_location\":{\"asn\":24940,\"city\":\"Bucharest\",\"continent\":\"Europe\",\"country\":\"rou\",\"region\":\"Bucharest\"},\"start_time\":\"2019-06-14T03:40:35.048156283Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:35.048156283Z", - "end": "2019-06-14T03:49:35.841633589Z", - "id": "ptjoddfhmrhgp", - "category": "network", - "type": "connection" + "packets": 214, + "port": 37292 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:7OTMfKZcYuKruC84JJAOtMtMx6w=", - "bytes": 310476, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 214, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 59790 }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:40:50.702194466Z", + "id": "ptjoddfhmrhg8", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhg8\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":59790,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:50.702194466Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:50.590894439Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:50.590894439Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 59790, - "ip": "67.43.156.14" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1784, + "community_id": "1:tW5o1L9SEuS4pptFcAjo5fF6q5w=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1784, - "packets": 7, "domain": "kibana", - "ip": "10.87.40.76" - }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhg8\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":59790,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:50.702194466Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:50.590894439Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:50.590894439Z", - "end": "2019-06-14T03:40:50.702194466Z", - "id": "ptjoddfhmrhg8", - "category": "network", - "type": "connection" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:tW5o1L9SEuS4pptFcAjo5fF6q5w=", - "bytes": 1784, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:15.857Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33552, - "domain": "kibana", - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 33552 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 209716, - "packets": 262, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:RgpWxKDKI4bxYgUqX3Z0ZpipsO4=", - "bytes": 209716, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 262, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } - }, - "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:55.213081491Z", + "id": "ptjoddfhmrhgf", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgf\",\"jsonPayload\":{\"bytes_sent\":\"209716\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33552,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213081491Z\",\"packets_sent\":\"262\",\"reporter\":\"SRC\",\"rtt_msec\":\"21\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075957044Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:06.075957044Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -12778,101 +12769,101 @@ "rtt": { "ms": 21 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgf\",\"jsonPayload\":{\"bytes_sent\":\"209716\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33552,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.213081491Z\",\"packets_sent\":\"262\",\"reporter\":\"SRC\",\"rtt_msec\":\"21\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075957044Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075957044Z", - "end": "2019-06-14T03:49:55.213081491Z", - "id": "ptjoddfhmrhgf", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33556, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 209716, + "community_id": "1:RgpWxKDKI4bxYgUqX3Z0ZpipsO4=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 262, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 165643, - "packets": 256, + "bytes": 209716, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 262, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:VN7YV4epNl2EJKRguZ3Rx7ylmok=", - "bytes": 165643, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 256, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33556 }, - "@timestamp": "2019-06-14T03:50:15.857Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565214145Z", + "id": "ptjoddfhmrhgg", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgg\",\"jsonPayload\":{\"bytes_sent\":\"165643\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33556,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565214145Z\",\"packets_sent\":\"256\",\"reporter\":\"SRC\",\"rtt_msec\":\"133\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:03.062674441Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:03.062674441Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -12880,34 +12871,20 @@ "rtt": { "ms": 133 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgg\",\"jsonPayload\":{\"bytes_sent\":\"165643\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33556,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565214145Z\",\"packets_sent\":\"256\",\"reporter\":\"SRC\",\"rtt_msec\":\"133\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:03.062674441Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:03.062674441Z", - "end": "2019-06-14T03:49:59.565214145Z", - "id": "ptjoddfhmrhgg", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 165643, + "community_id": "1:VN7YV4epNl2EJKRguZ3Rx7ylmok=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 256, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -12915,147 +12892,149 @@ "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 220 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 65257, - "ip": "67.43.156.13" - }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 65890, - "packets": 593, + "bytes": 165643, "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgb\",\"jsonPayload\":{\"bytes_sent\":\"65890\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65257,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220614265Z\",\"packets_sent\":\"593\",\"reporter\":\"SRC\",\"rtt_msec\":\"220\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.403388091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.403388091Z", - "end": "2019-06-14T03:49:56.220614265Z", - "id": "ptjoddfhmrhgb", - "category": "network", - "type": "connection" + "ip": "10.139.99.242", + "packets": 256, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:IOiOyU4WA7IZikjr7eAoksKW7Mw=", - "bytes": 65890, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 593, - "direction": "outbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, + "@timestamp": "2019-06-14T03:50:15.857Z", "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33538, - "bytes": 62620, - "domain": "kibana", "ip": "67.43.156.13", - "packets": 358 + "port": 65257 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220614265Z", + "id": "ptjoddfhmrhgb", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgb\",\"jsonPayload\":{\"bytes_sent\":\"65890\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65257,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220614265Z\",\"packets_sent\":\"593\",\"reporter\":\"SRC\",\"rtt_msec\":\"220\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.403388091Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:39:59.403388091Z", + "type": "connection" + }, + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 220 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:ZH1or4RA5RqLjC/iRPmayKRTLeA=", - "bytes": 62620, - "name": "default", - "transport": "tcp", - "type": "ipv4", + "bytes": 65890, + "community_id": "1:IOiOyU4WA7IZikjr7eAoksKW7Mw=", + "direction": "outbound", "iana_number": "6", - "packets": 358, - "direction": "internal" + "packets": 593, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] + }, + "source": { + "address": "10.139.99.242", + "bytes": 65890, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 593, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:15.857Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565124617Z", + "id": "ptjoddfhmrhgs", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgs\",\"jsonPayload\":{\"bytes_sent\":\"62620\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33538},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565124617Z\",\"packets_sent\":\"358\",\"reporter\":\"DEST\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074952616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:01.074952616Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -13063,101 +13042,113 @@ "rtt": { "ms": 250 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgs\",\"jsonPayload\":{\"bytes_sent\":\"62620\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33538},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565124617Z\",\"packets_sent\":\"358\",\"reporter\":\"DEST\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074952616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.074952616Z", - "end": "2019-06-14T03:49:59.565124617Z", - "id": "ptjoddfhmrhgs", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 62620, + "community_id": "1:ZH1or4RA5RqLjC/iRPmayKRTLeA=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 358, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 62620, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33692, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 185520, - "packets": 249, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.13", + "packets": 358, + "port": 33538 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:JliXl736rywggK/Xuo92yo5WPuY=", - "bytes": 185520, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 249, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33692 }, - "@timestamp": "2019-06-14T03:50:15.857Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565137912Z", + "id": "ptjoddfhmrhge", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhge\",\"jsonPayload\":{\"bytes_sent\":\"185520\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33692,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565137912Z\",\"packets_sent\":\"249\",\"reporter\":\"SRC\",\"rtt_msec\":\"181\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.558259934Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:00.558259934Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -13165,34 +13156,20 @@ "rtt": { "ms": 181 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhge\",\"jsonPayload\":{\"bytes_sent\":\"185520\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33692,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565137912Z\",\"packets_sent\":\"249\",\"reporter\":\"SRC\",\"rtt_msec\":\"181\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.558259934Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.558259934Z", - "end": "2019-06-14T03:49:59.565137912Z", - "id": "ptjoddfhmrhge", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:15.857Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 185520, + "community_id": "1:JliXl736rywggK/Xuo92yo5WPuY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 249, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -13200,144 +13177,146 @@ "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC" - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 185520, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 249, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65262, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 65262 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 33269, - "packets": 517, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgc\",\"jsonPayload\":{\"bytes_sent\":\"33269\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65262,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220741828Z\",\"packets_sent\":\"517\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.251430011Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.251430011Z", + "category": "network", "end": "2019-06-14T03:49:56.220741828Z", "id": "ptjoddfhmrhgc", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgc\",\"jsonPayload\":{\"bytes_sent\":\"33269\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65262,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220741828Z\",\"packets_sent\":\"517\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.251430011Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:00.251430011Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC" + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:0ZkH0evnSSMhLkKCLL1Ehnorl9s=", "bytes": 33269, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:0ZkH0evnSSMhLkKCLL1Ehnorl9s=", + "direction": "outbound", "iana_number": "6", "packets": 517, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33556, - "bytes": 58811, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 358 + "address": "10.139.99.242", + "bytes": 33269, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 517, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:VN7YV4epNl2EJKRguZ3Rx7ylmok=", - "bytes": 58811, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 358, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:15.857Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565214145Z", + "id": "ptjoddfhmrhg7", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhg7\",\"jsonPayload\":{\"bytes_sent\":\"58811\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33556},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565214145Z\",\"packets_sent\":\"358\",\"reporter\":\"DEST\",\"rtt_msec\":\"133\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:03.062674441Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:03.062674441Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -13345,154 +13324,181 @@ "rtt": { "ms": 133 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhg7\",\"jsonPayload\":{\"bytes_sent\":\"58811\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33556},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565214145Z\",\"packets_sent\":\"358\",\"reporter\":\"DEST\",\"rtt_msec\":\"133\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:03.062674441Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:03.062674441Z", - "end": "2019-06-14T03:49:59.565214145Z", - "id": "ptjoddfhmrhg7", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 58811, + "community_id": "1:VN7YV4epNl2EJKRguZ3Rx7ylmok=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 358, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 58811, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33876, - "bytes": 5220, - "packets": 86, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "67.43.156.13", + "packets": 358, + "port": 33556 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:OhbIPr/28Fsp+gsHSdoT+T8vBZA=", - "bytes": 5220, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 86, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:15.857Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:15.857Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.933338264Z", + "id": "ptjoddfhmrhgq", + "kind": "event", + "original": "{\"insertId\":\"ptjoddfhmrhgq\",\"jsonPayload\":{\"bytes_sent\":\"5220\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33876},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933338264Z\",\"packets_sent\":\"86\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466706102Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", + "start": "2019-06-14T03:40:08.466706102Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, - "vpcflow": { - "reporter": "SRC" - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } + }, + "vpcflow": { + "reporter": "SRC" } }, - "event": { - "original": "{\"insertId\":\"ptjoddfhmrhgq\",\"jsonPayload\":{\"bytes_sent\":\"5220\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33876},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933338264Z\",\"packets_sent\":\"86\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466706102Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:15.857334727Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:15.857334727Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466706102Z", - "end": "2019-06-14T03:49:37.933338264Z", - "id": "ptjoddfhmrhgq", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 5220, + "community_id": "1:OhbIPr/28Fsp+gsHSdoT+T8vBZA=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 86, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.14", - "10.139.99.242" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 5220, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 86, + "port": 33876 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 22 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:40:13.478093057Z", + "id": "bxuq05fhgmw9d", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw9d\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":41818},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:13.478093057Z\",\"packets_sent\":\"4\",\"reporter\":\"DEST\",\"rtt_msec\":\"1350\",\"src_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"start_time\":\"2019-06-14T03:40:11.031370298Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:11.031370298Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -13502,385 +13508,358 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 22, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 0, + "community_id": "1:iiFy+S+g1JJvu9kZvA1ivEiN2EM=", + "direction": "inbound", + "iana_number": "6", + "packets": 4, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 0, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 41818, - "bytes": 0, "ip": "67.43.156.14", - "packets": 4 - }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw9d\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":41818},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:13.478093057Z\",\"packets_sent\":\"4\",\"reporter\":\"DEST\",\"rtt_msec\":\"1350\",\"src_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"start_time\":\"2019-06-14T03:40:11.031370298Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:11.031370298Z", - "end": "2019-06-14T03:40:13.478093057Z", - "id": "bxuq05fhgmw9d", - "category": "network", - "type": "connection" + "packets": 4, + "port": 41818 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:iiFy+S+g1JJvu9kZvA1ivEiN2EM=", - "bytes": 0, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 4, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:16.593Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33524, - "bytes": 4580, - "packets": 60, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:KTuz6NE5trahWJ94CUsvoASfpt8=", - "bytes": 4580, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 60, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.461240929Z", + "id": "bxuq05fhgmw90", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw90\",\"jsonPayload\":{\"bytes_sent\":\"4580\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33524},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461240929Z\",\"packets_sent\":\"60\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.789945697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:24.789945697Z", + "type": "connection" }, "gcp": { "destination": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "SRC" - }, - "source": { + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - } - }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw90\",\"jsonPayload\":{\"bytes_sent\":\"4580\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33524},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461240929Z\",\"packets_sent\":\"60\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.789945697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:24.789945697Z", - "end": "2019-06-14T03:49:56.461240929Z", - "id": "bxuq05fhgmw90", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "destination": { + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { - "reporter": "DEST", - "rtt": { - "ms": 92 - } + "reporter": "SRC" } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 65322, - "bytes": 270437, - "ip": "67.43.156.13", - "packets": 668 + "network": { + "bytes": 4580, + "community_id": "1:KTuz6NE5trahWJ94CUsvoASfpt8=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 60, + "transport": "tcp", + "type": "ipv4" }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw8w\",\"jsonPayload\":{\"bytes_sent\":\"270437\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65322},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.408936364Z\",\"packets_sent\":\"668\",\"reporter\":\"DEST\",\"rtt_msec\":\"92\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.703392247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.703392247Z", - "end": "2019-06-14T03:49:55.408936364Z", - "id": "bxuq05fhgmw8w", - "category": "network", - "type": "connection" + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] + }, + "source": { + "address": "10.87.40.76", + "bytes": 4580, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 60, + "port": 33524 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:aRPYFHez0LD3jAm92mNT3UC23bE=", - "bytes": 270437, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 668, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:55.408936364Z", + "id": "bxuq05fhgmw8w", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw8w\",\"jsonPayload\":{\"bytes_sent\":\"270437\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65322},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:55.408936364Z\",\"packets_sent\":\"668\",\"reporter\":\"DEST\",\"rtt_msec\":\"92\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.703392247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:39:59.703392247Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 92 - } - }, - "source": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 92 } } }, - "destination": { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 270437, + "community_id": "1:aRPYFHez0LD3jAm92mNT3UC23bE=", + "direction": "inbound", + "iana_number": "6", + "packets": 668, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 270437, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "packets": 668, + "port": 65322 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "destination": { + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 65322, - "ip": "67.43.156.13" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 65322 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 19019, - "packets": 604, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bxuq05fhgmw94\",\"jsonPayload\":{\"bytes_sent\":\"19019\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65322,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:55.408936364Z\",\"packets_sent\":\"604\",\"reporter\":\"SRC\",\"rtt_msec\":\"92\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.703392247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.703392247Z", + "category": "network", "end": "2019-06-14T03:49:55.408936364Z", "id": "bxuq05fhgmw94", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw94\",\"jsonPayload\":{\"bytes_sent\":\"19019\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65322,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:55.408936364Z\",\"packets_sent\":\"604\",\"reporter\":\"SRC\",\"rtt_msec\":\"92\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.703392247Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:39:59.703392247Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 92 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:aRPYFHez0LD3jAm92mNT3UC23bE=", "bytes": 19019, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:aRPYFHez0LD3jAm92mNT3UC23bE=", + "direction": "outbound", "iana_number": "6", "packets": 604, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33568, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 16208, + "address": "10.139.99.242", + "bytes": 19019, "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 80 + "ip": "10.139.99.242", + "packets": 604, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:XDhlyCx6ikMFDl8JVik4ROYVJJY=", - "bytes": 16208, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 80, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33568 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.789269849Z", + "id": "bxuq05fhgmw8x", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw8x\",\"jsonPayload\":{\"bytes_sent\":\"16208\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33568,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789269849Z\",\"packets_sent\":\"80\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.455711202Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:08.455711202Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -13888,101 +13867,113 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw8x\",\"jsonPayload\":{\"bytes_sent\":\"16208\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33568,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789269849Z\",\"packets_sent\":\"80\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.455711202Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.455711202Z", - "end": "2019-06-14T03:49:51.789269849Z", - "id": "bxuq05fhgmw8x", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 16208, + "community_id": "1:XDhlyCx6ikMFDl8JVik4ROYVJJY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 80, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 16208, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33568, - "bytes": 9800, - "packets": 120, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "67.43.156.14", + "packets": 80, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:XDhlyCx6ikMFDl8JVik4ROYVJJY=", - "bytes": 9800, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 120, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.789269849Z", + "id": "bxuq05fhgmw8v", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw8v\",\"jsonPayload\":{\"bytes_sent\":\"9800\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33568},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789269849Z\",\"packets_sent\":\"120\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.455711202Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:08.455711202Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -13990,55 +13981,70 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw8v\",\"jsonPayload\":{\"bytes_sent\":\"9800\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33568},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789269849Z\",\"packets_sent\":\"120\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.455711202Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.455711202Z", - "end": "2019-06-14T03:49:51.789269849Z", - "id": "bxuq05fhgmw8v", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 9800, + "community_id": "1:XDhlyCx6ikMFDl8JVik4ROYVJJY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 120, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "192.168.2.117", - "10.87.40.76" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 9800, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 120, + "port": 33568 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:09.114674887Z", + "id": "bxuq05fhgmw8z", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw8z\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":58026},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:09.114674887Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"40\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:08.995009558Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:49:08.995009558Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -14048,101 +14054,110 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1467, + "community_id": "1:GlCQ5a9VOJVReAwOuh722hRVrD0=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.117", + "10.87.40.76" + ] }, "source": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, + "address": "192.168.2.117", "as": { "number": 15169 }, - "address": "192.168.2.117", - "port": 58026, "bytes": 1467, + "geo": { + "continent_name": "America", + "country_name": "usa" + }, "ip": "192.168.2.117", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw8z\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":58026},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:09.114674887Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"40\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:08.995009558Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:49:08.995009558Z", - "end": "2019-06-14T03:49:09.114674887Z", - "id": "bxuq05fhgmw8z", - "category": "network", - "type": "connection" + "packets": 7, + "port": 58026 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:GlCQ5a9VOJVReAwOuh722hRVrD0=", - "bytes": 1467, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:16.593Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { "address": "10.87.40.76", - "port": 33564, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "port": 33564 }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.597223164Z", + "id": "bxuq05fhgmw9b", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw9b\",\"jsonPayload\":{\"bytes_sent\":\"19506\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33564,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597223164Z\",\"packets_sent\":\"180\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866699945Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:08.866699945Z", + "type": "connection" + }, + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" }, - "country_iso_code": "BT" + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } }, - "as": { - "number": 35908 + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 19506, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 180 + "vpcflow": { + "reporter": "DEST" + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:xK6qqvSvQC9vUS1J4R94Va2tqkE=", "bytes": 19506, - "name": "default", - "transport": "tcp", - "type": "ipv4", + "community_id": "1:xK6qqvSvQC9vUS1J4R94Va2tqkE=", + "direction": "internal", "iana_number": "6", + "name": "default", "packets": 180, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } - }, - "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -14150,70 +14165,61 @@ "10.87.40.76" ] }, - "gcp": { - "destination": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "DEST" + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "bytes": 19506, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } - } + }, + "ip": "67.43.156.14", + "packets": 180, + "port": 9200 }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw9b\",\"jsonPayload\":{\"bytes_sent\":\"19506\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33564,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597223164Z\",\"packets_sent\":\"180\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866699945Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.866699945Z", - "end": "2019-06-14T03:49:59.597223164Z", - "id": "bxuq05fhgmw9b", - "category": "network", - "type": "connection" - } + "tags": [ + "preserve_original_event" + ] }, { "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:44:07.811355936Z", + "id": "bxuq05fhgmw8y", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw8y\",\"jsonPayload\":{\"bytes_sent\":\"1496\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":32882},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:07.811355936Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:07.689331553Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:44:07.689331553Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -14223,119 +14229,104 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1496, + "community_id": "1:FXnFBvk886dW60zh9GYIhTfux90=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1496, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 32882, - "bytes": 1496, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw8y\",\"jsonPayload\":{\"bytes_sent\":\"1496\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":32882},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:07.811355936Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:07.689331553Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:44:07.689331553Z", - "end": "2019-06-14T03:44:07.811355936Z", - "id": "bxuq05fhgmw8y", - "category": "network", - "type": "connection" + "packets": 7, + "port": 32882 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:FXnFBvk886dW60zh9GYIhTfux90=", - "bytes": 1496, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:16.593Z", + "cloud": { + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + }, + "region": "us-central1" }, "destination": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, + "address": "192.168.2.177", "as": { "number": 15169 }, - "address": "192.168.2.177", - "port": 60126, "domain": "suricata-iowa", - "ip": "192.168.2.177" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 155675, - "packets": 288, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:sulbuX1U/FB5g/v7obH/rY0tcHw=", - "bytes": 155675, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 288, - "direction": "internal" - }, - "cloud": { - "region": "us-central1", - "availability_zone": "us-central1-a", - "project": { - "id": "my-sample-project" - } + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.177", + "port": 60126 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "192.168.2.177" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:52.101129310Z", + "id": "bxuq05fhgmw9e", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw9e\",\"jsonPayload\":{\"bytes_sent\":\"155675\",\"connection\":{\"dest_ip\":\"192.168.2.177\",\"dest_port\":60126,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.101129310Z\",\"packets_sent\":\"288\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.019841536Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:02.019841536Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-central1", "project_id": "my-sample-project", - "zone": "us-central1-a" + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -14343,136 +14334,151 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw9e\",\"jsonPayload\":{\"bytes_sent\":\"155675\",\"connection\":{\"dest_ip\":\"192.168.2.177\",\"dest_port\":60126,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.101129310Z\",\"packets_sent\":\"288\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.019841536Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:02.019841536Z", - "end": "2019-06-14T03:49:52.101129310Z", - "id": "bxuq05fhgmw9e", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 155675, + "community_id": "1:sulbuX1U/FB5g/v7obH/rY0tcHw=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 288, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "67.43.156.13" + "10.139.99.242", + "192.168.2.177" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.139.99.242", + "bytes": 155675, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 288, + "port": 9200 }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } }, + "ip": "67.43.156.13", + "port": 32882 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:44:07.811355936Z", + "id": "bxuq05fhgmw98", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw98\",\"jsonPayload\":{\"bytes_sent\":\"1791\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":32882,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:07.811355936Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:07.689331553Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:44:07.689331553Z", + "type": "connection" + }, + "gcp": { "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 32882, - "ip": "67.43.156.13" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1791, + "community_id": "1:FXnFBvk886dW60zh9GYIhTfux90=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1791, - "packets": 7, "domain": "kibana", - "ip": "10.87.40.76" - }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw98\",\"jsonPayload\":{\"bytes_sent\":\"1791\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":32882,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:07.811355936Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:07.689331553Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:44:07.689331553Z", - "end": "2019-06-14T03:44:07.811355936Z", - "id": "bxuq05fhgmw98", - "category": "network", - "type": "connection" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:FXnFBvk886dW60zh9GYIhTfux90=", - "bytes": 1791, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:02.085146013Z", + "id": "bxuq05fhgmw96", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw96\",\"jsonPayload\":{\"bytes_sent\":\"28304484\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":39568},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:02.085146013Z\",\"packets_sent\":\"2400\",\"reporter\":\"DEST\",\"rtt_msec\":\"15\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:00.480787267Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:00.480787267Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -14482,57 +14488,109 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 28304484, + "community_id": "1:D3OepdPO3lrAoChStvPcsoP/HLk=", + "direction": "inbound", + "iana_number": "6", + "packets": 2400, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 28304484, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "packets": 2400, + "port": 39568 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "destination": { + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 39568, - "bytes": 28304484, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.13", - "packets": 2400 + "port": 39568 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bxuq05fhgmw96\",\"jsonPayload\":{\"bytes_sent\":\"28304484\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":39568},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:02.085146013Z\",\"packets_sent\":\"2400\",\"reporter\":\"DEST\",\"rtt_msec\":\"15\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:00.480787267Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "category": "network", + "end": "2019-06-14T03:49:02.085146013Z", + "id": "bxuq05fhgmw99", "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw99\",\"jsonPayload\":{\"bytes_sent\":\"2962242\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":39568,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:02.085146013Z\",\"packets_sent\":\"1340\",\"reporter\":\"SRC\",\"rtt_msec\":\"15\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.480787267Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", "start": "2019-06-14T03:40:00.480787267Z", - "end": "2019-06-14T03:49:02.085146013Z", - "id": "bxuq05fhgmw96", - "category": "network", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 15 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { + "bytes": 2962242, "community_id": "1:D3OepdPO3lrAoChStvPcsoP/HLk=", - "bytes": 28304484, - "transport": "tcp", - "type": "ipv4", + "direction": "outbound", "iana_number": "6", - "packets": 2400, - "direction": "inbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "packets": 1340, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -14540,223 +14598,156 @@ "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 15 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 2962242, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 1340, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, + "address": "192.168.2.117", "as": { - "number": 35908 + "number": 15169 }, - "address": "67.43.156.13", - "port": 39568, - "ip": "67.43.156.13" + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.117", + "port": 58026 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 2962242, - "packets": 1340, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bxuq05fhgmw99\",\"jsonPayload\":{\"bytes_sent\":\"2962242\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":39568,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:02.085146013Z\",\"packets_sent\":\"1340\",\"reporter\":\"SRC\",\"rtt_msec\":\"15\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.480787267Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.480787267Z", - "end": "2019-06-14T03:49:02.085146013Z", - "id": "bxuq05fhgmw99", "category": "network", + "end": "2019-06-14T03:49:09.114674887Z", + "id": "bxuq05fhgmw93", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw93\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":58026,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:09.114674887Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"40\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:08.995009558Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:49:08.995009558Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:D3OepdPO3lrAoChStvPcsoP/HLk=", - "bytes": 2962242, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 1340, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.87.40.76", - "192.168.2.117" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 40 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } - } - }, - "destination": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, - "as": { - "number": 15169 }, - "address": "192.168.2.117", - "port": 58026, - "ip": "192.168.2.117" - }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1781, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 40 + } + } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw93\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":58026,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:09.114674887Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"40\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:08.995009558Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:49:08.995009558Z", - "end": "2019-06-14T03:49:09.114674887Z", - "id": "bxuq05fhgmw93", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:GlCQ5a9VOJVReAwOuh722hRVrD0=", "bytes": 1781, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:GlCQ5a9VOJVReAwOuh722hRVrD0=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "related": { + "ip": [ + "10.87.40.76", + "192.168.2.117" + ] }, "source": { "address": "10.87.40.76", - "port": 33874, - "bytes": 9611, - "packets": 101, + "bytes": 1781, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:h8J6a5Itbyk70zoisAG0nlUOW1s=", - "bytes": 9611, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 101, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.933323342Z", + "id": "bxuq05fhgmw9f", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw9f\",\"jsonPayload\":{\"bytes_sent\":\"9611\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33874},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933323342Z\",\"packets_sent\":\"101\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510575555Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:20.510575555Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -14764,200 +14755,188 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw9f\",\"jsonPayload\":{\"bytes_sent\":\"9611\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33874},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933323342Z\",\"packets_sent\":\"101\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510575555Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.510575555Z", - "end": "2019-06-14T03:49:37.933323342Z", - "id": "bxuq05fhgmw9f", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "network": { + "bytes": 9611, + "community_id": "1:h8J6a5Itbyk70zoisAG0nlUOW1s=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 101, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 33564, - "bytes": 318481, - "packets": 181, + "bytes": 9611, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "packets": 101, + "port": 33874 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:xK6qqvSvQC9vUS1J4R94Va2tqkE=", - "bytes": 318481, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 181, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.597223164Z", + "id": "bxuq05fhgmw9j", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw9j\",\"jsonPayload\":{\"bytes_sent\":\"318481\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33564},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597223164Z\",\"packets_sent\":\"181\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866699945Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:08.866699945Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, - "vpcflow": { - "reporter": "SRC" - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } + }, + "vpcflow": { + "reporter": "SRC" } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw9j\",\"jsonPayload\":{\"bytes_sent\":\"318481\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33564},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597223164Z\",\"packets_sent\":\"181\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866699945Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.866699945Z", - "end": "2019-06-14T03:49:59.597223164Z", - "id": "bxuq05fhgmw9j", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33874, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 318481, + "community_id": "1:xK6qqvSvQC9vUS1J4R94Va2tqkE=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 181, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 139359, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 70 + "address": "10.87.40.76", + "bytes": 318481, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 181, + "port": 33564 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:h8J6a5Itbyk70zoisAG0nlUOW1s=", - "bytes": 139359, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 70, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33874 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.933323342Z", + "id": "bxuq05fhgmw97", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw97\",\"jsonPayload\":{\"bytes_sent\":\"139359\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33874,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933323342Z\",\"packets_sent\":\"70\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510575555Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:20.510575555Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -14965,55 +14944,82 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw97\",\"jsonPayload\":{\"bytes_sent\":\"139359\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33874,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933323342Z\",\"packets_sent\":\"70\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510575555Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.510575555Z", - "end": "2019-06-14T03:49:37.933323342Z", - "id": "bxuq05fhgmw97", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 139359, + "community_id": "1:h8J6a5Itbyk70zoisAG0nlUOW1s=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 70, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", + "67.43.156.14", "10.87.40.76" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 139359, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "packets": 70, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:42:50.942543211Z", + "id": "bxuq05fhgmw9i", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw9i\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":60640},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:50.942543211Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:50.830164366Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:42:50.830164366Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -15023,385 +15029,358 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 60640, + "network": { "bytes": 1461, - "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw9i\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":60640},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:50.942543211Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:42:50.830164366Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:42:50.830164366Z", - "end": "2019-06-14T03:42:50.942543211Z", - "id": "bxuq05fhgmw9i", - "category": "network", - "type": "connection" - }, - "tags": [ - "preserve_original_event" - ], - "network": { "community_id": "1:J26+Ln48KsAEVBqcU2DcbUsddkk=", - "bytes": 1461, - "transport": "tcp", - "type": "ipv4", + "direction": "inbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", - "67.43.156.14" + "67.43.156.13", + "10.87.40.76" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 1350 - } + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 1461, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "packets": 7, + "port": 60640 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "destination": { + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 41818, - "ip": "67.43.156.14" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 41818 }, - "source": { - "address": "10.139.99.242", - "port": 22, - "bytes": 45, - "packets": 9, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bxuq05fhgmw9c\",\"jsonPayload\":{\"bytes_sent\":\"45\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":41818,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"end_time\":\"2019-06-14T03:43:16.809366809Z\",\"packets_sent\":\"9\",\"reporter\":\"SRC\",\"rtt_msec\":\"1350\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:11.031370298Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:11.031370298Z", + "category": "network", "end": "2019-06-14T03:43:16.809366809Z", "id": "bxuq05fhgmw9c", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw9c\",\"jsonPayload\":{\"bytes_sent\":\"45\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":41818,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"end_time\":\"2019-06-14T03:43:16.809366809Z\",\"packets_sent\":\"9\",\"reporter\":\"SRC\",\"rtt_msec\":\"1350\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:11.031370298Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:11.031370298Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1350 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:iiFy+S+g1JJvu9kZvA1ivEiN2EM=", "bytes": 45, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:iiFy+S+g1JJvu9kZvA1ivEiN2EM=", + "direction": "outbound", "iana_number": "6", "packets": 9, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "67.43.156.13" + "10.139.99.242", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 45, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 9, + "port": 22 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 60640, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 60640 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1781, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"bxuq05fhgmw9h\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":60640,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:50.942543211Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:50.830164366Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:42:50.830164366Z", + "category": "network", "end": "2019-06-14T03:42:50.942543211Z", "id": "bxuq05fhgmw9h", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw9h\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":60640,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:42:50.942543211Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:50.830164366Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:42:50.830164366Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:J26+Ln48KsAEVBqcU2DcbUsddkk=", "bytes": 1781, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:J26+Ln48KsAEVBqcU2DcbUsddkk=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33966, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 358920, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 61 + "address": "10.87.40.76", + "bytes": 1781, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:uTd+omrfPom0tjhwVM+taqHcEco=", - "bytes": 358920, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 61, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33966 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "bxuq05fhgmw92", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw92\",\"jsonPayload\":{\"bytes_sent\":\"358920\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33966,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"61\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510534141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:20.510534141Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, - "vpcflow": { - "reporter": "DEST" - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } + }, + "vpcflow": { + "reporter": "DEST" } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw92\",\"jsonPayload\":{\"bytes_sent\":\"358920\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33966,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"61\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510534141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.510534141Z", - "end": "2019-06-14T03:49:51.821302149Z", - "id": "bxuq05fhgmw92", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 358920, + "community_id": "1:uTd+omrfPom0tjhwVM+taqHcEco=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 61, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 358920, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 53104, - "bytes": 653827, - "domain": "zeek-nsm", "ip": "67.43.156.14", - "packets": 286 + "packets": 61, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:TMH6IVeF6TnVWOY7cFvGCaCMaPY=", - "bytes": 653827, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 286, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:45.312543839Z", + "id": "bxuq05fhgmw8u", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw8u\",\"jsonPayload\":{\"bytes_sent\":\"653827\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":53104},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:45.312543839Z\",\"packets_sent\":\"286\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.188944581Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:00.188944581Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", - "zone": "us-east1-b" + "region": "us-central1", + "zone": "us-central1-a" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -15409,294 +15388,299 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "my-sample-project", - "zone": "us-central1-a" - } } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw8u\",\"jsonPayload\":{\"bytes_sent\":\"653827\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":53104},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:45.312543839Z\",\"packets_sent\":\"286\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.188944581Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.188944581Z", - "end": "2019-06-14T03:49:45.312543839Z", - "id": "bxuq05fhgmw8u", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 653827, + "community_id": "1:TMH6IVeF6TnVWOY7cFvGCaCMaPY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 286, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 653827, + "domain": "zeek-nsm", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33966, - "bytes": 5220, - "packets": 81, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "67.43.156.14", + "packets": 286, + "port": 53104 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:uTd+omrfPom0tjhwVM+taqHcEco=", - "bytes": 5220, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 81, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "bxuq05fhgmw9g", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw9g\",\"jsonPayload\":{\"bytes_sent\":\"5220\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33966},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"81\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510534141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:20.510534141Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, - "vpcflow": { - "reporter": "SRC" - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } + }, + "vpcflow": { + "reporter": "SRC" } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw9g\",\"jsonPayload\":{\"bytes_sent\":\"5220\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33966},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"81\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510534141Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.510534141Z", - "end": "2019-06-14T03:49:51.821302149Z", - "id": "bxuq05fhgmw9g", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33524, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 5220, + "community_id": "1:uTd+omrfPom0tjhwVM+taqHcEco=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 81, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 31140, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 40 + "address": "10.87.40.76", + "bytes": 5220, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 81, + "port": 33966 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:KTuz6NE5trahWJ94CUsvoASfpt8=", - "bytes": 31140, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 40, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33524 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.461240929Z", + "id": "bxuq05fhgmw91", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw91\",\"jsonPayload\":{\"bytes_sent\":\"31140\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33524,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461240929Z\",\"packets_sent\":\"40\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.789945697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:24.789945697Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, - "vpcflow": { - "reporter": "DEST" - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } + }, + "vpcflow": { + "reporter": "DEST" } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw91\",\"jsonPayload\":{\"bytes_sent\":\"31140\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33524,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.461240929Z\",\"packets_sent\":\"40\",\"reporter\":\"DEST\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:24.789945697Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:24.789945697Z", - "end": "2019-06-14T03:49:56.461240929Z", - "id": "bxuq05fhgmw91", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 31140, + "community_id": "1:KTuz6NE5trahWJ94CUsvoASfpt8=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 40, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, + "address": "67.43.156.14", "as": { - "number": 15169 + "number": 35908 }, - "address": "192.168.2.177", - "port": 60126, - "bytes": 1610630, - "domain": "suricata-iowa", - "ip": "192.168.2.177", - "packets": 509 + "bytes": 31140, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "packets": 40, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:sulbuX1U/FB5g/v7obH/rY0tcHw=", - "bytes": 1610630, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 509, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:16.593Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.177", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:52.101129310Z", + "id": "bxuq05fhgmw95", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw95\",\"jsonPayload\":{\"bytes_sent\":\"1610630\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.177\",\"src_port\":60126},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.101129310Z\",\"packets_sent\":\"509\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.019841536Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:02.019841536Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", - "zone": "us-east1-b" + "region": "us-central1", + "zone": "us-central1-a" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -15704,101 +15688,108 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "my-sample-project", - "zone": "us-central1-a" - } } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw95\",\"jsonPayload\":{\"bytes_sent\":\"1610630\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.177\",\"src_port\":60126},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.101129310Z\",\"packets_sent\":\"509\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.019841536Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:02.019841536Z", - "end": "2019-06-14T03:49:52.101129310Z", - "id": "bxuq05fhgmw95", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 53104, - "domain": "zeek-nsm", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 37145, - "packets": 158, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:TMH6IVeF6TnVWOY7cFvGCaCMaPY=", - "bytes": 37145, + "bytes": 1610630, + "community_id": "1:sulbuX1U/FB5g/v7obH/rY0tcHw=", + "direction": "internal", + "iana_number": "6", "name": "default", + "packets": 509, "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 158, - "direction": "internal" - }, - "cloud": { - "region": "us-central1", - "availability_zone": "us-central1-a", - "project": { - "id": "my-sample-project" - } - }, - "@timestamp": "2019-06-14T03:50:16.593Z", - "ecs": { - "version": "8.0.0" + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", - "67.43.156.14" - ] + "192.168.2.177", + "10.139.99.242" + ] + }, + "source": { + "address": "192.168.2.177", + "as": { + "number": 15169 + }, + "bytes": 1610630, + "domain": "suricata-iowa", + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.177", + "packets": 509, + "port": 60126 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:16.593Z", + "cloud": { + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + }, + "region": "us-central1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "zeek-nsm", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 53104 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:45.312543839Z", + "id": "bxuq05fhgmw9a", + "kind": "event", + "original": "{\"insertId\":\"bxuq05fhgmw9a\",\"jsonPayload\":{\"bytes_sent\":\"37145\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":53104,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:45.312543839Z\",\"packets_sent\":\"158\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.188944581Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", + "start": "2019-06-14T03:40:00.188944581Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-central1", "project_id": "my-sample-project", - "zone": "us-central1-a" + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -15806,55 +15797,70 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"bxuq05fhgmw9a\",\"jsonPayload\":{\"bytes_sent\":\"37145\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":53104,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:45.312543839Z\",\"packets_sent\":\"158\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.188944581Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:16.593800036Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:16.593800036Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.188944581Z", - "end": "2019-06-14T03:49:45.312543839Z", - "id": "bxuq05fhgmw9a", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 37145, + "community_id": "1:TMH6IVeF6TnVWOY7cFvGCaCMaPY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 158, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.87.40.76" + "10.139.99.242", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.139.99.242", + "bytes": 37145, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 158, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:44:20.748121914Z", + "id": "198begsfh44xy3", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xy3\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":53972},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:20.748121914Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:20.634231041Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:44:20.634231041Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -15864,130 +15870,174 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1460, + "community_id": "1:G2L3Fxl2iVvSfj1H8WznQobSRWA=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1460, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 53972, - "bytes": 1460, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"198begsfh44xy3\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":53972},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:20.748121914Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:20.634231041Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:44:20.634231041Z", - "end": "2019-06-14T03:44:20.748121914Z", - "id": "198begsfh44xy3", - "category": "network", - "type": "connection" + "packets": 7, + "port": 53972 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:G2L3Fxl2iVvSfj1H8WznQobSRWA=", - "bytes": 1460, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "192.168.2.117", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:20.632737426Z", + "id": "198begsfh44xxt", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxt\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":58100},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:20.632737426Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:20.512264850Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:49:20.512264850Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { "reporter": "DEST" } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1458, + "community_id": "1:ceerAKbpeTRZtrx63xVfavQBc2o=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.117", + "10.87.40.76" + ] }, "source": { + "address": "192.168.2.117", + "as": { + "number": 15169 + }, + "bytes": 1458, "geo": { "continent_name": "America", "country_name": "usa" }, + "ip": "192.168.2.117", + "packets": 7, + "port": 58100 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "destination": { + "address": "192.168.2.117", "as": { "number": 15169 }, - "address": "192.168.2.117", - "port": 58100, - "bytes": 1458, + "geo": { + "continent_name": "America", + "country_name": "usa" + }, "ip": "192.168.2.117", - "packets": 7 + "port": 58100 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"198begsfh44xxt\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":58100},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:20.632737426Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:20.512264850Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:49:20.512264850Z", - "end": "2019-06-14T03:49:20.632737426Z", - "id": "198begsfh44xxt", "category": "network", + "end": "2019-06-14T03:49:20.632777660Z", + "id": "198begsfh44xy8", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xy8\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":58100,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:20.632777660Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:20.512407536Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:49:20.512407536Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC" + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { + "bytes": 1781, "community_id": "1:ceerAKbpeTRZtrx63xVfavQBc2o=", - "bytes": 1458, - "transport": "tcp", - "type": "ipv4", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -15995,312 +16045,239 @@ "192.168.2.117" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC" - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, - "as": { - "number": 15169 - }, - "address": "192.168.2.117", - "port": 58100, - "ip": "192.168.2.117" - }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1781, - "packets": 7, "domain": "kibana", - "ip": "10.87.40.76" - }, - "event": { - "original": "{\"insertId\":\"198begsfh44xy8\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":58100,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:20.632777660Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:20.512407536Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:49:20.512407536Z", - "end": "2019-06-14T03:49:20.632777660Z", - "id": "198begsfh44xy8", - "category": "network", - "type": "connection" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:ceerAKbpeTRZtrx63xVfavQBc2o=", - "bytes": 1781, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 60756 }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:43:11.032929292Z", + "id": "198begsfh44xy9", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xy9\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":60756,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:11.032929292Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:10.912193869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:43:10.912193869Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 60756, - "ip": "67.43.156.14" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1781, + "community_id": "1:uyxwjanUYILl+d9QoxpwFo8pJ48=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1781, - "packets": 7, "domain": "kibana", - "ip": "10.87.40.76" - }, - "event": { - "original": "{\"insertId\":\"198begsfh44xy9\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":60756,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:11.032929292Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:10.912193869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:43:10.912193869Z", - "end": "2019-06-14T03:43:11.032929292Z", - "id": "198begsfh44xy9", - "category": "network", - "type": "connection" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:uyxwjanUYILl+d9QoxpwFo8pJ48=", - "bytes": 1781, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 22 }, - "related": { - "ip": [ - "67.43.156.14", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:40:12.064908439Z", + "id": "198begsfh44xxr", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxr\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":14236},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:12.064908439Z\",\"packets_sent\":\"3\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"start_time\":\"2019-06-14T03:40:08.247072525Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:40:08.247072525Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { "reporter": "DEST" } }, - "destination": { - "address": "10.139.99.242", - "port": 22, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 0, + "community_id": "1:qXQaZlrUFOCwuROMy7BhHqdjz/0=", + "direction": "inbound", + "iana_number": "6", + "packets": 3, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 0, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.14", + "packets": 3, + "port": 14236 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "destination": { + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 14236, - "bytes": 0, - "ip": "67.43.156.14", - "packets": 3 + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 60122 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"198begsfh44xxr\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":14236},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:12.064908439Z\",\"packets_sent\":\"3\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"start_time\":\"2019-06-14T03:40:08.247072525Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.247072525Z", - "end": "2019-06-14T03:40:12.064908439Z", - "id": "198begsfh44xxr", "category": "network", + "end": "2019-06-14T03:41:39.207635184Z", + "id": "198begsfh44xy2", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xy2\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":60122,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:39.207635184Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:39.087226326Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:41:39.087226326Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:qXQaZlrUFOCwuROMy7BhHqdjz/0=", - "bytes": 0, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 3, - "direction": "inbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.13" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } - } - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 }, - "address": "67.43.156.13", - "port": 60122, - "ip": "67.43.156.13" - }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1781, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } }, - "event": { - "original": "{\"insertId\":\"198begsfh44xy2\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":60122,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:39.207635184Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:39.087226326Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:41:39.087226326Z", - "end": "2019-06-14T03:41:39.207635184Z", - "id": "198begsfh44xy2", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:WGg0+cb+0s5Ex6XJLyeCaLPvkpg=", "bytes": 1781, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:WGg0+cb+0s5Ex6XJLyeCaLPvkpg=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -16308,147 +16285,149 @@ "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.87.40.76", + "bytes": 1781, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 53972, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 53972 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1782, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"198begsfh44xy6\",\"jsonPayload\":{\"bytes_sent\":\"1782\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":53972,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:20.748121914Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:20.634231041Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:44:20.634231041Z", + "category": "network", "end": "2019-06-14T03:44:20.748121914Z", "id": "198begsfh44xy6", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xy6\",\"jsonPayload\":{\"bytes_sent\":\"1782\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":53972,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:20.748121914Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:20.634231041Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:44:20.634231041Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:G2L3Fxl2iVvSfj1H8WznQobSRWA=", "bytes": 1782, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:G2L3Fxl2iVvSfj1H8WznQobSRWA=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33530, - "bytes": 68545, + "address": "10.87.40.76", + "bytes": 1782, "domain": "kibana", - "ip": "67.43.156.13", - "packets": 368 + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:2r+9oNITMpL8veN57VUSy8JQkp0=", - "bytes": 68545, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 368, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.291Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:52.205089801Z", + "id": "198begsfh44xxx", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxx\",\"jsonPayload\":{\"bytes_sent\":\"68545\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33530},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.205089801Z\",\"packets_sent\":\"368\",\"reporter\":\"DEST\",\"rtt_msec\":\"163\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140301693Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:40:00.140301693Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -16456,34 +16435,20 @@ "rtt": { "ms": 163 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"198begsfh44xxx\",\"jsonPayload\":{\"bytes_sent\":\"68545\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33530},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.205089801Z\",\"packets_sent\":\"368\",\"reporter\":\"DEST\",\"rtt_msec\":\"163\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140301693Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.140301693Z", - "end": "2019-06-14T03:49:52.205089801Z", - "id": "198begsfh44xxx", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 68545, + "community_id": "1:2r+9oNITMpL8veN57VUSy8JQkp0=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 368, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -16491,20 +16456,61 @@ "10.139.99.242" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 68545, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "packets": 368, + "port": 33530 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220838853Z", + "id": "198begsfh44xy4", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xy4\",\"jsonPayload\":{\"bytes_sent\":\"74613\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65274},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"745\",\"reporter\":\"DEST\",\"rtt_msec\":\"209\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:01.270996793Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:40:01.270996793Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -16514,78 +16520,78 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 74613, + "community_id": "1:x8d/OIPY4zsghmchjpMb6iKfgGo=", + "direction": "inbound", + "iana_number": "6", + "packets": 745, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 74613, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65274, - "bytes": 74613, "ip": "67.43.156.13", - "packets": 745 - }, - "event": { - "original": "{\"insertId\":\"198begsfh44xy4\",\"jsonPayload\":{\"bytes_sent\":\"74613\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65274},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"745\",\"reporter\":\"DEST\",\"rtt_msec\":\"209\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:01.270996793Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.270996793Z", - "end": "2019-06-14T03:49:56.220838853Z", - "id": "198begsfh44xy4", - "category": "network", - "type": "connection" + "packets": 745, + "port": 65274 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:x8d/OIPY4zsghmchjpMb6iKfgGo=", - "bytes": 74613, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 745, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.312105537Z", + "id": "198begsfh44xy1", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xy1\",\"jsonPayload\":{\"bytes_sent\":\"74942\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":53879},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"726\",\"reporter\":\"DEST\",\"rtt_msec\":\"176\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760414869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:40:00.760414869Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -16595,78 +16601,78 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 74942, + "community_id": "1:AkCFUf83/4ycKxpQQkP7p7l9aqs=", + "direction": "inbound", + "iana_number": "6", + "packets": 726, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 74942, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 53879, - "bytes": 74942, "ip": "67.43.156.13", - "packets": 726 - }, - "event": { - "original": "{\"insertId\":\"198begsfh44xy1\",\"jsonPayload\":{\"bytes_sent\":\"74942\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":53879},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"726\",\"reporter\":\"DEST\",\"rtt_msec\":\"176\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760414869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.760414869Z", - "end": "2019-06-14T03:49:56.312105537Z", - "id": "198begsfh44xy1", - "category": "network", - "type": "connection" + "packets": 726, + "port": 53879 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:AkCFUf83/4ycKxpQQkP7p7l9aqs=", - "bytes": 74942, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 726, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:47:38.299054333Z", + "id": "198begsfh44xxp", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxp\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":34450},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:38.299054333Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:38.189569840Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:47:38.189569840Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -16676,159 +16682,159 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 34450, + "network": { "bytes": 1467, - "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"198begsfh44xxp\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":34450},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:38.299054333Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:38.189569840Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:47:38.189569840Z", - "end": "2019-06-14T03:47:38.299054333Z", - "id": "198begsfh44xxp", - "category": "network", - "type": "connection" - }, - "tags": [ - "preserve_original_event" - ], - "network": { "community_id": "1:0xYaSZA1hg8djQzHMsHV0LC9xJY=", - "bytes": 1467, - "transport": "tcp", - "type": "ipv4", + "direction": "inbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", - "67.43.156.13" + "67.43.156.13", + "10.87.40.76" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 209 - } + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 1467, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "packets": 7, + "port": 34450 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "destination": { + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 65274, - "ip": "67.43.156.13" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 65274 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 121593, - "packets": 610, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"198begsfh44xxv\",\"jsonPayload\":{\"bytes_sent\":\"121593\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65274,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"610\",\"reporter\":\"SRC\",\"rtt_msec\":\"209\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.270996793Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.270996793Z", + "category": "network", "end": "2019-06-14T03:49:56.220838853Z", "id": "198begsfh44xxv", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxv\",\"jsonPayload\":{\"bytes_sent\":\"121593\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65274,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220838853Z\",\"packets_sent\":\"610\",\"reporter\":\"SRC\",\"rtt_msec\":\"209\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.270996793Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:40:01.270996793Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 209 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:x8d/OIPY4zsghmchjpMb6iKfgGo=", "bytes": 121593, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:x8d/OIPY4zsghmchjpMb6iKfgGo=", + "direction": "outbound", "iana_number": "6", "packets": 610, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.87.40.76" + "10.139.99.242", + "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.139.99.242", + "bytes": 121593, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 610, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:43:39.777977145Z", + "id": "198begsfh44xy7", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xy7\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":60968},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:39.777977145Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:39.653136947Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:43:39.653136947Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -16838,124 +16844,109 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1464, + "community_id": "1:E0Auuo+7QQ3cb588odS6yJLxVyU=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1464, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 60968, - "bytes": 1464, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"198begsfh44xy7\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":60968},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:39.777977145Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:39.653136947Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:43:39.653136947Z", - "end": "2019-06-14T03:43:39.777977145Z", - "id": "198begsfh44xy7", - "category": "network", - "type": "connection" + "packets": 7, + "port": 60968 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:E0Auuo+7QQ3cb588odS6yJLxVyU=", - "bytes": 1464, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:17.291Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33530, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 177471, - "packets": 246, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:2r+9oNITMpL8veN57VUSy8JQkp0=", - "bytes": 177471, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 246, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } + "ip": "67.43.156.13", + "port": 33530 }, - "@timestamp": "2019-06-14T03:50:17.291Z", "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:52.205194199Z", + "id": "198begsfh44xxs", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxs\",\"jsonPayload\":{\"bytes_sent\":\"177471\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33530,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.205194199Z\",\"packets_sent\":\"246\",\"reporter\":\"SRC\",\"rtt_msec\":\"163\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140301693Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:40:00.140301693Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -16963,34 +16954,20 @@ "rtt": { "ms": 163 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"198begsfh44xxs\",\"jsonPayload\":{\"bytes_sent\":\"177471\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33530,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:52.205194199Z\",\"packets_sent\":\"246\",\"reporter\":\"SRC\",\"rtt_msec\":\"163\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140301693Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.140301693Z", - "end": "2019-06-14T03:49:52.205194199Z", - "id": "198begsfh44xxs", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 177471, + "community_id": "1:2r+9oNITMpL8veN57VUSy8JQkp0=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 246, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -16998,915 +16975,815 @@ "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 82 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 177471, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 246, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65275, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 65275 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 53315, - "packets": 588, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"198begsfh44xxq\",\"jsonPayload\":{\"bytes_sent\":\"53315\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65275,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316847800Z\",\"packets_sent\":\"588\",\"reporter\":\"SRC\",\"rtt_msec\":\"82\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.565734921Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.565734921Z", + "category": "network", "end": "2019-06-14T03:49:56.316847800Z", "id": "198begsfh44xxq", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxq\",\"jsonPayload\":{\"bytes_sent\":\"53315\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65275,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316847800Z\",\"packets_sent\":\"588\",\"reporter\":\"SRC\",\"rtt_msec\":\"82\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.565734921Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:40:00.565734921Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 82 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:pagRMjC+skHhrGE9uXpcDCyM7tk=", "bytes": 53315, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:pagRMjC+skHhrGE9uXpcDCyM7tk=", + "direction": "outbound", "iana_number": "6", "packets": 588, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", + "10.139.99.242", "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 53315, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 588, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 34450, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 34450 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1780, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"198begsfh44xxz\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":34450,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:38.299054333Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:38.189569840Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:47:38.189569840Z", + "category": "network", "end": "2019-06-14T03:47:38.299054333Z", "id": "198begsfh44xxz", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxz\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":34450,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:38.299054333Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:38.189569840Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:47:38.189569840Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:0xYaSZA1hg8djQzHMsHV0LC9xJY=", - "bytes": 1780, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, "gcp": { - "destination": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { "ms": 36 } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 60122, - "bytes": 1467, - "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"198begsfh44xxy\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":60122},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:39.207635184Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:39.087226326Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:41:39.087226326Z", - "end": "2019-06-14T03:41:39.207635184Z", - "id": "198begsfh44xxy", - "category": "network", - "type": "connection" - }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:WGg0+cb+0s5Ex6XJLyeCaLPvkpg=", - "bytes": 1467, - "transport": "tcp", - "type": "ipv4", + "bytes": 1780, + "community_id": "1:0xYaSZA1hg8djQzHMsHV0LC9xJY=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", + "10.87.40.76", "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 1780, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:41:39.207635184Z", + "id": "198begsfh44xxy", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxy\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":60122},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:39.207635184Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:39.087226326Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:41:39.087226326Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 176 - } - }, - "source": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 } } }, - "destination": { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1467, + "community_id": "1:WGg0+cb+0s5Ex6XJLyeCaLPvkpg=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1467, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "packets": 7, + "port": 60122 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", + "destination": { + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 53879, - "ip": "67.43.156.13" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 53879 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 102119, - "packets": 608, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"198begsfh44xxu\",\"jsonPayload\":{\"bytes_sent\":\"102119\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":53879,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"608\",\"reporter\":\"SRC\",\"rtt_msec\":\"176\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760414869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.760414869Z", + "category": "network", "end": "2019-06-14T03:49:56.312105537Z", "id": "198begsfh44xxu", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxu\",\"jsonPayload\":{\"bytes_sent\":\"102119\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":53879,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.312105537Z\",\"packets_sent\":\"608\",\"reporter\":\"SRC\",\"rtt_msec\":\"176\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760414869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:40:00.760414869Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 176 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:AkCFUf83/4ycKxpQQkP7p7l9aqs=", "bytes": 102119, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:AkCFUf83/4ycKxpQQkP7p7l9aqs=", + "direction": "outbound", "iana_number": "6", "packets": 608, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", + "10.139.99.242", "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 102119, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 608, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.291Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 60968, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 60968 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1794, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"198begsfh44xxo\",\"jsonPayload\":{\"bytes_sent\":\"1794\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":60968,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:39.777977145Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:39.653136947Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:43:39.653136947Z", + "category": "network", "end": "2019-06-14T03:43:39.777977145Z", "id": "198begsfh44xxo", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxo\",\"jsonPayload\":{\"bytes_sent\":\"1794\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":60968,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:39.777977145Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:39.653136947Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:43:39.653136947Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:E0Auuo+7QQ3cb588odS6yJLxVyU=", - "bytes": 1794, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, "gcp": { - "destination": { - "vpc": { + "source": { + "instance": { "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { "region": "us-east1", - "project_id": "my-sample-project", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { "ms": 36 } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 60756, - "bytes": 1467, - "ip": "67.43.156.14", - "packets": 7 + "network": { + "bytes": 1794, + "community_id": "1:E0Auuo+7QQ3cb588odS6yJLxVyU=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" }, - "event": { - "original": "{\"insertId\":\"198begsfh44xy0\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":60756},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:11.032929292Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:10.912193869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:43:10.912193869Z", - "end": "2019-06-14T03:43:11.032929292Z", - "id": "198begsfh44xy0", - "category": "network", - "type": "connection" + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] + }, + "source": { + "address": "10.87.40.76", + "bytes": 1794, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:uyxwjanUYILl+d9QoxpwFo8pJ48=", - "bytes": 1467, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:43:11.032929292Z", + "id": "198begsfh44xy0", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xy0\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":60756},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:11.032929292Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:10.912193869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:43:10.912193869Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { "reporter": "DEST", "rtt": { - "ms": 82 + "ms": 36 } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1467, + "community_id": "1:uyxwjanUYILl+d9QoxpwFo8pJ48=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 1467, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65275, - "bytes": 67013, - "ip": "67.43.156.13", - "packets": 710 - }, - "event": { - "original": "{\"insertId\":\"198begsfh44xxw\",\"jsonPayload\":{\"bytes_sent\":\"67013\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65275},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316847800Z\",\"packets_sent\":\"710\",\"reporter\":\"DEST\",\"rtt_msec\":\"82\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.565734921Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.565734921Z", - "end": "2019-06-14T03:49:56.316847800Z", - "id": "198begsfh44xxw", - "category": "network", - "type": "connection" + "ip": "67.43.156.14", + "packets": 7, + "port": 60756 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:pagRMjC+skHhrGE9uXpcDCyM7tk=", - "bytes": 67013, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 710, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.291Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.14" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.316847800Z", + "id": "198begsfh44xxw", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xxw\",\"jsonPayload\":{\"bytes_sent\":\"67013\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65275},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316847800Z\",\"packets_sent\":\"710\",\"reporter\":\"DEST\",\"rtt_msec\":\"82\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.565734921Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:40:00.565734921Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC" - }, - "source": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 82 } } }, - "destination": { + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 67013, + "community_id": "1:pagRMjC+skHhrGE9uXpcDCyM7tk=", + "direction": "inbound", + "iana_number": "6", + "packets": 710, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 67013, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 14236, - "ip": "67.43.156.14" - }, - "source": { - "address": "10.139.99.242", - "port": 22, - "bytes": 0, - "packets": 1, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "event": { - "original": "{\"insertId\":\"198begsfh44xy5\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":14236,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"end_time\":\"2019-06-14T03:40:09.257387426Z\",\"packets_sent\":\"1\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.247072525Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.247072525Z", - "end": "2019-06-14T03:40:09.257387426Z", - "id": "198begsfh44xy5", - "category": "network", - "type": "connection" + "ip": "67.43.156.13", + "packets": 710, + "port": 65275 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:qXQaZlrUFOCwuROMy7BhHqdjz/0=", - "bytes": 0, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 1, - "direction": "outbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, + "@timestamp": "2019-06-14T03:50:17.291Z", "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33542, - "bytes": 64427, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 351 + "ip": "67.43.156.14", + "port": 14236 }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:o987u+FKYcH8IEcaicIttd58P5M=", - "bytes": 64427, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 351, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } - }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:40:09.257387426Z", + "id": "198begsfh44xy5", + "kind": "event", + "original": "{\"insertId\":\"198begsfh44xy5\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":14236,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"end_time\":\"2019-06-14T03:40:09.257387426Z\",\"packets_sent\":\"1\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.247072525Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.291787305Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.291787305Z\"}", + "start": "2019-06-14T03:40:08.247072525Z", + "type": "connection" }, "gcp": { - "destination": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "DEST", - "rtt": { - "ms": 173 - } - }, - "source": { + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } + }, + "vpcflow": { + "reporter": "SRC" } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznq\",\"jsonPayload\":{\"bytes_sent\":\"64427\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33542},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"351\",\"reporter\":\"DEST\",\"rtt_msec\":\"173\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150870105Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.150870105Z", - "end": "2019-06-14T03:49:59.565108524Z", - "id": "19im82tfdygznq", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33690, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 0, + "community_id": "1:qXQaZlrUFOCwuROMy7BhHqdjz/0=", + "direction": "outbound", + "iana_number": "6", + "packets": 1, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.14" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 183366, + "address": "10.139.99.242", + "bytes": 0, "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 242 + "ip": "10.139.99.242", + "packets": 1, + "port": 22 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:rnN2XV4CYsUrxmk67rUeU4blQzU=", - "bytes": 183366, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 242, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565108524Z", + "id": "19im82tfdygznq", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznq\",\"jsonPayload\":{\"bytes_sent\":\"64427\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33542},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"351\",\"reporter\":\"DEST\",\"rtt_msec\":\"173\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150870105Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.150870105Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { "reporter": "DEST", "rtt": { - "ms": 1 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "ms": 173 } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzn6\",\"jsonPayload\":{\"bytes_sent\":\"183366\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33690,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"242\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075665334Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075665334Z", - "end": "2019-06-14T03:49:59.565311154Z", - "id": "19im82tfdygzn6", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33562, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 64427, + "community_id": "1:o987u+FKYcH8IEcaicIttd58P5M=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 351, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 64427, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 185295, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 244 + "ip": "67.43.156.13", + "packets": 351, + "port": 33542 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:yhUOdMY4PRkYtxw6pyH0V3578CI=", - "bytes": 185295, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 244, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33690 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "19im82tfdygzn6", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzn6\",\"jsonPayload\":{\"bytes_sent\":\"183366\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33690,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"242\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075665334Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:06.075665334Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -17914,386 +17791,296 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznk\",\"jsonPayload\":{\"bytes_sent\":\"185295\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33562,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:49.549471457Z\",\"packets_sent\":\"244\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500498059Z", - "end": "2019-06-14T03:49:49.549471457Z", - "id": "19im82tfdygznk", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] - }, "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "gcp": { - "destination": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "DEST", - "rtt": { - "ms": 114 - } - } + "network": { + "bytes": 183366, + "community_id": "1:rnN2XV4CYsUrxmk67rUeU4blQzU=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 242, + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 49438, - "bytes": 68961, - "ip": "67.43.156.13", - "packets": 711 - }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznm\",\"jsonPayload\":{\"bytes_sent\":\"68961\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":49438},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220725956Z\",\"packets_sent\":\"711\",\"reporter\":\"DEST\",\"rtt_msec\":\"114\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.398463104Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.398463104Z", - "end": "2019-06-14T03:49:56.220725956Z", - "id": "19im82tfdygznm", - "category": "network", - "type": "connection" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:Wx9CFh/CGkJ8gWbPZ6ib0K8z+zk=", - "bytes": 68961, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 711, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "destination": { + "bytes": 183366, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33532, - "bytes": 62072, - "packets": 360, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "67.43.156.14", + "packets": 242, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:NkGfacExXrlt+hMyCxxaT2CdDeM=", - "bytes": 62072, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 360, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33562 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:49.549471457Z", + "id": "19im82tfdygznk", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznk\",\"jsonPayload\":{\"bytes_sent\":\"185295\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33562,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:49.549471457Z\",\"packets_sent\":\"244\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:39:59.500498059Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { - "reporter": "SRC", + "reporter": "DEST", "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzob\",\"jsonPayload\":{\"bytes_sent\":\"62072\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33532},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"360\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072372604Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.072372604Z", - "end": "2019-06-14T03:49:59.565272745Z", - "id": "19im82tfdygzob", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33590, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 185295, + "community_id": "1:yhUOdMY4PRkYtxw6pyH0V3578CI=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 244, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 185295, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 198326, - "domain": "elasticsearch", "ip": "67.43.156.14", - "packets": 246 + "packets": 244, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:KsEQeDpJJQzBIT7y9/jnqOdwYak=", - "bytes": 198326, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 246, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } - }, + ] + }, + { "@timestamp": "2019-06-14T03:50:17.553Z", + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 + }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220725956Z", + "id": "19im82tfdygznm", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznm\",\"jsonPayload\":{\"bytes_sent\":\"68961\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":49438},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220725956Z\",\"packets_sent\":\"711\",\"reporter\":\"DEST\",\"rtt_msec\":\"114\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.398463104Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:39:59.398463104Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { "reporter": "DEST", "rtt": { - "ms": 1 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "ms": 114 } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznc\",\"jsonPayload\":{\"bytes_sent\":\"198326\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33590,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.146956782Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.146956782Z", - "end": "2019-06-14T03:49:59.565287007Z", - "id": "19im82tfdygznc", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 68961, + "community_id": "1:Wx9CFh/CGkJ8gWbPZ6ib0K8z+zk=", + "direction": "inbound", + "iana_number": "6", + "packets": 711, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 68961, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33550, - "bytes": 61436, - "packets": 362, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "67.43.156.13", + "packets": 711, + "port": 49438 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:B/prlGvm/LDkdDcuN85b0JOuzto=", - "bytes": 61436, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 362, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565272745Z", + "id": "19im82tfdygzob", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzob\",\"jsonPayload\":{\"bytes_sent\":\"62072\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33532},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"360\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072372604Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.072372604Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -18301,284 +18088,203 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznj\",\"jsonPayload\":{\"bytes_sent\":\"61436\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33550},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"362\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500498059Z", - "end": "2019-06-14T03:49:59.565287007Z", - "id": "19im82tfdygznj", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "network": { + "bytes": 62072, + "community_id": "1:NkGfacExXrlt+hMyCxxaT2CdDeM=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 360, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 33690, - "bytes": 66791, - "packets": 355, + "bytes": 62072, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "packets": 360, + "port": 33532 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:rnN2XV4CYsUrxmk67rUeU4blQzU=", - "bytes": 66791, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 355, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33590 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "19im82tfdygznc", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznc\",\"jsonPayload\":{\"bytes_sent\":\"198326\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33590,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"246\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.146956782Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:05.146956782Z", + "type": "connection" }, "gcp": { "destination": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 1 - } - }, - "source": { + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - } - }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzo5\",\"jsonPayload\":{\"bytes_sent\":\"66791\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33690},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"355\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075665334Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.075665334Z", - "end": "2019-06-14T03:49:59.565311154Z", - "id": "19im82tfdygzo5", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "destination": { + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { "reporter": "DEST", "rtt": { - "ms": 36 + "ms": 1 } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 198326, + "community_id": "1:KsEQeDpJJQzBIT7y9/jnqOdwYak=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 246, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 198326, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 54812, - "bytes": 1457, "ip": "67.43.156.14", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzod\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":54812},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:20.708994883Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:20.595119257Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:45:20.595119257Z", - "end": "2019-06-14T03:45:20.708994883Z", - "id": "19im82tfdygzod", - "category": "network", - "type": "connection" + "packets": 246, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:7gePYXWz+/zKghVHNYgmCfG2ZOE=", - "bytes": 1457, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:17.553Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33562, - "bytes": 64466, - "packets": 363, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:yhUOdMY4PRkYtxw6pyH0V3578CI=", - "bytes": 64466, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 363, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "19im82tfdygznj", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznj\",\"jsonPayload\":{\"bytes_sent\":\"61436\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33550},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"362\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:39:59.500498059Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -18586,898 +18292,1260 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzna\",\"jsonPayload\":{\"bytes_sent\":\"64466\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33562},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:49.549471457Z\",\"packets_sent\":\"363\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500498059Z", - "end": "2019-06-14T03:49:49.549471457Z", - "id": "19im82tfdygzna", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33968, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 61436, + "community_id": "1:B/prlGvm/LDkdDcuN85b0JOuzto=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 362, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 174524, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 66 + "address": "10.87.40.76", + "bytes": 61436, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 362, + "port": 33550 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:imhAHfiL2qAfW47Jd0enQw924sA=", - "bytes": 174524, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 66, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "19im82tfdygzo5", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzo5\",\"jsonPayload\":{\"bytes_sent\":\"66791\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33690},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"355\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.075665334Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:06.075665334Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "DEST", - "rtt": { - "ms": 2 } }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1 } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzng\",\"jsonPayload\":{\"bytes_sent\":\"174524\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33968,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965294083Z\",\"packets_sent\":\"66\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480272197Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.480272197Z", - "end": "2019-06-14T03:49:37.965294083Z", - "id": "19im82tfdygzng", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 66791, + "community_id": "1:rnN2XV4CYsUrxmk67rUeU4blQzU=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 355, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.49.136.133" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 66791, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 355, + "port": 33690 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:45:20.708994883Z", + "id": "19im82tfdygzod", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzod\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":54812},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:20.708994883Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:45:20.595119257Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:45:20.595119257Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { "reporter": "DEST", "rtt": { - "ms": 91 + "ms": 36 } } }, - "destination": { - "address": "10.49.136.133", - "port": 52780, - "domain": "simianhacker-demo", - "ip": "10.49.136.133" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1457, + "community_id": "1:7gePYXWz+/zKghVHNYgmCfG2ZOE=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 1457, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 9243, - "bytes": 181624065, - "ip": "67.43.156.13", - "packets": 28344 - }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzo1\",\"jsonPayload\":{\"bytes_sent\":\"181624065\",\"connection\":{\"dest_ip\":\"10.49.136.133\",\"dest_port\":52780,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":9243},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:58.592579489Z\",\"packets_sent\":\"28344\",\"reporter\":\"DEST\",\"rtt_msec\":\"91\",\"src_location\":{\"asn\":16509,\"city\":\"Boardman\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Oregon\"},\"start_time\":\"2019-06-14T03:40:17.183499423Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:17.183499423Z", - "end": "2019-06-14T03:49:58.592579489Z", - "id": "19im82tfdygzo1", - "category": "network", - "type": "connection" + "ip": "67.43.156.14", + "packets": 7, + "port": 54812 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:iY4jL+9QMjdSzot4PM7XduwgWhY=", - "bytes": 181624065, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 28344, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, - "related": { - "ip": [ - "192.168.2.117", - "10.87.40.76" - ] + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:49.549471457Z", + "id": "19im82tfdygzna", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzna\",\"jsonPayload\":{\"bytes_sent\":\"64466\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33562},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:49.549471457Z\",\"packets_sent\":\"363\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:39:59.500498059Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { - "ms": 36 + "ms": 1 } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, - "as": { - "number": 15169 - }, - "address": "192.168.2.117", - "port": 51348, - "bytes": 1460, - "ip": "192.168.2.117", - "packets": 7 + "network": { + "bytes": 64466, + "community_id": "1:yhUOdMY4PRkYtxw6pyH0V3578CI=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 363, + "transport": "tcp", + "type": "ipv4" }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzo8\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":51348},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:20.754300982Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:20.630975303Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:41:20.630975303Z", - "end": "2019-06-14T03:41:20.754300982Z", - "id": "19im82tfdygzo8", - "category": "network", - "type": "connection" + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] + }, + "source": { + "address": "10.87.40.76", + "bytes": 64466, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 363, + "port": 33562 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:ALoeGJMuIEHJKbowB+FYTqIV3pc=", - "bytes": 1460, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, - "related": { - "ip": [ - "10.73.186.17", - "192.168.2.12" - ] + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33968 }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.965294083Z", + "id": "19im82tfdygzng", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzng\",\"jsonPayload\":{\"bytes_sent\":\"174524\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33968,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965294083Z\",\"packets_sent\":\"66\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480272197Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.480272197Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC" - }, - "source": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } - } - }, + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 2 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 174524, + "community_id": "1:imhAHfiL2qAfW47Jd0enQw924sA=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 66, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 174524, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "packets": 66, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "destination": { + "address": "10.49.136.133", + "domain": "simianhacker-demo", + "ip": "10.49.136.133", + "port": 52780 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:58.592579489Z", + "id": "19im82tfdygzo1", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzo1\",\"jsonPayload\":{\"bytes_sent\":\"181624065\",\"connection\":{\"dest_ip\":\"10.49.136.133\",\"dest_port\":52780,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":9243},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:58.592579489Z\",\"packets_sent\":\"28344\",\"reporter\":\"DEST\",\"rtt_msec\":\"91\",\"src_location\":{\"asn\":16509,\"city\":\"Boardman\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Oregon\"},\"start_time\":\"2019-06-14T03:40:17.183499423Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:17.183499423Z", + "type": "connection" + }, + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 91 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 181624065, + "community_id": "1:iY4jL+9QMjdSzot4PM7XduwgWhY=", + "direction": "inbound", + "iana_number": "6", + "packets": 28344, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.49.136.133" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 181624065, "geo": { "continent_name": "Asia", - "country_name": "chn", - "city_name": "Binzhou", - "region_name": "Shandong" + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "packets": 28344, + "port": 9243 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:41:20.754300982Z", + "id": "19im82tfdygzo8", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzo8\",\"jsonPayload\":{\"bytes_sent\":\"1460\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":51348},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:20.754300982Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:20.630975303Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:41:20.630975303Z", + "type": "connection" + }, + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1460, + "community_id": "1:ALoeGJMuIEHJKbowB+FYTqIV3pc=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.117", + "10.87.40.76" + ] + }, + "source": { + "address": "192.168.2.117", "as": { - "number": 4837 + "number": 15169 + }, + "bytes": 1460, + "geo": { + "continent_name": "America", + "country_name": "usa" }, + "ip": "192.168.2.117", + "packets": 7, + "port": 51348 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "destination": { "address": "192.168.2.12", - "port": 44128, - "ip": "192.168.2.12" + "as": { + "number": 4837 + }, + "geo": { + "city_name": "Binzhou", + "continent_name": "Asia", + "country_name": "chn", + "region_name": "Shandong" + }, + "ip": "192.168.2.12", + "port": 44128 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:45:22.081121292Z", + "id": "19im82tfdygzoa", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzoa\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"192.168.2.12\",\"dest_port\":44128,\"protocol\":6,\"src_ip\":\"10.73.186.17\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Binzhou\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Shandong\"},\"end_time\":\"2019-06-14T03:45:22.081121292Z\",\"packets_sent\":\"1\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:22.080963433Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:45:22.080963433Z", + "type": "connection" + }, + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC" + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 0, + "community_id": "1:I5lhpPeiyo7KchAzF1nMGZkwF4k=", + "direction": "outbound", + "iana_number": "6", + "packets": 1, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.73.186.17", + "192.168.2.12" + ] }, "source": { "address": "10.73.186.17", - "port": 22, "bytes": 0, - "packets": 1, "domain": "infraops-docker-data", - "ip": "10.73.186.17" + "ip": "10.73.186.17", + "packets": 1, + "port": 22 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"19im82tfdygzoa\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"192.168.2.12\",\"dest_port\":44128,\"protocol\":6,\"src_ip\":\"10.73.186.17\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Binzhou\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Shandong\"},\"end_time\":\"2019-06-14T03:45:22.081121292Z\",\"packets_sent\":\"1\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:22.080963433Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:45:22.080963433Z", - "end": "2019-06-14T03:45:22.081121292Z", - "id": "19im82tfdygzoa", "category": "network", + "end": "2019-06-14T03:49:37.965294083Z", + "id": "19im82tfdygzn7", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzn7\",\"jsonPayload\":{\"bytes_sent\":\"11137\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33968},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965294083Z\",\"packets_sent\":\"95\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480272197Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.480272197Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 2 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:I5lhpPeiyo7KchAzF1nMGZkwF4k=", - "bytes": 0, - "transport": "tcp", - "type": "ipv4", + "bytes": 11137, + "community_id": "1:imhAHfiL2qAfW47Jd0enQw924sA=", + "direction": "internal", "iana_number": "6", - "packets": 1, - "direction": "outbound" - } + "name": "default", + "packets": 95, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] + }, + "source": { + "address": "10.87.40.76", + "bytes": 11137, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 95, + "port": 33968 + }, + "tags": [ + "preserve_original_event" + ] }, { + "@timestamp": "2019-06-14T03:50:17.553Z", + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 54812 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:45:20.708994883Z", + "id": "19im82tfdygznf", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznf\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":54812,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:20.708994883Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:20.595119257Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:45:20.595119257Z", + "type": "connection" + }, + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "network": { + "bytes": 1776, + "community_id": "1:7gePYXWz+/zKghVHNYgmCfG2ZOE=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 33968, - "bytes": 11137, - "packets": 95, + "bytes": 1776, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:imhAHfiL2qAfW47Jd0enQw924sA=", - "bytes": 11137, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 95, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33564 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.597079770Z", + "id": "19im82tfdygzni", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzni\",\"jsonPayload\":{\"bytes_sent\":\"21792\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33564,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597079770Z\",\"packets_sent\":\"186\",\"reporter\":\"SRC\",\"rtt_msec\":\"340\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866944869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.866944869Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { "reporter": "SRC", "rtt": { - "ms": 2 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "ms": 340 } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzn7\",\"jsonPayload\":{\"bytes_sent\":\"11137\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33968},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.965294083Z\",\"packets_sent\":\"95\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.480272197Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.480272197Z", - "end": "2019-06-14T03:49:37.965294083Z", - "id": "19im82tfdygzn7", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 21792, + "community_id": "1:PtUpNPLEJul/LK9u2JbGqtTKFB8=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 186, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "67.43.156.14" + "10.139.99.242", + "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 21792, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 186, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 54812, - "ip": "67.43.156.14" + "ip": "67.43.156.13", + "port": 49438 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1776, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"19im82tfdygznf\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":54812,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:45:20.708994883Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:45:20.595119257Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:45:20.595119257Z", - "end": "2019-06-14T03:45:20.708994883Z", - "id": "19im82tfdygznf", "category": "network", + "end": "2019-06-14T03:49:56.220725956Z", + "id": "19im82tfdygzns", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzns\",\"jsonPayload\":{\"bytes_sent\":\"74370\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":49438,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220725956Z\",\"packets_sent\":\"580\",\"reporter\":\"SRC\",\"rtt_msec\":\"114\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.398463104Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:39:59.398463104Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:7gePYXWz+/zKghVHNYgmCfG2ZOE=", - "bytes": 1776, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } - }, - { + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 114 + } + } + }, "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33564, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 74370, + "community_id": "1:Wx9CFh/CGkJ8gWbPZ6ib0K8z+zk=", + "direction": "outbound", + "iana_number": "6", + "packets": 580, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 21792, - "packets": 186, + "bytes": 74370, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 580, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:PtUpNPLEJul/LK9u2JbGqtTKFB8=", - "bytes": 21792, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 186, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33550 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "19im82tfdygznp", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznp\",\"jsonPayload\":{\"bytes_sent\":\"138337\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33550,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"244\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:39:59.500498059Z", + "type": "connection" }, "gcp": { "destination": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 340 - } - }, - "source": { + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzni\",\"jsonPayload\":{\"bytes_sent\":\"21792\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33564,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597079770Z\",\"packets_sent\":\"186\",\"reporter\":\"SRC\",\"rtt_msec\":\"340\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866944869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.866944869Z", - "end": "2019-06-14T03:49:59.597079770Z", - "id": "19im82tfdygzni", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 114 } }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } - } - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 }, - "address": "67.43.156.13", - "port": 49438, - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 74370, - "packets": 580, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 1 + } + } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzns\",\"jsonPayload\":{\"bytes_sent\":\"74370\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":49438,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220725956Z\",\"packets_sent\":\"580\",\"reporter\":\"SRC\",\"rtt_msec\":\"114\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.398463104Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.398463104Z", - "end": "2019-06-14T03:49:56.220725956Z", - "id": "19im82tfdygzns", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:Wx9CFh/CGkJ8gWbPZ6ib0K8z+zk=", - "bytes": 74370, - "transport": "tcp", - "type": "ipv4", + "bytes": 138337, + "community_id": "1:B/prlGvm/LDkdDcuN85b0JOuzto=", + "direction": "internal", "iana_number": "6", - "packets": 580, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "name": "default", + "packets": 244, + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33550, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 9200, "bytes": 138337, "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.14", - "packets": 244 + "packets": 244, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:B/prlGvm/LDkdDcuN85b0JOuzto=", - "bytes": 138337, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 244, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", + "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "192.168.2.177", + "as": { + "number": 15169 + }, + "domain": "suricata-iowa", + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.177", + "port": 60110 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:46.020466750Z", + "id": "19im82tfdygzo9", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzo9\",\"jsonPayload\":{\"bytes_sent\":\"30062\",\"connection\":{\"dest_ip\":\"192.168.2.177\",\"dest_port\":60110,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:46.020466750Z\",\"packets_sent\":\"124\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:10.874529937Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:10.874529937Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "DEST", - "rtt": { - "ms": 1 } }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznp\",\"jsonPayload\":{\"bytes_sent\":\"138337\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33550,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"244\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500498059Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500498059Z", - "end": "2019-06-14T03:49:59.565287007Z", - "id": "19im82tfdygznp", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, - "as": { - "number": 15169 - }, - "address": "192.168.2.177", - "port": 60110, - "domain": "suricata-iowa", - "ip": "192.168.2.177" + "network": { + "bytes": 30062, + "community_id": "1:GfC7CyOdz/yJsL4pM9oUUVW8XIE=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 124, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "192.168.2.177" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, "bytes": 30062, - "packets": 124, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 124, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:GfC7CyOdz/yJsL4pM9oUUVW8XIE=", - "bytes": 30062, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 124, - "direction": "internal" - }, - "cloud": { - "region": "us-central1", - "availability_zone": "us-central1-a", - "project": { - "id": "my-sample-project" - } - }, + ] + }, + { "@timestamp": "2019-06-14T03:50:17.553Z", + "destination": { + "address": "192.168.2.117", + "as": { + "number": 15169 + }, + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.117", + "port": 51348 + }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "192.168.2.177" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:41:20.754300982Z", + "id": "19im82tfdygzo3", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzo3\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":51348,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:20.754300982Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:20.630975303Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:41:20.630975303Z", + "type": "connection" }, "gcp": { - "destination": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "my-sample-project", - "zone": "us-central1-a" } }, "vpcflow": { @@ -19485,34 +19553,19 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzo9\",\"jsonPayload\":{\"bytes_sent\":\"30062\",\"connection\":{\"dest_ip\":\"192.168.2.177\",\"dest_port\":60110,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:46.020466750Z\",\"packets_sent\":\"124\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:10.874529937Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:10.874529937Z", - "end": "2019-06-14T03:49:46.020466750Z", - "id": "19im82tfdygzo9", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1781, + "community_id": "1:ALoeGJMuIEHJKbowB+FYTqIV3pc=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -19520,142 +19573,80 @@ "192.168.2.117" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, - "as": { - "number": 15169 - }, - "address": "192.168.2.117", - "port": 51348, - "ip": "192.168.2.117" - }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1781, - "packets": 7, "domain": "kibana", - "ip": "10.87.40.76" - }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzo3\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":51348,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:20.754300982Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:20.630975303Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:41:20.630975303Z", - "end": "2019-06-14T03:41:20.754300982Z", - "id": "19im82tfdygzo3", - "category": "network", - "type": "connection" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:ALoeGJMuIEHJKbowB+FYTqIV3pc=", - "bytes": 1781, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:17.553Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33560, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 152218, - "packets": 243, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:rl6P/BkNpx5wKW4KChF0WRwBicw=", - "bytes": 152218, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 243, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } + "ip": "67.43.156.13", + "port": 33560 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565026127Z", + "id": "19im82tfdygznz", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznz\",\"jsonPayload\":{\"bytes_sent\":\"152218\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33560,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565026127Z\",\"packets_sent\":\"243\",\"reporter\":\"SRC\",\"rtt_msec\":\"116\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.076060079Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:06.076060079Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -19663,101 +19654,101 @@ "rtt": { "ms": 116 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznz\",\"jsonPayload\":{\"bytes_sent\":\"152218\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33560,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565026127Z\",\"packets_sent\":\"243\",\"reporter\":\"SRC\",\"rtt_msec\":\"116\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.076060079Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.076060079Z", - "end": "2019-06-14T03:49:59.565026127Z", - "id": "19im82tfdygznz", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33510, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 152218, + "community_id": "1:rl6P/BkNpx5wKW4KChF0WRwBicw=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 243, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 143085, - "packets": 249, + "bytes": 152218, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 243, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:nWbhgl2QeUsTpuyKkNHw2IVKrBE=", - "bytes": 143085, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 249, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33510 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565078274Z", + "id": "19im82tfdygzo4", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzo4\",\"jsonPayload\":{\"bytes_sent\":\"143085\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33510,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565078274Z\",\"packets_sent\":\"249\",\"reporter\":\"SRC\",\"rtt_msec\":\"352\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074688714Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:01.074688714Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -19765,101 +19756,89 @@ "rtt": { "ms": 352 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzo4\",\"jsonPayload\":{\"bytes_sent\":\"143085\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33510,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565078274Z\",\"packets_sent\":\"249\",\"reporter\":\"SRC\",\"rtt_msec\":\"352\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074688714Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.074688714Z", - "end": "2019-06-14T03:49:59.565078274Z", - "id": "19im82tfdygzo4", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33510, - "bytes": 61245, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 356 - }, - "tags": [ - "preserve_original_event" - ], "network": { + "bytes": 143085, "community_id": "1:nWbhgl2QeUsTpuyKkNHw2IVKrBE=", - "bytes": 61245, + "direction": "internal", + "iana_number": "6", "name": "default", + "packets": 249, "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 356, - "direction": "internal" + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] + }, + "source": { + "address": "10.139.99.242", + "bytes": 143085, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 249, + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565078274Z", + "id": "19im82tfdygznt", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznt\",\"jsonPayload\":{\"bytes_sent\":\"61245\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33510},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565078274Z\",\"packets_sent\":\"356\",\"reporter\":\"DEST\",\"rtt_msec\":\"352\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074688714Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:01.074688714Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -19867,101 +19846,101 @@ "rtt": { "ms": 352 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznt\",\"jsonPayload\":{\"bytes_sent\":\"61245\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33510},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565078274Z\",\"packets_sent\":\"356\",\"reporter\":\"DEST\",\"rtt_msec\":\"352\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.074688714Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.074688714Z", - "end": "2019-06-14T03:49:59.565078274Z", - "id": "19im82tfdygznt", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 61245, + "community_id": "1:nWbhgl2QeUsTpuyKkNHw2IVKrBE=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 356, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 61245, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33532, - "bytes": 65919, - "domain": "kibana", "ip": "67.43.156.13", - "packets": 361 + "packets": 356, + "port": 33510 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:O9TYQRXp+xFyW519UWDWFeTm/HY=", - "bytes": 65919, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 361, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565108524Z", + "id": "19im82tfdygznu", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznu\",\"jsonPayload\":{\"bytes_sent\":\"65919\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33532},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"361\",\"reporter\":\"DEST\",\"rtt_msec\":\"270\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072555233Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.072555233Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -19969,182 +19948,194 @@ "rtt": { "ms": 270 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznu\",\"jsonPayload\":{\"bytes_sent\":\"65919\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33532},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"361\",\"reporter\":\"DEST\",\"rtt_msec\":\"270\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072555233Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.072555233Z", - "end": "2019-06-14T03:49:59.565108524Z", - "id": "19im82tfdygznu", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 65919, + "community_id": "1:O9TYQRXp+xFyW519UWDWFeTm/HY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 361, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", - "67.43.156.14" + "67.43.156.13", + "10.139.99.242" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 1439 - } + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 65919, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "packets": 361, + "port": 33532 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "destination": { + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 41822, - "ip": "67.43.156.14" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 41822 }, - "source": { - "address": "10.139.99.242", - "port": 22, - "bytes": 0, - "packets": 4, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"19im82tfdygzo6\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":41822,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"end_time\":\"2019-06-14T03:40:40.058368408Z\",\"packets_sent\":\"4\",\"reporter\":\"SRC\",\"rtt_msec\":\"1439\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:12.068494835Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:12.068494835Z", + "category": "network", "end": "2019-06-14T03:40:40.058368408Z", "id": "19im82tfdygzo6", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzo6\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":41822,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":22},\"dest_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"end_time\":\"2019-06-14T03:40:40.058368408Z\",\"packets_sent\":\"4\",\"reporter\":\"SRC\",\"rtt_msec\":\"1439\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:12.068494835Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:12.068494835Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 1439 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:zyannIISQxYxkFMHE3HEVdUcoVY=", "bytes": 0, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:zyannIISQxYxkFMHE3HEVdUcoVY=", + "direction": "outbound", "iana_number": "6", "packets": 4, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33532, - "domain": "kibana", - "ip": "67.43.156.13" + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.14" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 188997, - "packets": 251, + "bytes": 0, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 4, + "port": 22 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:O9TYQRXp+xFyW519UWDWFeTm/HY=", - "bytes": 188997, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 251, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33532 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565108524Z", + "id": "19im82tfdygzno", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzno\",\"jsonPayload\":{\"bytes_sent\":\"188997\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33532,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"251\",\"reporter\":\"SRC\",\"rtt_msec\":\"270\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072555233Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.072555233Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -20152,101 +20143,101 @@ "rtt": { "ms": 270 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzno\",\"jsonPayload\":{\"bytes_sent\":\"188997\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33532,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"251\",\"reporter\":\"SRC\",\"rtt_msec\":\"270\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072555233Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.072555233Z", - "end": "2019-06-14T03:49:59.565108524Z", - "id": "19im82tfdygzno", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33568, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 188997, + "community_id": "1:O9TYQRXp+xFyW519UWDWFeTm/HY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 251, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, - "bytes": 16783, - "packets": 79, + "bytes": 188997, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 251, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:cHbiBB9WtpuQHZE4rFxmPUo/X2c=", - "bytes": 16783, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 79, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33568 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.789035952Z", + "id": "19im82tfdygzo0", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzo0\",\"jsonPayload\":{\"bytes_sent\":\"16783\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33568,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789035952Z\",\"packets_sent\":\"79\",\"reporter\":\"SRC\",\"rtt_msec\":\"506\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.456732113Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.456732113Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -20254,101 +20245,101 @@ "rtt": { "ms": 506 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzo0\",\"jsonPayload\":{\"bytes_sent\":\"16783\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33568,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789035952Z\",\"packets_sent\":\"79\",\"reporter\":\"SRC\",\"rtt_msec\":\"506\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.456732113Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.456732113Z", - "end": "2019-06-14T03:49:51.789035952Z", - "id": "19im82tfdygzo0", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "network": { + "bytes": 16783, + "community_id": "1:cHbiBB9WtpuQHZE4rFxmPUo/X2c=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 79, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "address": "10.87.40.76", - "port": 33858, - "bytes": 18120, - "packets": 120, - "domain": "kibana", - "ip": "10.87.40.76" + "address": "10.139.99.242", + "bytes": 16783, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 79, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:vA48e3jlLz+8NYBf08b8IMoSjVU=", - "bytes": 18120, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 120, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.789258875Z", + "id": "19im82tfdygznd", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznd\",\"jsonPayload\":{\"bytes_sent\":\"18120\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33858},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"120\",\"reporter\":\"SRC\",\"rtt_msec\":\"4\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458361534Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.458361534Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -20356,101 +20347,101 @@ "rtt": { "ms": 4 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznd\",\"jsonPayload\":{\"bytes_sent\":\"18120\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33858},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"120\",\"reporter\":\"SRC\",\"rtt_msec\":\"4\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458361534Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.458361534Z", - "end": "2019-06-14T03:49:51.789258875Z", - "id": "19im82tfdygznd", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "network": { + "bytes": 18120, + "community_id": "1:vA48e3jlLz+8NYBf08b8IMoSjVU=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 120, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 33558, - "bytes": 64071, - "packets": 368, + "bytes": 18120, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "packets": 120, + "port": 33858 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:yyzV++A5KAdmyX88TOnGIQ8RV60=", - "bytes": 64071, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 368, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565319136Z", + "id": "19im82tfdygzn8", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzn8\",\"jsonPayload\":{\"bytes_sent\":\"64071\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33558},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"368\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140109489Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:00.140109489Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -20458,101 +20449,101 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzn8\",\"jsonPayload\":{\"bytes_sent\":\"64071\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33558},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"368\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140109489Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.140109489Z", - "end": "2019-06-14T03:49:59.565319136Z", - "id": "19im82tfdygzn8", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 53106, - "domain": "zeek-nsm", - "ip": "67.43.156.14" + "network": { + "bytes": 64071, + "community_id": "1:yyzV++A5KAdmyX88TOnGIQ8RV60=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 368, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 175465, - "packets": 337, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "address": "10.87.40.76", + "bytes": 64071, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 368, + "port": 33558 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:/j39rLoEcamlJFwzEQGPMQYhVds=", - "bytes": 175465, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 337, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "zeek-nsm", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 53106 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.401543207Z", + "id": "19im82tfdygznw", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznw\",\"jsonPayload\":{\"bytes_sent\":\"175465\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":53106,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.401543207Z\",\"packets_sent\":\"337\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.020290305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:01.020290305Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-central1", "project_id": "my-sample-project", - "zone": "us-central1-a" + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -20560,182 +20551,170 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznw\",\"jsonPayload\":{\"bytes_sent\":\"175465\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":53106,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.401543207Z\",\"packets_sent\":\"337\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.020290305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.020290305Z", - "end": "2019-06-14T03:49:56.401543207Z", - "id": "19im82tfdygznw", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 175465, + "community_id": "1:/j39rLoEcamlJFwzEQGPMQYhVds=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 337, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.49.136.133", - "67.43.156.13" + "10.139.99.242", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.139.99.242", + "bytes": 175465, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 337, + "port": 9200 }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 91 + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } }, + "ip": "67.43.156.13", + "port": 9243 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:58.592579489Z", + "id": "19im82tfdygzo2", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzo2\",\"jsonPayload\":{\"bytes_sent\":\"1987804\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":9243,\"protocol\":6,\"src_ip\":\"10.49.136.133\",\"src_port\":52780},\"dest_location\":{\"asn\":16509,\"city\":\"Boardman\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Oregon\"},\"end_time\":\"2019-06-14T03:49:58.592579489Z\",\"packets_sent\":\"26428\",\"reporter\":\"SRC\",\"rtt_msec\":\"91\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:17.183499423Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:17.183499423Z", + "type": "connection" + }, + "gcp": { "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - } - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } }, - "address": "67.43.156.13", - "port": 9243, - "ip": "67.43.156.13" - }, - "source": { - "address": "10.49.136.133", - "port": 52780, - "bytes": 1987804, - "packets": 26428, - "domain": "simianhacker-demo", - "ip": "10.49.136.133" + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 91 + } + } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzo2\",\"jsonPayload\":{\"bytes_sent\":\"1987804\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":9243,\"protocol\":6,\"src_ip\":\"10.49.136.133\",\"src_port\":52780},\"dest_location\":{\"asn\":16509,\"city\":\"Boardman\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Oregon\"},\"end_time\":\"2019-06-14T03:49:58.592579489Z\",\"packets_sent\":\"26428\",\"reporter\":\"SRC\",\"rtt_msec\":\"91\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"simianhacker-demo\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:17.183499423Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:17.183499423Z", - "end": "2019-06-14T03:49:58.592579489Z", - "id": "19im82tfdygzo2", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:iY4jL+9QMjdSzot4PM7XduwgWhY=", "bytes": 1987804, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:iY4jL+9QMjdSzot4PM7XduwgWhY=", + "direction": "outbound", "iana_number": "6", "packets": 26428, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33532, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "10.49.136.133", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 206824, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 242 + "address": "10.49.136.133", + "bytes": 1987804, + "domain": "simianhacker-demo", + "ip": "10.49.136.133", + "packets": 26428, + "port": 52780 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:NkGfacExXrlt+hMyCxxaT2CdDeM=", - "bytes": 206824, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 242, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33532 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565272745Z", + "id": "19im82tfdygzn9", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzn9\",\"jsonPayload\":{\"bytes_sent\":\"206824\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33532,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"242\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072372604Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.072372604Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -20743,101 +20722,101 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzn9\",\"jsonPayload\":{\"bytes_sent\":\"206824\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33532,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565272745Z\",\"packets_sent\":\"242\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.072372604Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.072372604Z", - "end": "2019-06-14T03:49:59.565272745Z", - "id": "19im82tfdygzn9", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33858, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 206824, + "community_id": "1:NkGfacExXrlt+hMyCxxaT2CdDeM=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 242, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 206824, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 14287, - "domain": "elasticsearch", "ip": "67.43.156.14", - "packets": 80 + "packets": 242, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:vA48e3jlLz+8NYBf08b8IMoSjVU=", - "bytes": 14287, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 80, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33858 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.789258875Z", + "id": "19im82tfdygznh", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznh\",\"jsonPayload\":{\"bytes_sent\":\"14287\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33858,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"80\",\"reporter\":\"DEST\",\"rtt_msec\":\"4\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458361534Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.458361534Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -20845,101 +20824,101 @@ "rtt": { "ms": 4 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznh\",\"jsonPayload\":{\"bytes_sent\":\"14287\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33858,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"80\",\"reporter\":\"DEST\",\"rtt_msec\":\"4\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.458361534Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.458361534Z", - "end": "2019-06-14T03:49:51.789258875Z", - "id": "19im82tfdygznh", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 14287, + "community_id": "1:vA48e3jlLz+8NYBf08b8IMoSjVU=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 80, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 14287, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33550, - "bytes": 59376, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 354 + "ip": "67.43.156.14", + "packets": 80, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:OALwlPDCqpn2fuHuxdc8nnkXpXM=", - "bytes": 59376, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 354, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565108649Z", + "id": "19im82tfdygzny", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzny\",\"jsonPayload\":{\"bytes_sent\":\"59376\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33550},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108649Z\",\"packets_sent\":\"354\",\"reporter\":\"DEST\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.496238286Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.496238286Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -20947,101 +20926,101 @@ "rtt": { "ms": 250 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzny\",\"jsonPayload\":{\"bytes_sent\":\"59376\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33550},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108649Z\",\"packets_sent\":\"354\",\"reporter\":\"DEST\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.496238286Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.496238286Z", - "end": "2019-06-14T03:49:59.565108649Z", - "id": "19im82tfdygzny", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 59376, + "community_id": "1:OALwlPDCqpn2fuHuxdc8nnkXpXM=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 354, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 59376, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33568, - "bytes": 11214, - "domain": "kibana", "ip": "67.43.156.13", - "packets": 120 + "packets": 354, + "port": 33550 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:cHbiBB9WtpuQHZE4rFxmPUo/X2c=", - "bytes": 11214, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 120, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.789035952Z", + "id": "19im82tfdygzoe", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzoe\",\"jsonPayload\":{\"bytes_sent\":\"11214\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33568},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789035952Z\",\"packets_sent\":\"120\",\"reporter\":\"DEST\",\"rtt_msec\":\"506\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.456732113Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.456732113Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -21049,101 +21028,101 @@ "rtt": { "ms": 506 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzoe\",\"jsonPayload\":{\"bytes_sent\":\"11214\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33568},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789035952Z\",\"packets_sent\":\"120\",\"reporter\":\"DEST\",\"rtt_msec\":\"506\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.456732113Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.456732113Z", - "end": "2019-06-14T03:49:51.789035952Z", - "id": "19im82tfdygzoe", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 11214, + "community_id": "1:cHbiBB9WtpuQHZE4rFxmPUo/X2c=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 120, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 11214, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 53106, - "bytes": 1763338, - "domain": "zeek-nsm", - "ip": "67.43.156.14", - "packets": 598 + "ip": "67.43.156.13", + "packets": 120, + "port": 33568 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:/j39rLoEcamlJFwzEQGPMQYhVds=", - "bytes": 1763338, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 598, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.401543207Z", + "id": "19im82tfdygznn", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznn\",\"jsonPayload\":{\"bytes_sent\":\"1763338\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":53106},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.401543207Z\",\"packets_sent\":\"598\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.020290305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:01.020290305Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -21151,101 +21130,113 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "my-sample-project", - "zone": "us-central1-a" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznn\",\"jsonPayload\":{\"bytes_sent\":\"1763338\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":53106},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.401543207Z\",\"packets_sent\":\"598\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.020290305Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.020290305Z", - "end": "2019-06-14T03:49:56.401543207Z", - "id": "19im82tfdygznn", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 1763338, + "community_id": "1:/j39rLoEcamlJFwzEQGPMQYhVds=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 598, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 1763338, + "domain": "zeek-nsm", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33590, - "bytes": 67239, - "packets": 363, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "67.43.156.14", + "packets": 598, + "port": 53106 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:KsEQeDpJJQzBIT7y9/jnqOdwYak=", - "bytes": 67239, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 363, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565287007Z", + "id": "19im82tfdygznl", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznl\",\"jsonPayload\":{\"bytes_sent\":\"67239\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33590},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"363\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.146956782Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:05.146956782Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -21253,101 +21244,89 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznl\",\"jsonPayload\":{\"bytes_sent\":\"67239\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33590},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565287007Z\",\"packets_sent\":\"363\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.146956782Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.146956782Z", - "end": "2019-06-14T03:49:59.565287007Z", - "id": "19im82tfdygznl", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33558, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 67239, + "community_id": "1:KsEQeDpJJQzBIT7y9/jnqOdwYak=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 363, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 250327, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 247 + "address": "10.87.40.76", + "bytes": 67239, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 363, + "port": 33590 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:yyzV++A5KAdmyX88TOnGIQ8RV60=", - "bytes": 250327, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 247, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33558 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565319136Z", + "id": "19im82tfdygznv", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznv\",\"jsonPayload\":{\"bytes_sent\":\"250327\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33558,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"247\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140109489Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:00.140109489Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -21355,561 +21334,612 @@ "rtt": { "ms": 1 } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 250327, + "community_id": "1:yyzV++A5KAdmyX88TOnGIQ8RV60=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 247, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "bytes": 250327, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } - } + }, + "ip": "67.43.156.14", + "packets": 247, + "port": 9200 }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznv\",\"jsonPayload\":{\"bytes_sent\":\"250327\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33558,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"247\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.140109489Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.140109489Z", - "end": "2019-06-14T03:49:59.565319136Z", - "id": "19im82tfdygznv", - "category": "network", - "type": "connection" - } + "tags": [ + "preserve_original_event" + ] }, { "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.73.186.17", + "domain": "infraops-docker-data", + "ip": "10.73.186.17", + "port": 22 }, - "related": { - "ip": [ - "192.168.2.12", - "10.73.186.17" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:45:22.318564382Z", + "id": "19im82tfdygzoc", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzoc\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.73.186.17\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.168.2.12\",\"src_port\":44128},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:22.318564382Z\",\"packets_sent\":\"2\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":4837,\"city\":\"Binzhou\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Shandong\"},\"start_time\":\"2019-06-14T03:45:22.080963433Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:45:22.080963433Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { "reporter": "DEST" } }, - "destination": { - "address": "10.73.186.17", - "port": 22, - "domain": "infraops-docker-data", - "ip": "10.73.186.17" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 0, + "community_id": "1:I5lhpPeiyo7KchAzF1nMGZkwF4k=", + "direction": "inbound", + "iana_number": "6", + "packets": 2, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.12", + "10.73.186.17" + ] }, "source": { + "address": "192.168.2.12", + "as": { + "number": 4837 + }, + "bytes": 0, "geo": { + "city_name": "Binzhou", "continent_name": "Asia", "country_name": "chn", - "city_name": "Binzhou", "region_name": "Shandong" }, - "as": { - "number": 4837 - }, - "address": "192.168.2.12", - "port": 44128, - "bytes": 0, "ip": "192.168.2.12", - "packets": 2 - }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzoc\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.73.186.17\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.168.2.12\",\"src_port\":44128},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:45:22.318564382Z\",\"packets_sent\":\"2\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":4837,\"city\":\"Binzhou\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Shandong\"},\"start_time\":\"2019-06-14T03:45:22.080963433Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:45:22.080963433Z", - "end": "2019-06-14T03:45:22.318564382Z", - "id": "19im82tfdygzoc", - "category": "network", - "type": "connection" + "packets": 2, + "port": 44128 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:I5lhpPeiyo7KchAzF1nMGZkwF4k=", - "bytes": 0, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 2, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:17.553Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33542 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565108524Z", + "id": "19im82tfdygzof", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzof\",\"jsonPayload\":{\"bytes_sent\":\"266531\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33542,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"253\",\"reporter\":\"SRC\",\"rtt_msec\":\"173\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150870105Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.150870105Z", + "type": "connection" + }, + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" }, - "country_iso_code": "BT" + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } }, - "as": { - "number": 35908 + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } }, - "address": "67.43.156.13", - "port": 33542, - "domain": "kibana", - "ip": "67.43.156.13" + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 173 + } + } }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 266531, - "packets": 253, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:o987u+FKYcH8IEcaicIttd58P5M=", "bytes": 266531, + "community_id": "1:o987u+FKYcH8IEcaicIttd58P5M=", + "direction": "internal", + "iana_number": "6", "name": "default", + "packets": 253, "transport": "tcp", - "type": "ipv4", - "iana_number": "6", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] + }, + "source": { + "address": "10.139.99.242", + "bytes": 266531, + "domain": "elasticsearch", + "ip": "10.139.99.242", "packets": 253, - "direction": "internal" + "port": 9200 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565026127Z", + "id": "19im82tfdygznr", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznr\",\"jsonPayload\":{\"bytes_sent\":\"65184\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33560},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565026127Z\",\"packets_sent\":\"358\",\"reporter\":\"DEST\",\"rtt_msec\":\"116\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.076060079Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:06.076060079Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 173 } }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 116 } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzof\",\"jsonPayload\":{\"bytes_sent\":\"266531\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33542,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108524Z\",\"packets_sent\":\"253\",\"reporter\":\"SRC\",\"rtt_msec\":\"173\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150870105Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.150870105Z", - "end": "2019-06-14T03:49:59.565108524Z", - "id": "19im82tfdygzof", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 65184, + "community_id": "1:rl6P/BkNpx5wKW4KChF0WRwBicw=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 358, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 33560, "bytes": 65184, "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.13", - "packets": 358 + "packets": 358, + "port": 33560 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:rl6P/BkNpx5wKW4KChF0WRwBicw=", - "bytes": 65184, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 358, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.597079770Z", + "id": "19im82tfdygznx", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznx\",\"jsonPayload\":{\"bytes_sent\":\"319459\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33564},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597079770Z\",\"packets_sent\":\"180\",\"reporter\":\"DEST\",\"rtt_msec\":\"340\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866944869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:08.866944869Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { "reporter": "DEST", "rtt": { - "ms": 116 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "ms": 340 } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznr\",\"jsonPayload\":{\"bytes_sent\":\"65184\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33560},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565026127Z\",\"packets_sent\":\"358\",\"reporter\":\"DEST\",\"rtt_msec\":\"116\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:06.076060079Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:06.076060079Z", - "end": "2019-06-14T03:49:59.565026127Z", - "id": "19im82tfdygznr", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 319459, + "community_id": "1:PtUpNPLEJul/LK9u2JbGqtTKFB8=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 180, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 33564, "bytes": 319459, "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.13", - "packets": 180 + "packets": 180, + "port": 33564 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:PtUpNPLEJul/LK9u2JbGqtTKFB8=", - "bytes": 319459, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 180, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", + "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:46.020466750Z", + "id": "19im82tfdygzo7", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzo7\",\"jsonPayload\":{\"bytes_sent\":\"519100\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.177\",\"src_port\":60110},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:46.020466750Z\",\"packets_sent\":\"224\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:10.874529937Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:10.874529937Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "DEST", - "rtt": { - "ms": 340 } }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznx\",\"jsonPayload\":{\"bytes_sent\":\"319459\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33564},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.597079770Z\",\"packets_sent\":\"180\",\"reporter\":\"DEST\",\"rtt_msec\":\"340\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.866944869Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.866944869Z", - "end": "2019-06-14T03:49:59.597079770Z", - "id": "19im82tfdygznx", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 519100, + "community_id": "1:GfC7CyOdz/yJsL4pM9oUUVW8XIE=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 224, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.177", + "10.139.99.242" + ] }, "source": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, + "address": "192.168.2.177", "as": { "number": 15169 }, - "address": "192.168.2.177", - "port": 60110, "bytes": 519100, "domain": "suricata-iowa", + "geo": { + "continent_name": "America", + "country_name": "usa" + }, "ip": "192.168.2.177", - "packets": 224 + "packets": 224, + "port": 60110 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:GfC7CyOdz/yJsL4pM9oUUVW8XIE=", - "bytes": 519100, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 224, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.553Z", "cloud": { - "region": "us-central1", - "availability_zone": "us-central1-a", + "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33550 }, - "@timestamp": "2019-06-14T03:50:17.553Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "192.168.2.177", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565108649Z", + "id": "19im82tfdygznb", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygznb\",\"jsonPayload\":{\"bytes_sent\":\"139513\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33550,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108649Z\",\"packets_sent\":\"243\",\"reporter\":\"SRC\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.143811431Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:02.143811431Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "DEST", - "rtt": { - "ms": 36 } }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "my-sample-project", - "zone": "us-central1-a" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 250 } } }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzo7\",\"jsonPayload\":{\"bytes_sent\":\"519100\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"192.168.2.177\",\"src_port\":60110},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:46.020466750Z\",\"packets_sent\":\"224\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"suricata-iowa\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:10.874529937Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:10.874529937Z", - "end": "2019-06-14T03:49:46.020466750Z", - "id": "19im82tfdygzo7", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33550, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 139513, - "packets": 243, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:OALwlPDCqpn2fuHuxdc8nnkXpXM=", "bytes": 139513, - "name": "default", - "transport": "tcp", - "type": "ipv4", + "community_id": "1:OALwlPDCqpn2fuHuxdc8nnkXpXM=", + "direction": "internal", "iana_number": "6", + "name": "default", "packets": 243, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } - }, - "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -21917,73 +21947,49 @@ "67.43.156.13" ] }, - "gcp": { - "destination": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 250 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.139.99.242", + "bytes": 139513, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 243, + "port": 9200 }, - "event": { - "original": "{\"insertId\":\"19im82tfdygznb\",\"jsonPayload\":{\"bytes_sent\":\"139513\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33550,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565108649Z\",\"packets_sent\":\"243\",\"reporter\":\"SRC\",\"rtt_msec\":\"250\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:02.143811431Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:02.143811431Z", - "end": "2019-06-14T03:49:59.565108649Z", - "id": "19im82tfdygznb", - "category": "network", - "type": "connection" - } + "tags": [ + "preserve_original_event" + ] }, { "@timestamp": "2019-06-14T03:50:17.553Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 22 }, - "related": { - "ip": [ - "67.43.156.14", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:40:40.058226439Z", + "id": "19im82tfdygzne", + "kind": "event", + "original": "{\"insertId\":\"19im82tfdygzne\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":41822},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:40.058226439Z\",\"packets_sent\":\"8\",\"reporter\":\"DEST\",\"rtt_msec\":\"1439\",\"src_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"start_time\":\"2019-06-14T03:40:12.068494835Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", + "start": "2019-06-14T03:40:12.068494835Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -21993,124 +21999,109 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 22, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 0, + "community_id": "1:zyannIISQxYxkFMHE3HEVdUcoVY=", + "direction": "inbound", + "iana_number": "6", + "packets": 8, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 0, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 41822, - "bytes": 0, "ip": "67.43.156.14", - "packets": 8 - }, - "event": { - "original": "{\"insertId\":\"19im82tfdygzne\",\"jsonPayload\":{\"bytes_sent\":\"0\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":41822},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:40.058226439Z\",\"packets_sent\":\"8\",\"reporter\":\"DEST\",\"rtt_msec\":\"1439\",\"src_location\":{\"asn\":4837,\"city\":\"Shangqiu\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Henan\"},\"start_time\":\"2019-06-14T03:40:12.068494835Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.553477088Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.553477088Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:12.068494835Z", - "end": "2019-06-14T03:40:40.058226439Z", - "id": "19im82tfdygzne", - "category": "network", - "type": "connection" + "packets": 8, + "port": 41822 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:zyannIISQxYxkFMHE3HEVdUcoVY=", - "bytes": 0, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 8, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "@timestamp": "2019-06-14T03:50:17.763Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" }, "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33572, - "bytes": 11109, - "packets": 105, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:9Sajzk9Kjby8Y6aALULEYfH3nYY=", - "bytes": 11109, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 105, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821291282Z", + "id": "1gq7q7afe373fw", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373fw\",\"jsonPayload\":{\"bytes_sent\":\"11109\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33572},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"105\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466742414Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:08.466742414Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -22118,101 +22109,101 @@ "rtt": { "ms": 2 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373fw\",\"jsonPayload\":{\"bytes_sent\":\"11109\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33572},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"105\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466742414Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466742414Z", - "end": "2019-06-14T03:49:51.821291282Z", - "id": "1gq7q7afe373fw", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33970, - "domain": "kibana", - "ip": "67.43.156.13" + "network": { + "bytes": 11109, + "community_id": "1:9Sajzk9Kjby8Y6aALULEYfH3nYY=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 105, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 173496, - "packets": 81, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "address": "10.87.40.76", + "bytes": 11109, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 105, + "port": 33572 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:IK2yh3vtbZJ4V3I3kIgCeSldo3I=", - "bytes": 173496, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 81, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33970 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821154389Z", + "id": "1gq7q7afe373et", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373et\",\"jsonPayload\":{\"bytes_sent\":\"173496\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33970,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821154389Z\",\"packets_sent\":\"81\",\"reporter\":\"SRC\",\"rtt_msec\":\"308\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470006631Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:08.470006631Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -22220,203 +22211,203 @@ "rtt": { "ms": 308 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373et\",\"jsonPayload\":{\"bytes_sent\":\"173496\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33970,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821154389Z\",\"packets_sent\":\"81\",\"reporter\":\"SRC\",\"rtt_msec\":\"308\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470006631Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.470006631Z", - "end": "2019-06-14T03:49:51.821154389Z", - "id": "1gq7q7afe373et", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33536, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 173496, + "community_id": "1:IK2yh3vtbZJ4V3I3kIgCeSldo3I=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 81, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 182861, + "address": "10.139.99.242", + "bytes": 173496, "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 245 + "ip": "10.139.99.242", + "packets": 81, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:Xg3OPnd3ZD+LZsCDrlk/Kdj91e8=", - "bytes": 182861, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 245, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33536 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565319136Z", + "id": "1gq7q7afe373f4", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373f4\",\"jsonPayload\":{\"bytes_sent\":\"182861\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33536,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"245\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150282980Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:08.150282980Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { "reporter": "DEST", "rtt": { - "ms": 1 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "ms": 1 } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373f4\",\"jsonPayload\":{\"bytes_sent\":\"182861\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33536,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"245\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150282980Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.150282980Z", - "end": "2019-06-14T03:49:59.565319136Z", - "id": "1gq7q7afe373f4", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 182861, + "community_id": "1:Xg3OPnd3ZD+LZsCDrlk/Kdj91e8=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 245, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 182861, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 33570, - "bytes": 12145, - "packets": 94, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "67.43.156.14", + "packets": 245, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:fI3fEoMHmZ6GEw9+CNJ6V2s6dfw=", - "bytes": 12145, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 94, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "1gq7q7afe373eo", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373eo\",\"jsonPayload\":{\"bytes_sent\":\"12145\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33570},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"94\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466779642Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:08.466779642Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -22424,182 +22415,182 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373eo\",\"jsonPayload\":{\"bytes_sent\":\"12145\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33570},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"94\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466779642Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466779642Z", - "end": "2019-06-14T03:49:51.821302149Z", - "id": "1gq7q7afe373eo", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 12145, + "community_id": "1:fI3fEoMHmZ6GEw9+CNJ6V2s6dfw=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 94, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", - "67.43.156.13" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 62 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.87.40.76", + "bytes": 12145, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 94, + "port": 33570 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65319, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 65319 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 178669, - "packets": 634, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1gq7q7afe373fb\",\"jsonPayload\":{\"bytes_sent\":\"178669\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65319,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220617595Z\",\"packets_sent\":\"634\",\"reporter\":\"SRC\",\"rtt_msec\":\"62\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.740597880Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.740597880Z", + "category": "network", "end": "2019-06-14T03:49:56.220617595Z", "id": "1gq7q7afe373fb", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373fb\",\"jsonPayload\":{\"bytes_sent\":\"178669\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65319,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220617595Z\",\"packets_sent\":\"634\",\"reporter\":\"SRC\",\"rtt_msec\":\"62\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.740597880Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:39:59.740597880Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 62 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:uDbtB+K3v2jviOn2up59Tz92Rgk=", "bytes": 178669, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:uDbtB+K3v2jviOn2up59Tz92Rgk=", + "direction": "outbound", "iana_number": "6", "packets": 634, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "transport": "tcp", + "type": "ipv4" }, - "source": { - "address": "10.87.40.76", - "port": 33540, - "bytes": 62066, - "packets": 359, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] + }, + "source": { + "address": "10.139.99.242", + "bytes": 178669, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 634, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:LgPQaxqGyF5gYr06s0NCzKofgOo=", - "bytes": 62066, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 359, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.789258875Z", + "id": "1gq7q7afe373fs", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373fs\",\"jsonPayload\":{\"bytes_sent\":\"62066\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33540},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"359\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:39:59.500483335Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -22607,101 +22598,89 @@ "rtt": { "ms": 2 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373fs\",\"jsonPayload\":{\"bytes_sent\":\"62066\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33540},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"359\",\"reporter\":\"SRC\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500483335Z", - "end": "2019-06-14T03:49:51.789258875Z", - "id": "1gq7q7afe373fs", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 62066, + "community_id": "1:LgPQaxqGyF5gYr06s0NCzKofgOo=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 359, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33970, - "bytes": 13440, + "address": "10.87.40.76", + "bytes": 62066, "domain": "kibana", - "ip": "67.43.156.13", - "packets": 96 + "ip": "10.87.40.76", + "packets": 359, + "port": 33540 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:IK2yh3vtbZJ4V3I3kIgCeSldo3I=", - "bytes": 13440, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 96, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821056075Z", + "id": "1gq7q7afe373ei", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373ei\",\"jsonPayload\":{\"bytes_sent\":\"13440\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33970},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"96\",\"reporter\":\"DEST\",\"rtt_msec\":\"308\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470006631Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:08.470006631Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -22709,101 +22688,113 @@ "rtt": { "ms": 308 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373ei\",\"jsonPayload\":{\"bytes_sent\":\"13440\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33970},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"96\",\"reporter\":\"DEST\",\"rtt_msec\":\"308\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.470006631Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.470006631Z", - "end": "2019-06-14T03:49:51.821056075Z", - "id": "1gq7q7afe373ei", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 13440, + "community_id": "1:IK2yh3vtbZJ4V3I3kIgCeSldo3I=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 96, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 13440, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33966, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 368131, - "packets": 76, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.13", + "packets": 96, + "port": 33970 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:7RYpCdauzSw7iSF8Ox56BXoCZls=", - "bytes": 368131, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 76, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33966 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:50.800931420Z", + "id": "1gq7q7afe373ez", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373ez\",\"jsonPayload\":{\"bytes_sent\":\"368131\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33966,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:50.800931420Z\",\"packets_sent\":\"76\",\"reporter\":\"SRC\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510698570Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:20.510698570Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -22811,101 +22802,101 @@ "rtt": { "ms": 0 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373ez\",\"jsonPayload\":{\"bytes_sent\":\"368131\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33966,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:50.800931420Z\",\"packets_sent\":\"76\",\"reporter\":\"SRC\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510698570Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.510698570Z", - "end": "2019-06-14T03:49:50.800931420Z", - "id": "1gq7q7afe373ez", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "network": { + "bytes": 368131, + "community_id": "1:7RYpCdauzSw7iSF8Ox56BXoCZls=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 76, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "address": "10.87.40.76", - "port": 33536, - "bytes": 66258, - "packets": 365, - "domain": "kibana", - "ip": "10.87.40.76" + "address": "10.139.99.242", + "bytes": 368131, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 76, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:Xg3OPnd3ZD+LZsCDrlk/Kdj91e8=", - "bytes": 66258, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 365, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565319136Z", + "id": "1gq7q7afe373fh", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373fh\",\"jsonPayload\":{\"bytes_sent\":\"66258\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33536},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"365\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150282980Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:08.150282980Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -22913,55 +22904,70 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373fh\",\"jsonPayload\":{\"bytes_sent\":\"66258\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33536},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565319136Z\",\"packets_sent\":\"365\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.150282980Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.150282980Z", - "end": "2019-06-14T03:49:59.565319136Z", - "id": "1gq7q7afe373fh", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 66258, + "community_id": "1:Xg3OPnd3ZD+LZsCDrlk/Kdj91e8=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 365, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.139.99.242" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 66258, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 365, + "port": 33536 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220621567Z", + "id": "1gq7q7afe373es", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373es\",\"jsonPayload\":{\"bytes_sent\":\"76976\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65276},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220621567Z\",\"packets_sent\":\"749\",\"reporter\":\"DEST\",\"rtt_msec\":\"156\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760349279Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:00.760349279Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -22971,78 +22977,78 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 76976, + "community_id": "1:yOQ797bLdJqqOXP0XZt1Vg63dm0=", + "direction": "inbound", + "iana_number": "6", + "packets": 749, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 76976, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65276, - "bytes": 76976, "ip": "67.43.156.13", - "packets": 749 - }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373es\",\"jsonPayload\":{\"bytes_sent\":\"76976\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65276},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220621567Z\",\"packets_sent\":\"749\",\"reporter\":\"DEST\",\"rtt_msec\":\"156\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760349279Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.760349279Z", - "end": "2019-06-14T03:49:56.220621567Z", - "id": "1gq7q7afe373es", - "category": "network", - "type": "connection" + "packets": 749, + "port": 65276 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:yOQ797bLdJqqOXP0XZt1Vg63dm0=", - "bytes": 76976, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 749, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220617595Z", + "id": "1gq7q7afe373fu", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373fu\",\"jsonPayload\":{\"bytes_sent\":\"72967\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65319},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220617595Z\",\"packets_sent\":\"747\",\"reporter\":\"DEST\",\"rtt_msec\":\"62\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.740597880Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:39:59.740597880Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -23052,78 +23058,78 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 72967, + "community_id": "1:uDbtB+K3v2jviOn2up59Tz92Rgk=", + "direction": "inbound", + "iana_number": "6", + "packets": 747, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 72967, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65319, - "bytes": 72967, "ip": "67.43.156.13", - "packets": 747 - }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373fu\",\"jsonPayload\":{\"bytes_sent\":\"72967\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65319},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220617595Z\",\"packets_sent\":\"747\",\"reporter\":\"DEST\",\"rtt_msec\":\"62\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.740597880Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.740597880Z", - "end": "2019-06-14T03:49:56.220617595Z", - "id": "1gq7q7afe373fu", - "category": "network", - "type": "connection" + "packets": 747, + "port": 65319 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:uDbtB+K3v2jviOn2up59Tz92Rgk=", - "bytes": 72967, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 747, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:40:08.797851544Z", + "id": "1gq7q7afe373f2", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373f2\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":50364},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:08.797851544Z\",\"packets_sent\":\"9\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:08.412738626Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:08.412738626Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -23133,159 +23139,159 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1464, + "community_id": "1:0TTLV6IDTX3Y7z7HtKV0pV2QKHY=", + "direction": "inbound", + "iana_number": "6", + "packets": 9, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1464, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 50364, - "bytes": 1464, "ip": "67.43.156.13", - "packets": 9 - }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373f2\",\"jsonPayload\":{\"bytes_sent\":\"1464\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":50364},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:40:08.797851544Z\",\"packets_sent\":\"9\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:40:08.412738626Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.412738626Z", - "end": "2019-06-14T03:40:08.797851544Z", - "id": "1gq7q7afe373f2", - "category": "network", - "type": "connection" + "packets": 9, + "port": 50364 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:0TTLV6IDTX3Y7z7HtKV0pV2QKHY=", - "bytes": 1464, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 9, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 50364 }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.13" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:40:08.797851544Z", + "id": "1gq7q7afe373ee", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373ee\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":50364,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:08.797851544Z\",\"packets_sent\":\"8\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.412738626Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:08.412738626Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 50364, - "ip": "67.43.156.13" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1784, + "community_id": "1:0TTLV6IDTX3Y7z7HtKV0pV2QKHY=", + "direction": "outbound", + "iana_number": "6", + "packets": 8, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1784, - "packets": 8, "domain": "kibana", - "ip": "10.87.40.76" - }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373ee\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":50364,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:40:08.797851544Z\",\"packets_sent\":\"8\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.412738626Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.412738626Z", - "end": "2019-06-14T03:40:08.797851544Z", - "id": "1gq7q7afe373ee", - "category": "network", - "type": "connection" + "ip": "10.87.40.76", + "packets": 8, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:0TTLV6IDTX3Y7z7HtKV0pV2QKHY=", - "bytes": 1784, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 8, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:44:50.919744677Z", + "id": "1gq7q7afe373ey", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373ey\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33126},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:50.919744677Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:50.809605761Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:44:50.809605761Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -23295,78 +23301,78 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1457, + "community_id": "1:WVHhCd41Iy4u55Nq5yD2UbPpH/M=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1457, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33126, - "bytes": 1457, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373ey\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33126},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:44:50.919744677Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:44:50.809605761Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:44:50.809605761Z", - "end": "2019-06-14T03:44:50.919744677Z", - "id": "1gq7q7afe373ey", - "category": "network", - "type": "connection" + "packets": 7, + "port": 33126 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:WVHhCd41Iy4u55Nq5yD2UbPpH/M=", - "bytes": 1457, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220599950Z", + "id": "1gq7q7afe373e7", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373e7\",\"jsonPayload\":{\"bytes_sent\":\"73215\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65318},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"747\",\"reporter\":\"DEST\",\"rtt_msec\":\"96\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760345858Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:00.760345858Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -23376,205 +23382,178 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 73215, + "community_id": "1:abTkiqsELuUBAWswX/nZozHWPVo=", + "direction": "inbound", + "iana_number": "6", + "packets": 747, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 73215, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65318, - "bytes": 73215, "ip": "67.43.156.13", - "packets": 747 - }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373e7\",\"jsonPayload\":{\"bytes_sent\":\"73215\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65318},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"747\",\"reporter\":\"DEST\",\"rtt_msec\":\"96\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760345858Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.760345858Z", - "end": "2019-06-14T03:49:56.220599950Z", - "id": "1gq7q7afe373e7", - "category": "network", - "type": "connection" + "packets": 747, + "port": 65318 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:abTkiqsELuUBAWswX/nZozHWPVo=", - "bytes": 73215, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 747, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.13" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 53096, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 53096 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1781, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1gq7q7afe373f8\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":53096,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:20.813699795Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:20.700692281Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:43:20.700692281Z", + "category": "network", "end": "2019-06-14T03:43:20.813699795Z", "id": "1gq7q7afe373f8", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373f8\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":53096,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:43:20.813699795Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:43:20.700692281Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:43:20.700692281Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:PZTJxnZbum9ENBi23DLcdTxQuaQ=", "bytes": 1781, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:PZTJxnZbum9ENBi23DLcdTxQuaQ=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "destination": { - "address": "10.87.40.76", - "port": 33570, - "domain": "kibana", - "ip": "10.87.40.76" + "transport": "tcp", + "type": "ipv4" }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 176465, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 65 + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] + }, + "source": { + "address": "10.87.40.76", + "bytes": 1781, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:fI3fEoMHmZ6GEw9+CNJ6V2s6dfw=", - "bytes": 176465, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 65, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33570 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821302149Z", + "id": "1gq7q7afe373ec", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373ec\",\"jsonPayload\":{\"bytes_sent\":\"176465\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33570,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"65\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466779642Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:08.466779642Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -23582,263 +23561,357 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373ec\",\"jsonPayload\":{\"bytes_sent\":\"176465\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33570,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821302149Z\",\"packets_sent\":\"65\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466779642Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466779642Z", - "end": "2019-06-14T03:49:51.821302149Z", - "id": "1gq7q7afe373ec", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 176465, + "community_id": "1:fI3fEoMHmZ6GEw9+CNJ6V2s6dfw=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 65, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "67.43.156.13" + "67.43.156.14", + "10.87.40.76" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 176465, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "packets": 65, + "port": 9200 }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } }, + "ip": "67.43.156.13", + "port": 33126 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:44:50.919744677Z", + "id": "1gq7q7afe373f5", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373f5\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33126,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:50.919744677Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:50.809605761Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:44:50.809605761Z", + "type": "connection" + }, + "gcp": { "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33126, - "ip": "67.43.156.13" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1776, + "community_id": "1:WVHhCd41Iy4u55Nq5yD2UbPpH/M=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.13" + ] }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1776, + "domain": "kibana", + "ip": "10.87.40.76", "packets": 7, + "port": 5601 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "destination": { + "address": "10.87.40.76", "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1gq7q7afe373f5\",\"jsonPayload\":{\"bytes_sent\":\"1776\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33126,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:44:50.919744677Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:44:50.809605761Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:44:50.809605761Z", - "end": "2019-06-14T03:44:50.919744677Z", - "id": "1gq7q7afe373f5", "category": "network", + "end": "2019-06-14T03:47:20.566586739Z", + "id": "1gq7q7afe373f6", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373f6\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":56478},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:20.566586739Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:20.450631492Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:47:20.450631492Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:WVHhCd41Iy4u55Nq5yD2UbPpH/M=", - "bytes": 1776, - "transport": "tcp", - "type": "ipv4", + "bytes": 1458, + "community_id": "1:ZjB7c0mLOtmDfg7yu+dLPbrvJHQ=", + "direction": "inbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] + }, + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 1458, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "packets": 7, + "port": 56478 + }, + "tags": [ + "preserve_original_event" + ] }, { "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "cloud": { + "availability_zone": "us-central1-a", + "project": { + "id": "my-sample-project" + }, + "region": "us-central1" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "zeek-nsm", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 52430 }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:53.081386115Z", + "id": "1gq7q7afe373fo", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373fo\",\"jsonPayload\":{\"bytes_sent\":\"32764\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":52430,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:53.081386115Z\",\"packets_sent\":\"228\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:07.968717244Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:07.968717244Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { "ms": 36 } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 56478, - "bytes": 1458, - "ip": "67.43.156.14", - "packets": 7 + "network": { + "bytes": 32764, + "community_id": "1:qGRQsZIORaZZvgSDCjliRbZbsD0=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 228, + "transport": "tcp", + "type": "ipv4" }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373f6\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":56478},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:20.566586739Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:20.450631492Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:47:20.450631492Z", - "end": "2019-06-14T03:47:20.566586739Z", - "id": "1gq7q7afe373f6", - "category": "network", - "type": "connection" + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.14" + ] + }, + "source": { + "address": "10.139.99.242", + "bytes": 32764, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 228, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:ZjB7c0mLOtmDfg7yu+dLPbrvJHQ=", - "bytes": 1458, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, + "@timestamp": "2019-06-14T03:50:17.763Z", "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 52430, - "domain": "zeek-nsm", - "ip": "67.43.156.14" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 32764, - "packets": 228, - "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:qGRQsZIORaZZvgSDCjliRbZbsD0=", - "bytes": 32764, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 228, - "direction": "internal" - }, - "cloud": { - "region": "us-central1", - "availability_zone": "us-central1-a", - "project": { - "id": "my-sample-project" - } + "ip": "67.43.156.13", + "port": 34536 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:47:51.162931667Z", + "id": "1gq7q7afe373ek", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373ek\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":34536,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:51.162931667Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:51.050074134Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:47:51.050074134Z", + "type": "connection" }, "gcp": { - "destination": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "my-sample-project", - "zone": "us-central1-a" } }, "vpcflow": { @@ -23846,34 +23919,19 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373fo\",\"jsonPayload\":{\"bytes_sent\":\"32764\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":52430,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:53.081386115Z\",\"packets_sent\":\"228\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:07.968717244Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:07.968717244Z", - "end": "2019-06-14T03:49:53.081386115Z", - "id": "1gq7q7afe373fo", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1780, + "community_id": "1:UvoHbtWzAMEin6FWcQYUnzv4vOQ=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -23881,147 +23939,170 @@ "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 1780, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "cloud": { + "availability_zone": "us-east1-b", + "project": { + "id": "my-sample-project" + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33572 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821291282Z", + "id": "1gq7q7afe373fj", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373fj\",\"jsonPayload\":{\"bytes_sent\":\"137855\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33572,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"72\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466742414Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:08.466742414Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } - } - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 }, - "address": "67.43.156.13", - "port": 34536, - "ip": "67.43.156.13" - }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1780, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 2 + } + } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373ek\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":34536,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:51.162931667Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:51.050074134Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:47:51.050074134Z", - "end": "2019-06-14T03:47:51.162931667Z", - "id": "1gq7q7afe373ek", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:UvoHbtWzAMEin6FWcQYUnzv4vOQ=", - "bytes": 1780, - "transport": "tcp", - "type": "ipv4", + "bytes": 137855, + "community_id": "1:9Sajzk9Kjby8Y6aALULEYfH3nYY=", + "direction": "internal", "iana_number": "6", - "packets": 7, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "name": "default", + "packets": 72, + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33572, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 9200, "bytes": 137855, "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.14", - "packets": 72 + "packets": 72, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:9Sajzk9Kjby8Y6aALULEYfH3nYY=", - "bytes": 137855, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 72, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33540 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.789258875Z", + "id": "1gq7q7afe373fm", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373fm\",\"jsonPayload\":{\"bytes_sent\":\"125197\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33540,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"242\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:39:59.500483335Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -24029,442 +24110,419 @@ "rtt": { "ms": 2 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373fj\",\"jsonPayload\":{\"bytes_sent\":\"137855\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33572,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821291282Z\",\"packets_sent\":\"72\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466742414Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466742414Z", - "end": "2019-06-14T03:49:51.821291282Z", - "id": "1gq7q7afe373fj", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.87.40.76", - "port": 33540, - "domain": "kibana", - "ip": "10.87.40.76" + "network": { + "bytes": 125197, + "community_id": "1:LgPQaxqGyF5gYr06s0NCzKofgOo=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 242, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 9200, "bytes": 125197, "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.14", - "packets": 242 + "packets": 242, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:LgPQaxqGyF5gYr06s0NCzKofgOo=", - "bytes": 125197, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 242, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", + "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.219496168Z", + "id": "1gq7q7afe373eg", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373eg\",\"jsonPayload\":{\"bytes_sent\":\"917832\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":53096},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.219496168Z\",\"packets_sent\":\"230\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.853096315Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:01.853096315Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "DEST", - "rtt": { - "ms": 2 } }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 36 } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373fm\",\"jsonPayload\":{\"bytes_sent\":\"125197\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33540,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.789258875Z\",\"packets_sent\":\"242\",\"reporter\":\"DEST\",\"rtt_msec\":\"2\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.500483335Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.500483335Z", - "end": "2019-06-14T03:49:51.789258875Z", - "id": "1gq7q7afe373fm", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 917832, + "community_id": "1:p9p1/vwvoKmWznvDynb8S94wSVM=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 230, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.14", + "10.139.99.242" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 53096, "bytes": 917832, "domain": "zeek-nsm", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.14", - "packets": 230 + "packets": 230, + "port": 53096 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:p9p1/vwvoKmWznvDynb8S94wSVM=", - "bytes": 917832, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 230, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "zeek-nsm", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 53096 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.219496168Z", + "id": "1gq7q7afe373fc", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373fc\",\"jsonPayload\":{\"bytes_sent\":\"55572\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":53096,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.219496168Z\",\"packets_sent\":\"133\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.853096315Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:01.853096315Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "my-sample-project", - "zone": "us-central1-a" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373eg\",\"jsonPayload\":{\"bytes_sent\":\"917832\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":53096},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.219496168Z\",\"packets_sent\":\"230\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.853096315Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.853096315Z", - "end": "2019-06-14T03:49:56.219496168Z", - "id": "1gq7q7afe373eg", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 53096, - "domain": "zeek-nsm", - "ip": "67.43.156.14" + "network": { + "bytes": 55572, + "community_id": "1:p9p1/vwvoKmWznvDynb8S94wSVM=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 133, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.14" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, "bytes": 55572, - "packets": 133, "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "10.139.99.242", + "packets": 133, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:p9p1/vwvoKmWznvDynb8S94wSVM=", - "bytes": 55572, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 133, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-central1", - "availability_zone": "us-central1-a", + "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821049800Z", + "id": "1gq7q7afe373eq", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373eq\",\"jsonPayload\":{\"bytes_sent\":\"4615\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33966},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821049800Z\",\"packets_sent\":\"75\",\"reporter\":\"DEST\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510698570Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:20.510698570Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "my-sample-project", - "zone": "us-central1-a" - } - }, - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 } }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 0 } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373fc\",\"jsonPayload\":{\"bytes_sent\":\"55572\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":53096,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.219496168Z\",\"packets_sent\":\"133\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:01.853096315Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:01.853096315Z", - "end": "2019-06-14T03:49:56.219496168Z", - "id": "1gq7q7afe373fc", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 4615, + "community_id": "1:7RYpCdauzSw7iSF8Ox56BXoCZls=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 75, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 33966, "bytes": 4615, "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.13", - "packets": 75 - }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:7RYpCdauzSw7iSF8Ox56BXoCZls=", - "bytes": 4615, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 75, - "direction": "internal" - }, - "cloud": { - "region": "us-east1", - "availability_zone": "us-east1-b", - "project": { - "id": "my-sample-project" - } + "packets": 75, + "port": 33966 }, + "tags": [ + "preserve_original_event" + ] + }, + { "@timestamp": "2019-06-14T03:50:17.763Z", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 65318 + }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.220599950Z", + "id": "1gq7q7afe373ev", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373ev\",\"jsonPayload\":{\"bytes_sent\":\"75612\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65318,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"583\",\"reporter\":\"SRC\",\"rtt_msec\":\"96\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760345858Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:00.760345858Z", + "type": "connection" }, "gcp": { - "destination": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { - "ms": 0 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + "ms": 96 } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373eq\",\"jsonPayload\":{\"bytes_sent\":\"4615\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33966},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821049800Z\",\"packets_sent\":\"75\",\"reporter\":\"DEST\",\"rtt_msec\":\"0\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:20.510698570Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:20.510698570Z", - "end": "2019-06-14T03:49:51.821049800Z", - "id": "1gq7q7afe373eq", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 75612, + "community_id": "1:abTkiqsELuUBAWswX/nZozHWPVo=", + "direction": "outbound", + "iana_number": "6", + "packets": 583, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -24472,101 +24530,49 @@ "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 96 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 65318, - "ip": "67.43.156.13" - }, "source": { "address": "10.139.99.242", - "port": 9200, "bytes": 75612, - "packets": 583, "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373ev\",\"jsonPayload\":{\"bytes_sent\":\"75612\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65318,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220599950Z\",\"packets_sent\":\"583\",\"reporter\":\"SRC\",\"rtt_msec\":\"96\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760345858Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.760345858Z", - "end": "2019-06-14T03:49:56.220599950Z", - "id": "1gq7q7afe373ev", - "category": "network", - "type": "connection" + "ip": "10.139.99.242", + "packets": 583, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:abTkiqsELuUBAWswX/nZozHWPVo=", - "bytes": 75612, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 583, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:47:51.162931667Z", + "id": "1gq7q7afe373em", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373em\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":34536},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:51.162931667Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:51.050074134Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:47:51.050074134Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -24576,205 +24582,190 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1461, + "community_id": "1:UvoHbtWzAMEin6FWcQYUnzv4vOQ=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1461, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 34536, - "bytes": 1461, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373em\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":34536},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:51.162931667Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:51.050074134Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:47:51.050074134Z", - "end": "2019-06-14T03:47:51.162931667Z", - "id": "1gq7q7afe373em", - "category": "network", - "type": "connection" + "packets": 7, + "port": 34536 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:UvoHbtWzAMEin6FWcQYUnzv4vOQ=", - "bytes": 1461, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" - }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] - }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.14", - "port": 56478, - "ip": "67.43.156.14" - }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1780, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ip": "67.43.156.14", + "port": 56478 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1gq7q7afe373ew\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":56478,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:20.566586739Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:20.450631492Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:47:20.450631492Z", + "category": "network", "end": "2019-06-14T03:47:20.566586739Z", "id": "1gq7q7afe373ew", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373ew\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":56478,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:20.566586739Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:20.450631492Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:47:20.450631492Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:ZjB7c0mLOtmDfg7yu+dLPbrvJHQ=", "bytes": 1780, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:ZjB7c0mLOtmDfg7yu+dLPbrvJHQ=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "domain": "elasticsearch", - "ip": "67.43.156.14" + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 33694, - "bytes": 64140, - "packets": 371, + "bytes": 1780, "domain": "kibana", - "ip": "10.87.40.76" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:eQxAd3pzSyZzZxiE+1RzMSqyG04=", - "bytes": 64140, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 371, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "domain": "elasticsearch", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "1gq7q7afe373e9", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373e9\",\"jsonPayload\":{\"bytes_sent\":\"64140\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33694},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"371\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566359759Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:05.566359759Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -24782,55 +24773,70 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373e9\",\"jsonPayload\":{\"bytes_sent\":\"64140\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":33694},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"371\",\"reporter\":\"SRC\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566359759Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.566359759Z", - "end": "2019-06-14T03:49:59.565311154Z", - "id": "1gq7q7afe373e9", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 64140, + "community_id": "1:eQxAd3pzSyZzZxiE+1RzMSqyG04=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 371, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "67.43.156.13", - "10.87.40.76" + "10.87.40.76", + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 64140, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 371, + "port": 33694 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:43:20.813699795Z", + "id": "1gq7q7afe373f9", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373f9\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":53096},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:20.813699795Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:20.700692281Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:43:20.700692281Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -24840,124 +24846,97 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 53096, - "bytes": 1458, - "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373f9\",\"jsonPayload\":{\"bytes_sent\":\"1458\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":53096},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:43:20.813699795Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:43:20.700692281Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:43:20.700692281Z", - "end": "2019-06-14T03:43:20.813699795Z", - "id": "1gq7q7afe373f9", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:PZTJxnZbum9ENBi23DLcdTxQuaQ=", "bytes": 1458, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:PZTJxnZbum9ENBi23DLcdTxQuaQ=", + "direction": "inbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.87.40.76", - "port": 33694, - "domain": "kibana", - "ip": "10.87.40.76" + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1458, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 9200, - "bytes": 231764, - "domain": "elasticsearch", - "ip": "67.43.156.14", - "packets": 251 + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "packets": 7, + "port": 53096 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:eQxAd3pzSyZzZxiE+1RzMSqyG04=", - "bytes": 231764, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 251, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 33694 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:59.565311154Z", + "id": "1gq7q7afe373f1", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373f1\",\"jsonPayload\":{\"bytes_sent\":\"231764\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33694,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566359759Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:05.566359759Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -24965,182 +24944,182 @@ "rtt": { "ms": 1 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373f1\",\"jsonPayload\":{\"bytes_sent\":\"231764\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":33694,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:59.565311154Z\",\"packets_sent\":\"251\",\"reporter\":\"DEST\",\"rtt_msec\":\"1\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:05.566359759Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:05.566359759Z", - "end": "2019-06-14T03:49:59.565311154Z", - "id": "1gq7q7afe373f1", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:17.763Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 231764, + "community_id": "1:eQxAd3pzSyZzZxiE+1RzMSqyG04=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 251, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", - "67.43.156.13" + "67.43.156.14", + "10.87.40.76" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 156 - } + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 231764, + "domain": "elasticsearch", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.14", + "packets": 251, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", + "destination": { + "address": "67.43.156.13", "as": { "number": 35908 }, - "address": "67.43.156.13", - "port": 65276, - "ip": "67.43.156.13" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 65276 }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 107878, - "packets": 614, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"1gq7q7afe373ff\",\"jsonPayload\":{\"bytes_sent\":\"107878\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65276,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220621567Z\",\"packets_sent\":\"614\",\"reporter\":\"SRC\",\"rtt_msec\":\"156\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760349279Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.760349279Z", + "category": "network", "end": "2019-06-14T03:49:56.220621567Z", "id": "1gq7q7afe373ff", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373ff\",\"jsonPayload\":{\"bytes_sent\":\"107878\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65276,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.220621567Z\",\"packets_sent\":\"614\",\"reporter\":\"SRC\",\"rtt_msec\":\"156\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760349279Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:00.760349279Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 156 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:yOQ797bLdJqqOXP0XZt1Vg63dm0=", "bytes": 107878, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:yOQ797bLdJqqOXP0XZt1Vg63dm0=", + "direction": "outbound", "iana_number": "6", "packets": 614, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 52430, - "bytes": 595838, - "domain": "zeek-nsm", - "ip": "67.43.156.14", - "packets": 299 + "address": "10.139.99.242", + "bytes": 107878, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 614, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:qGRQsZIORaZZvgSDCjliRbZbsD0=", - "bytes": 595838, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 299, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:17.763Z", "cloud": { - "region": "us-central1", "availability_zone": "us-central1-a", "project": { "id": "my-sample-project" - } + }, + "region": "us-central1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:17.763Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.14", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:53.081386115Z", + "id": "1gq7q7afe373fq", + "kind": "event", + "original": "{\"insertId\":\"1gq7q7afe373fq\",\"jsonPayload\":{\"bytes_sent\":\"595838\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":52430},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:53.081386115Z\",\"packets_sent\":\"299\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:07.968717244Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", + "start": "2019-06-14T03:40:07.968717244Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-central1", + "zone": "us-central1-a" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -25148,258 +25127,270 @@ "rtt": { "ms": 36 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-central1", - "project_id": "my-sample-project", - "zone": "us-central1-a" - } } }, - "event": { - "original": "{\"insertId\":\"1gq7q7afe373fq\",\"jsonPayload\":{\"bytes_sent\":\"595838\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":52430},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:53.081386115Z\",\"packets_sent\":\"299\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-central1\",\"vm_name\":\"zeek-nsm\",\"zone\":\"us-central1-a\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:07.968717244Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:17.76361854Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:17.76361854Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:07.968717244Z", - "end": "2019-06-14T03:49:53.081386115Z", - "id": "1gq7q7afe373fq", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 595838, + "community_id": "1:qGRQsZIORaZZvgSDCjliRbZbsD0=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 299, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.87.40.76", - "67.43.156.14" + "67.43.156.14", + "10.139.99.242" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 37 - } + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { + "bytes": 595838, + "domain": "zeek-nsm", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.14", + "packets": 299, + "port": 52430 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "destination": { + "address": "67.43.156.14", "as": { "number": 35908 }, - "address": "67.43.156.14", - "port": 56410, - "ip": "67.43.156.14" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 56410 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1780, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"14iipwlfd8t01n\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":56410,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:10.630345069Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"37\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:10.514594429Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:47:10.514594429Z", + "category": "network", "end": "2019-06-14T03:47:10.630345069Z", "id": "14iipwlfd8t01n", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01n\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":56410,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:47:10.630345069Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"37\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:47:10.514594429Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:47:10.514594429Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 37 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:4Pc6C8KshAP3IEqmZaW0jzA00wQ=", "bytes": 1780, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:4Pc6C8KshAP3IEqmZaW0jzA00wQ=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ "10.87.40.76", - "192.168.2.117" + "67.43.156.14" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } + "source": { + "address": "10.87.40.76", + "bytes": 1780, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", "destination": { + "address": "192.168.2.117", + "as": { + "number": 15169 + }, "geo": { "continent_name": "America", "country_name": "usa" }, - "as": { - "number": 15169 - }, - "address": "192.168.2.117", - "port": 51950, - "ip": "192.168.2.117" + "ip": "192.168.2.117", + "port": 51950 }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1781, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "ecs": { + "version": "8.2.0" }, "event": { - "original": "{\"insertId\":\"14iipwlfd8t01j\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":51950,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:50.757658840Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:50.645030007Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:41:50.645030007Z", + "category": "network", "end": "2019-06-14T03:41:50.757658840Z", "id": "14iipwlfd8t01j", - "category": "network", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01j\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":51950,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:50.757658840Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:50.645030007Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:41:50.645030007Z", "type": "connection" }, - "tags": [ - "preserve_original_event" - ], + "gcp": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, "network": { - "community_id": "1:jcjE3OEEgs/JCmhTXaJJ97LHMMA=", "bytes": 1781, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:jcjE3OEEgs/JCmhTXaJJ97LHMMA=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 33876, - "domain": "kibana", - "ip": "67.43.156.13" + "related": { + "ip": [ + "10.87.40.76", + "192.168.2.117" + ] }, "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 361966, - "packets": 80, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "address": "10.87.40.76", + "bytes": 1781, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:E5NvH5JkoYJgVzpBa96RbCFEXPs=", - "bytes": 361966, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 80, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33876 }, - "@timestamp": "2019-06-14T03:50:19.219Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.933154111Z", + "id": "14iipwlfd8t01o", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01o\",\"jsonPayload\":{\"bytes_sent\":\"361966\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33876,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933154111Z\",\"packets_sent\":\"80\",\"reporter\":\"SRC\",\"rtt_msec\":\"34\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466868771Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:40:08.466868771Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -25407,55 +25398,70 @@ "rtt": { "ms": 34 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01o\",\"jsonPayload\":{\"bytes_sent\":\"361966\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33876,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933154111Z\",\"packets_sent\":\"80\",\"reporter\":\"SRC\",\"rtt_msec\":\"34\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466868771Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466868771Z", - "end": "2019-06-14T03:49:37.933154111Z", - "id": "14iipwlfd8t01o", - "category": "network", - "type": "connection" - } - }, - { - "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 361966, + "community_id": "1:E5NvH5JkoYJgVzpBa96RbCFEXPs=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 80, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "192.168.2.117", - "10.87.40.76" + "10.139.99.242", + "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.139.99.242", + "bytes": 361966, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 80, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:41:50.757658840Z", + "id": "14iipwlfd8t01p", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01p\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":51950},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:50.757658840Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:50.645030007Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:41:50.645030007Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -25465,149 +25471,149 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1457, + "community_id": "1:jcjE3OEEgs/JCmhTXaJJ97LHMMA=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.117", + "10.87.40.76" + ] }, "source": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, + "address": "192.168.2.117", "as": { "number": 15169 }, - "address": "192.168.2.117", - "port": 51950, "bytes": 1457, + "geo": { + "continent_name": "America", + "country_name": "usa" + }, "ip": "192.168.2.117", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01p\",\"jsonPayload\":{\"bytes_sent\":\"1457\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":51950},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:50.757658840Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:50.645030007Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:41:50.645030007Z", - "end": "2019-06-14T03:41:50.757658840Z", - "id": "14iipwlfd8t01p", - "category": "network", - "type": "connection" + "packets": 7, + "port": 51950 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:jcjE3OEEgs/JCmhTXaJJ97LHMMA=", - "bytes": 1457, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "192.168.2.117", + "as": { + "number": 15169 + }, + "geo": { + "continent_name": "America", + "country_name": "usa" + }, + "ip": "192.168.2.117", + "port": 58658 }, - "related": { - "ip": [ - "10.87.40.76", - "192.168.2.117" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:50.856250208Z", + "id": "14iipwlfd8t01e", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01e\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":58658,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:50.856250208Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:50.733935895Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:49:50.733935895Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 } } }, - "destination": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, - "as": { - "number": 15169 - }, - "address": "192.168.2.117", - "port": 58658, - "ip": "192.168.2.117" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "source": { - "address": "10.87.40.76", - "port": 5601, + "network": { "bytes": 1781, + "community_id": "1:dsMvRAsck5r3/JXfFORCHfiL8IQ=", + "direction": "outbound", + "iana_number": "6", "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "transport": "tcp", + "type": "ipv4" }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01e\",\"jsonPayload\":{\"bytes_sent\":\"1781\",\"connection\":{\"dest_ip\":\"192.168.2.117\",\"dest_port\":58658,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:49:50.856250208Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:49:50.733935895Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:49:50.733935895Z", - "end": "2019-06-14T03:49:50.856250208Z", - "id": "14iipwlfd8t01e", - "category": "network", - "type": "connection" + "related": { + "ip": [ + "10.87.40.76", + "192.168.2.117" + ] }, - "tags": [ - "preserve_original_event" - ], - "network": { - "community_id": "1:dsMvRAsck5r3/JXfFORCHfiL8IQ=", + "source": { + "address": "10.87.40.76", "bytes": 1781, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", + "domain": "kibana", + "ip": "10.87.40.76", "packets": 7, - "direction": "outbound" - } + "port": 5601 + }, + "tags": [ + "preserve_original_event" + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.13", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:41:08.213471928Z", + "id": "14iipwlfd8t01q", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01q\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":59924},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:08.213471928Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:08.092659117Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:41:08.092659117Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -25617,78 +25623,78 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1467, + "community_id": "1:6chxyTuZx655lb71dq3THmRLfyY=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 1467, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 59924, - "bytes": 1467, "ip": "67.43.156.13", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01q\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":59924},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:41:08.213471928Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:41:08.092659117Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:41:08.092659117Z", - "end": "2019-06-14T03:41:08.213471928Z", - "id": "14iipwlfd8t01q", - "category": "network", - "type": "connection" + "packets": 7, + "port": 59924 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:6chxyTuZx655lb71dq3THmRLfyY=", - "bytes": 1467, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "192.168.2.117", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:50.856250208Z", + "id": "14iipwlfd8t01i", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01i\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":58658},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:50.856250208Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:50.733935895Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:49:50.733935895Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -25698,154 +25704,154 @@ } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1461, + "community_id": "1:dsMvRAsck5r3/JXfFORCHfiL8IQ=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.117", + "10.87.40.76" + ] }, "source": { - "geo": { - "continent_name": "America", - "country_name": "usa" - }, + "address": "192.168.2.117", "as": { "number": 15169 }, - "address": "192.168.2.117", - "port": 58658, "bytes": 1461, + "geo": { + "continent_name": "America", + "country_name": "usa" + }, "ip": "192.168.2.117", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01i\",\"jsonPayload\":{\"bytes_sent\":\"1461\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"192.168.2.117\",\"src_port\":58658},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:50.856250208Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"36\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:49:50.733935895Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:49:50.733935895Z", - "end": "2019-06-14T03:49:50.856250208Z", - "id": "14iipwlfd8t01i", - "category": "network", - "type": "connection" + "packets": 7, + "port": 58658 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:dsMvRAsck5r3/JXfFORCHfiL8IQ=", - "bytes": 1461, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 65272 }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.316981133Z", + "id": "14iipwlfd8t01k", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01k\",\"jsonPayload\":{\"bytes_sent\":\"123732\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65272,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316981133Z\",\"packets_sent\":\"618\",\"reporter\":\"SRC\",\"rtt_msec\":\"123\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.403442252Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:39:59.403442252Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 123 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 123 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 65272, - "ip": "67.43.156.13" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 123732, + "community_id": "1:AkP1aSEJH9bFKIOkOHf1rOVHNwk=", + "direction": "outbound", + "iana_number": "6", + "packets": 618, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, "bytes": 123732, - "packets": 618, "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01k\",\"jsonPayload\":{\"bytes_sent\":\"123732\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65272,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316981133Z\",\"packets_sent\":\"618\",\"reporter\":\"SRC\",\"rtt_msec\":\"123\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:39:59.403442252Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.403442252Z", - "end": "2019-06-14T03:49:56.316981133Z", - "id": "14iipwlfd8t01k", - "category": "network", - "type": "connection" + "ip": "10.139.99.242", + "packets": 618, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:AkP1aSEJH9bFKIOkOHf1rOVHNwk=", - "bytes": 123732, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 618, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.316930467Z", + "id": "14iipwlfd8t01f", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01f\",\"jsonPayload\":{\"bytes_sent\":\"76342\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65273},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316930467Z\",\"packets_sent\":\"710\",\"reporter\":\"DEST\",\"rtt_msec\":\"115\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.155378287Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:40:00.155378287Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -25855,135 +25861,176 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 76342, + "community_id": "1:f+7WLGF1FDb2ZMudfLtDGfB3+gQ=", + "direction": "inbound", + "iana_number": "6", + "packets": 710, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 76342, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65273, - "bytes": 76342, "ip": "67.43.156.13", - "packets": 710 - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01f\",\"jsonPayload\":{\"bytes_sent\":\"76342\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65273},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316930467Z\",\"packets_sent\":\"710\",\"reporter\":\"DEST\",\"rtt_msec\":\"115\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.155378287Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.155378287Z", - "end": "2019-06-14T03:49:56.316930467Z", - "id": "14iipwlfd8t01f", - "category": "network", - "type": "connection" + "packets": 710, + "port": 65273 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:f+7WLGF1FDb2ZMudfLtDGfB3+gQ=", - "bytes": 76342, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 710, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "192.168.2.73", + "as": { + "number": 4847 + }, + "geo": { + "city_name": "Beijing", + "continent_name": "Asia", + "country_name": "chn", + "region_name": "Beijing" + }, + "ip": "192.168.2.73", + "port": 45224 }, - "related": { - "ip": [ - "10.73.186.17", - "192.168.2.73" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:44:23.955039461Z", + "id": "14iipwlfd8t018", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t018\",\"jsonPayload\":{\"bytes_sent\":\"9761\",\"connection\":{\"dest_ip\":\"192.168.2.73\",\"dest_port\":45224,\"protocol\":6,\"src_ip\":\"10.73.186.17\",\"src_port\":22},\"dest_location\":{\"asn\":4847,\"city\":\"Beijing\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Beijing\"},\"end_time\":\"2019-06-14T03:44:23.955039461Z\",\"packets_sent\":\"13\",\"reporter\":\"SRC\",\"rtt_msec\":\"242\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:23.705320616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:42:23.705320616Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 242 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 242 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "chn", - "city_name": "Beijing", - "region_name": "Beijing" - }, - "as": { - "number": 4847 - }, - "address": "192.168.2.73", - "port": 45224, - "ip": "192.168.2.73" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 9761, + "community_id": "1:ppuocaYwNMzpWOs4nDw/orHgE7E=", + "direction": "outbound", + "iana_number": "6", + "packets": 13, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.73.186.17", + "192.168.2.73" + ] }, "source": { "address": "10.73.186.17", - "port": 22, "bytes": 9761, - "packets": 13, "domain": "infraops-docker-data", - "ip": "10.73.186.17" - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t018\",\"jsonPayload\":{\"bytes_sent\":\"9761\",\"connection\":{\"dest_ip\":\"192.168.2.73\",\"dest_port\":45224,\"protocol\":6,\"src_ip\":\"10.73.186.17\",\"src_port\":22},\"dest_location\":{\"asn\":4847,\"city\":\"Beijing\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Beijing\"},\"end_time\":\"2019-06-14T03:44:23.955039461Z\",\"packets_sent\":\"13\",\"reporter\":\"SRC\",\"rtt_msec\":\"242\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:42:23.705320616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:42:23.705320616Z", - "end": "2019-06-14T03:44:23.955039461Z", - "id": "14iipwlfd8t018", - "category": "network", - "type": "connection" + "ip": "10.73.186.17", + "packets": 13, + "port": 22 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:ppuocaYwNMzpWOs4nDw/orHgE7E=", - "bytes": 9761, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 13, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 + }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:47:10.630345069Z", + "id": "14iipwlfd8t01a", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01a\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":56410},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:10.630345069Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"37\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:10.514594429Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:47:10.514594429Z", + "type": "connection" + }, + "gcp": { + "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 37 + } + } + }, + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1467, + "community_id": "1:4Pc6C8KshAP3IEqmZaW0jzA00wQ=", + "direction": "inbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -25991,80 +26038,91 @@ "10.87.40.76" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 1467, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "packets": 7, + "port": 56410 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 65277 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.316890309Z", + "id": "14iipwlfd8t017", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t017\",\"jsonPayload\":{\"bytes_sent\":\"51612\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65277,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316890309Z\",\"packets_sent\":\"615\",\"reporter\":\"SRC\",\"rtt_msec\":\"95\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760385211Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:40:00.760385211Z", + "type": "connection" }, "gcp": { - "destination": { + "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { - "reporter": "DEST", + "reporter": "SRC", "rtt": { - "ms": 37 + "ms": 95 } } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 56410, - "bytes": 1467, - "ip": "67.43.156.14", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01a\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":56410},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:47:10.630345069Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"rtt_msec\":\"37\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:47:10.514594429Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:47:10.514594429Z", - "end": "2019-06-14T03:47:10.630345069Z", - "id": "14iipwlfd8t01a", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:4Pc6C8KshAP3IEqmZaW0jzA00wQ=", - "bytes": 1467, - "transport": "tcp", - "type": "ipv4", + "bytes": 51612, + "community_id": "1:4WmFG6CwXYT/gPzUmmljpbE3pFk=", + "direction": "outbound", "iana_number": "6", - "packets": 7, - "direction": "inbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "packets": 615, + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ @@ -26072,101 +26130,49 @@ "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" - }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 95 - } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } - } - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 65277, - "ip": "67.43.156.13" - }, "source": { "address": "10.139.99.242", - "port": 9200, "bytes": 51612, - "packets": 615, "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t017\",\"jsonPayload\":{\"bytes_sent\":\"51612\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65277,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316890309Z\",\"packets_sent\":\"615\",\"reporter\":\"SRC\",\"rtt_msec\":\"95\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.760385211Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.760385211Z", - "end": "2019-06-14T03:49:56.316890309Z", - "id": "14iipwlfd8t017", - "category": "network", - "type": "connection" + "ip": "10.139.99.242", + "packets": 615, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:4WmFG6CwXYT/gPzUmmljpbE3pFk=", - "bytes": 51612, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 615, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.316981133Z", + "id": "14iipwlfd8t01m", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01m\",\"jsonPayload\":{\"bytes_sent\":\"74330\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65272},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316981133Z\",\"packets_sent\":\"745\",\"reporter\":\"DEST\",\"rtt_msec\":\"123\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.403442252Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:39:59.403442252Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -26176,240 +26182,240 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 74330, + "community_id": "1:AkP1aSEJH9bFKIOkOHf1rOVHNwk=", + "direction": "inbound", + "iana_number": "6", + "packets": 745, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 74330, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65272, - "bytes": 74330, "ip": "67.43.156.13", - "packets": 745 - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01m\",\"jsonPayload\":{\"bytes_sent\":\"74330\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65272},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316981133Z\",\"packets_sent\":\"745\",\"reporter\":\"DEST\",\"rtt_msec\":\"123\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:39:59.403442252Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:39:59.403442252Z", - "end": "2019-06-14T03:49:56.316981133Z", - "id": "14iipwlfd8t01m", - "category": "network", - "type": "connection" + "packets": 745, + "port": 65272 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:AkP1aSEJH9bFKIOkOHf1rOVHNwk=", - "bytes": 74330, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 745, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 59924 }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.13" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:41:08.213471928Z", + "id": "14iipwlfd8t015", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t015\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":59924,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:08.213471928Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:08.092659117Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:41:08.092659117Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 36 - } - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } - } - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 }, - "address": "67.43.156.13", - "port": 59924, - "ip": "67.43.156.13" - }, - "source": { - "address": "10.87.40.76", - "port": 5601, - "bytes": 1784, - "packets": 7, - "domain": "kibana", - "ip": "10.87.40.76" + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 36 + } + } }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t015\",\"jsonPayload\":{\"bytes_sent\":\"1784\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":59924,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:41:08.213471928Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"rtt_msec\":\"36\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:41:08.092659117Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:41:08.092659117Z", - "end": "2019-06-14T03:41:08.213471928Z", - "id": "14iipwlfd8t015", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:6chxyTuZx655lb71dq3THmRLfyY=", "bytes": 1784, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:6chxyTuZx655lb71dq3THmRLfyY=", + "direction": "outbound", "iana_number": "6", "packets": 7, - "direction": "outbound" - } - }, - { - "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "transport": "tcp", + "type": "ipv4" }, "related": { "ip": [ - "10.139.99.242", + "10.87.40.76", "67.43.156.13" ] }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "source": { + "address": "10.87.40.76", + "bytes": 1784, + "domain": "kibana", + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, - "gcp": { - "vpcflow": { - "reporter": "SRC", - "rtt": { - "ms": 115 + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 } }, + "ip": "67.43.156.13", + "port": 65273 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.316930467Z", + "id": "14iipwlfd8t01h", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01h\",\"jsonPayload\":{\"bytes_sent\":\"76622\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65273,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316930467Z\",\"packets_sent\":\"599\",\"reporter\":\"SRC\",\"rtt_msec\":\"115\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.155378287Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:40:00.155378287Z", + "type": "connection" + }, + "gcp": { "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" + } + }, + "vpcflow": { + "reporter": "SRC", + "rtt": { + "ms": 115 } } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.13", - "port": 65273, - "ip": "67.43.156.13" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 76622, + "community_id": "1:f+7WLGF1FDb2ZMudfLtDGfB3+gQ=", + "direction": "outbound", + "iana_number": "6", + "packets": 599, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] }, "source": { "address": "10.139.99.242", - "port": 9200, "bytes": 76622, - "packets": 599, "domain": "elasticsearch", - "ip": "10.139.99.242" - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01h\",\"jsonPayload\":{\"bytes_sent\":\"76622\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":65273,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"end_time\":\"2019-06-14T03:49:56.316930467Z\",\"packets_sent\":\"599\",\"reporter\":\"SRC\",\"rtt_msec\":\"115\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:00.155378287Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.155378287Z", - "end": "2019-06-14T03:49:56.316930467Z", - "id": "14iipwlfd8t01h", - "category": "network", - "type": "connection" + "ip": "10.139.99.242", + "packets": 599, + "port": 9200 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:f+7WLGF1FDb2ZMudfLtDGfB3+gQ=", - "bytes": 76622, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 599, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.73.186.17", + "domain": "infraops-docker-data", + "ip": "10.73.186.17", + "port": 22 }, - "related": { - "ip": [ - "192.168.2.73", - "10.73.186.17" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:42:24.922448897Z", + "id": "14iipwlfd8t019", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t019\",\"jsonPayload\":{\"bytes_sent\":\"42\",\"connection\":{\"dest_ip\":\"10.73.186.17\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.168.2.73\",\"src_port\":45224},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:24.922448897Z\",\"packets_sent\":\"5\",\"reporter\":\"DEST\",\"rtt_msec\":\"242\",\"src_location\":{\"asn\":4847,\"city\":\"Beijing\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Beijing\"},\"start_time\":\"2019-06-14T03:42:23.705320616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:42:23.705320616Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -26419,75 +26425,75 @@ } } }, - "destination": { - "address": "10.73.186.17", - "port": 22, - "domain": "infraops-docker-data", - "ip": "10.73.186.17" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 42, + "community_id": "1:ppuocaYwNMzpWOs4nDw/orHgE7E=", + "direction": "inbound", + "iana_number": "6", + "packets": 5, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "192.168.2.73", + "10.73.186.17" + ] }, "source": { + "address": "192.168.2.73", + "as": { + "number": 4847 + }, + "bytes": 42, "geo": { + "city_name": "Beijing", "continent_name": "Asia", "country_name": "chn", - "city_name": "Beijing", "region_name": "Beijing" }, - "as": { - "number": 4847 - }, - "address": "192.168.2.73", - "port": 45224, - "bytes": 42, "ip": "192.168.2.73", - "packets": 5 - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t019\",\"jsonPayload\":{\"bytes_sent\":\"42\",\"connection\":{\"dest_ip\":\"10.73.186.17\",\"dest_port\":22,\"protocol\":6,\"src_ip\":\"192.168.2.73\",\"src_port\":45224},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"infraops-docker-data\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:42:24.922448897Z\",\"packets_sent\":\"5\",\"reporter\":\"DEST\",\"rtt_msec\":\"242\",\"src_location\":{\"asn\":4847,\"city\":\"Beijing\",\"continent\":\"Asia\",\"country\":\"chn\",\"region\":\"Beijing\"},\"start_time\":\"2019-06-14T03:42:23.705320616Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:42:23.705320616Z", - "end": "2019-06-14T03:42:24.922448897Z", - "id": "14iipwlfd8t019", - "category": "network", - "type": "connection" + "packets": 5, + "port": 45224 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:ppuocaYwNMzpWOs4nDw/orHgE7E=", - "bytes": 42, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 5, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:49:56.316890309Z", + "id": "14iipwlfd8t016", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t016\",\"jsonPayload\":{\"bytes_sent\":\"75263\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65277},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316890309Z\",\"packets_sent\":\"729\",\"reporter\":\"DEST\",\"rtt_msec\":\"95\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760385211Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:40:00.760385211Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { @@ -26497,382 +26503,355 @@ } } }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 75263, + "community_id": "1:4WmFG6CwXYT/gPzUmmljpbE3pFk=", + "direction": "inbound", + "iana_number": "6", + "packets": 729, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 75263, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 65277, - "bytes": 75263, "ip": "67.43.156.13", - "packets": 729 - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t016\",\"jsonPayload\":{\"bytes_sent\":\"75263\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":65277},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:56.316890309Z\",\"packets_sent\":\"729\",\"reporter\":\"DEST\",\"rtt_msec\":\"95\",\"src_location\":{\"asn\":33652,\"city\":\"Broomfield\",\"continent\":\"America\",\"country\":\"usa\",\"region\":\"Colorado\"},\"start_time\":\"2019-06-14T03:40:00.760385211Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:00.760385211Z", - "end": "2019-06-14T03:49:56.316890309Z", - "id": "14iipwlfd8t016", - "category": "network", - "type": "connection" + "packets": 729, + "port": 65277 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:4WmFG6CwXYT/gPzUmmljpbE3pFk=", - "bytes": 75263, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 729, - "direction": "inbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "port": 34646 }, - "related": { - "ip": [ - "10.87.40.76", - "67.43.156.14" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:48:10.529592195Z", + "id": "14iipwlfd8t01c", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01c\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":34646,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:10.529592195Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:10.413494375Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:48:10.413494375Z", + "type": "connection" }, "gcp": { - "vpcflow": { - "reporter": "SRC" - }, "source": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } + }, + "vpcflow": { + "reporter": "SRC" } }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 34646, - "ip": "67.43.156.14" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 1780, + "community_id": "1:8IBpMmKYBYXp/c1Nzms8rg6CQs0=", + "direction": "outbound", + "iana_number": "6", + "packets": 7, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.87.40.76", + "67.43.156.14" + ] }, "source": { "address": "10.87.40.76", - "port": 5601, "bytes": 1780, - "packets": 7, "domain": "kibana", - "ip": "10.87.40.76" - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01c\",\"jsonPayload\":{\"bytes_sent\":\"1780\",\"connection\":{\"dest_ip\":\"67.43.156.14\",\"dest_port\":34646,\"protocol\":6,\"src_ip\":\"10.87.40.76\",\"src_port\":5601},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"end_time\":\"2019-06-14T03:48:10.529592195Z\",\"packets_sent\":\"7\",\"reporter\":\"SRC\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:48:10.413494375Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:48:10.413494375Z", - "end": "2019-06-14T03:48:10.529592195Z", - "id": "14iipwlfd8t01c", - "category": "network", - "type": "connection" + "ip": "10.87.40.76", + "packets": 7, + "port": 5601 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:8IBpMmKYBYXp/c1Nzms8rg6CQs0=", - "bytes": 1780, - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 7, - "direction": "outbound" - } + ] }, { "@timestamp": "2019-06-14T03:50:19.219Z", - "ecs": { - "version": "8.0.0" + "destination": { + "address": "10.87.40.76", + "domain": "kibana", + "ip": "10.87.40.76", + "port": 5601 }, - "related": { - "ip": [ - "67.43.156.14", - "10.87.40.76" - ] + "ecs": { + "version": "8.2.0" }, - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "event": { + "category": "network", + "end": "2019-06-14T03:48:10.529541195Z", + "id": "14iipwlfd8t01d", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01d\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":34646},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:10.529541195Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:10.413397239Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:48:10.413397239Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" } }, "vpcflow": { "reporter": "DEST" } }, - "destination": { - "address": "10.87.40.76", - "port": 5601, - "domain": "kibana", - "ip": "10.87.40.76" - }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "address": "67.43.156.14", - "port": 34646, - "bytes": 1467, - "ip": "67.43.156.14", - "packets": 7 - }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01d\",\"jsonPayload\":{\"bytes_sent\":\"1467\",\"connection\":{\"dest_ip\":\"10.87.40.76\",\"dest_port\":5601,\"protocol\":6,\"src_ip\":\"67.43.156.14\",\"src_port\":34646},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:48:10.529541195Z\",\"packets_sent\":\"7\",\"reporter\":\"DEST\",\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"start_time\":\"2019-06-14T03:48:10.413397239Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:48:10.413397239Z", - "end": "2019-06-14T03:48:10.529541195Z", - "id": "14iipwlfd8t01d", - "category": "network", - "type": "connection" + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "tags": [ - "preserve_original_event" - ], "network": { - "community_id": "1:8IBpMmKYBYXp/c1Nzms8rg6CQs0=", "bytes": 1467, - "transport": "tcp", - "type": "ipv4", + "community_id": "1:8IBpMmKYBYXp/c1Nzms8rg6CQs0=", + "direction": "inbound", "iana_number": "6", "packets": 7, - "direction": "inbound" - } - }, - { - "log": { - "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + "transport": "tcp", + "type": "ipv4" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "related": { + "ip": [ + "67.43.156.14", + "10.87.40.76" + ] }, "source": { + "address": "67.43.156.14", + "as": { + "number": 35908 + }, + "bytes": 1467, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33876, - "bytes": 5044, - "domain": "kibana", - "ip": "67.43.156.13", - "packets": 87 + "ip": "67.43.156.14", + "packets": 7, + "port": 34646 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:E5NvH5JkoYJgVzpBa96RbCFEXPs=", - "bytes": 5044, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 87, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:19.219Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:37.933154111Z", + "id": "14iipwlfd8t01g", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01g\",\"jsonPayload\":{\"bytes_sent\":\"5044\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33876},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933154111Z\",\"packets_sent\":\"87\",\"reporter\":\"DEST\",\"rtt_msec\":\"34\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466868771Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:40:08.466868771Z", + "type": "connection" }, "gcp": { "destination": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" - } - }, - "vpcflow": { - "reporter": "DEST", - "rtt": { - "ms": 34 - } - }, - "source": { + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" + } + }, + "vpcflow": { + "reporter": "DEST", + "rtt": { + "ms": 34 } } }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01g\",\"jsonPayload\":{\"bytes_sent\":\"5044\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33876},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:37.933154111Z\",\"packets_sent\":\"87\",\"reporter\":\"DEST\",\"rtt_msec\":\"34\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.466868771Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.466868771Z", - "end": "2019-06-14T03:49:37.933154111Z", - "id": "14iipwlfd8t01g", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { - "address": "10.139.99.242", - "port": 9200, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "network": { + "bytes": 5044, + "community_id": "1:E5NvH5JkoYJgVzpBa96RbCFEXPs=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 87, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] }, "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 5044, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33574, - "bytes": 14132, - "domain": "kibana", "ip": "67.43.156.13", - "packets": 91 + "packets": 87, + "port": 33876 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:GUQu5kCJyjYidboU6syeeSdt5Js=", - "bytes": 14132, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 91, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "10.139.99.242", + "domain": "elasticsearch", + "ip": "10.139.99.242", + "port": 9200 }, - "@timestamp": "2019-06-14T03:50:19.219Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "67.43.156.13", - "10.139.99.242" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821056075Z", + "id": "14iipwlfd8t01l", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01l\",\"jsonPayload\":{\"bytes_sent\":\"14132\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33574},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"91\",\"reporter\":\"DEST\",\"rtt_msec\":\"509\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.468484109Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:40:08.468484109Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -26880,101 +26859,113 @@ "rtt": { "ms": 509 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01l\",\"jsonPayload\":{\"bytes_sent\":\"14132\",\"connection\":{\"dest_ip\":\"10.139.99.242\",\"dest_port\":9200,\"protocol\":6,\"src_ip\":\"67.43.156.13\",\"src_port\":33574},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821056075Z\",\"packets_sent\":\"91\",\"reporter\":\"DEST\",\"rtt_msec\":\"509\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"src_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.468484109Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.468484109Z", - "end": "2019-06-14T03:49:51.821056075Z", - "id": "14iipwlfd8t01l", - "category": "network", - "type": "connection" - } - }, - { "log": { "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" }, - "destination": { + "network": { + "bytes": 14132, + "community_id": "1:GUQu5kCJyjYidboU6syeeSdt5Js=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 91, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "67.43.156.13", + "10.139.99.242" + ] + }, + "source": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "bytes": 14132, + "domain": "kibana", "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "address": "67.43.156.13", - "port": 33574, - "domain": "kibana", - "ip": "67.43.156.13" - }, - "source": { - "address": "10.139.99.242", - "port": 9200, - "bytes": 151213, - "packets": 68, - "domain": "elasticsearch", - "ip": "10.139.99.242" + "ip": "67.43.156.13", + "packets": 91, + "port": 33574 }, "tags": [ "preserve_original_event" - ], - "network": { - "community_id": "1:GUQu5kCJyjYidboU6syeeSdt5Js=", - "bytes": 151213, - "name": "default", - "transport": "tcp", - "type": "ipv4", - "iana_number": "6", - "packets": 68, - "direction": "internal" - }, + ] + }, + { + "@timestamp": "2019-06-14T03:50:19.219Z", "cloud": { - "region": "us-east1", "availability_zone": "us-east1-b", "project": { "id": "my-sample-project" - } + }, + "region": "us-east1" + }, + "destination": { + "address": "67.43.156.13", + "as": { + "number": 35908 + }, + "domain": "kibana", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 33574 }, - "@timestamp": "2019-06-14T03:50:19.219Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, - "related": { - "ip": [ - "10.139.99.242", - "67.43.156.13" - ] + "event": { + "category": "network", + "end": "2019-06-14T03:49:51.821129119Z", + "id": "14iipwlfd8t01b", + "kind": "event", + "original": "{\"insertId\":\"14iipwlfd8t01b\",\"jsonPayload\":{\"bytes_sent\":\"151213\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33574,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821129119Z\",\"packets_sent\":\"68\",\"reporter\":\"SRC\",\"rtt_msec\":\"509\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.468484109Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", + "start": "2019-06-14T03:40:08.468484109Z", + "type": "connection" }, "gcp": { "destination": { + "instance": { + "project_id": "my-sample-project", + "region": "us-east1", + "zone": "us-east1-b" + }, "vpc": { "project_id": "my-sample-project", "subnetwork_name": "default", "vpc_name": "default" - }, + } + }, + "source": { "instance": { - "region": "us-east1", "project_id": "my-sample-project", + "region": "us-east1", "zone": "us-east1-b" + }, + "vpc": { + "project_id": "my-sample-project", + "subnetwork_name": "default", + "vpc_name": "default" } }, "vpcflow": { @@ -26982,29 +26973,38 @@ "rtt": { "ms": 509 } - }, - "source": { - "vpc": { - "project_id": "my-sample-project", - "subnetwork_name": "default", - "vpc_name": "default" - }, - "instance": { - "region": "us-east1", - "project_id": "my-sample-project", - "zone": "us-east1-b" - } } }, - "event": { - "original": "{\"insertId\":\"14iipwlfd8t01b\",\"jsonPayload\":{\"bytes_sent\":\"151213\",\"connection\":{\"dest_ip\":\"67.43.156.13\",\"dest_port\":33574,\"protocol\":6,\"src_ip\":\"10.139.99.242\",\"src_port\":9200},\"dest_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"kibana\",\"zone\":\"us-east1-b\"},\"dest_location\":{\"asn\":15169,\"continent\":\"America\",\"country\":\"usa\"},\"dest_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"end_time\":\"2019-06-14T03:49:51.821129119Z\",\"packets_sent\":\"68\",\"reporter\":\"SRC\",\"rtt_msec\":\"509\",\"src_instance\":{\"project_id\":\"my-sample-project\",\"region\":\"us-east1\",\"vm_name\":\"elasticsearch\",\"zone\":\"us-east1-b\"},\"src_vpc\":{\"project_id\":\"my-sample-project\",\"subnetwork_name\":\"default\",\"vpc_name\":\"default\"},\"start_time\":\"2019-06-14T03:40:08.468484109Z\"},\"logName\":\"projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows\",\"receiveTimestamp\":\"2019-06-14T03:50:19.219174745Z\",\"resource\":{\"labels\":{\"location\":\"us-east1-b\",\"project_id\":\"my-sample-project\",\"subnetwork_id\":\"758019854043528829\",\"subnetwork_name\":\"default\"},\"type\":\"gce_subnetwork\"},\"timestamp\":\"2019-06-14T03:50:19.219174745Z\"}", - "kind": "event", - "start": "2019-06-14T03:40:08.468484109Z", - "end": "2019-06-14T03:49:51.821129119Z", - "id": "14iipwlfd8t01b", - "category": "network", - "type": "connection" - } + "log": { + "logger": "projects/my-sample-project/logs/compute.googleapis.com%2Fvpc_flows" + }, + "network": { + "bytes": 151213, + "community_id": "1:GUQu5kCJyjYidboU6syeeSdt5Js=", + "direction": "internal", + "iana_number": "6", + "name": "default", + "packets": 68, + "transport": "tcp", + "type": "ipv4" + }, + "related": { + "ip": [ + "10.139.99.242", + "67.43.156.13" + ] + }, + "source": { + "address": "10.139.99.242", + "bytes": 151213, + "domain": "elasticsearch", + "ip": "10.139.99.242", + "packets": 68, + "port": 9200 + }, + "tags": [ + "preserve_original_event" + ] } ] } \ No newline at end of file diff --git a/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml b/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml index 2370c3e3c97..9d6d2941b9b 100644 --- a/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gcp/data_stream/vpcflow/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Google Cloud VPC Flow Logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/gcp/data_stream/vpcflow/sample_event.json b/packages/gcp/data_stream/vpcflow/sample_event.json index 1fc30d133a6..98ae3ebcede 100644 --- a/packages/gcp/data_stream/vpcflow/sample_event.json +++ b/packages/gcp/data_stream/vpcflow/sample_event.json @@ -30,7 +30,7 @@ "port": 33478 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/gcp/docs/README.md b/packages/gcp/docs/README.md index 64cd9cdb976..56d6be8e2f0 100644 --- a/packages/gcp/docs/README.md +++ b/packages/gcp/docs/README.md @@ -326,7 +326,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", @@ -577,7 +577,7 @@ An example event for `firewall` looks as following: "port": 3389 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", @@ -820,7 +820,7 @@ An example event for `vpcflow` looks as following: "port": 33478 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", @@ -1019,7 +1019,7 @@ An example event for `dns` looks as following: "response_code": "NOERROR" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "id": "vwroyze8pg7y", diff --git a/packages/gcp/docs/audit.md b/packages/gcp/docs/audit.md index 2e5a7deb99d..73cb55d77dd 100644 --- a/packages/gcp/docs/audit.md +++ b/packages/gcp/docs/audit.md @@ -157,7 +157,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/gcp/docs/dns.md b/packages/gcp/docs/dns.md index 55bf6c41f98..8a2da70b9f7 100644 --- a/packages/gcp/docs/dns.md +++ b/packages/gcp/docs/dns.md @@ -124,7 +124,7 @@ An example event for `dns` looks as following: "response_code": "NOERROR" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "id": "vwroyze8pg7y", diff --git a/packages/gcp/docs/firewall.md b/packages/gcp/docs/firewall.md index 6b6272db045..2d6d1bde41d 100644 --- a/packages/gcp/docs/firewall.md +++ b/packages/gcp/docs/firewall.md @@ -152,7 +152,7 @@ An example event for `firewall` looks as following: "port": 3389 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/gcp/docs/vpcflow.md b/packages/gcp/docs/vpcflow.md index ca6ac3a8909..dafcf501eca 100644 --- a/packages/gcp/docs/vpcflow.md +++ b/packages/gcp/docs/vpcflow.md @@ -151,7 +151,7 @@ An example event for `vpcflow` looks as following: "port": 33478 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "c53ddea2-61ac-4643-8676-0c70ebf51c91", diff --git a/packages/gcp/manifest.yml b/packages/gcp/manifest.yml index 3f3a7022f92..f516e11051f 100644 --- a/packages/gcp/manifest.yml +++ b/packages/gcp/manifest.yml @@ -1,6 +1,6 @@ name: gcp title: Google Cloud Platform -version: 1.5.1 +version: 1.6.0 release: ga description: Collect logs from Google Cloud Platform with Elastic Agent. type: integration diff --git a/packages/github/_dev/build/build.yml b/packages/github/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/github/_dev/build/build.yml +++ b/packages/github/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/github/changelog.yml b/packages/github/changelog.yml index 44ce5aae1e8..be21333d3eb 100644 --- a/packages/github/changelog.yml +++ b/packages/github/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.4.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "0.3.4" changes: - description: Fix typo in config template for ignoring host enrichment diff --git a/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json b/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json index 5b510a43ad3..be3a74ad981 100644 --- a/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json +++ b/packages/github/data_stream/audit/_dev/test/pipeline/test-audit-json.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-03-04T23:24:11.067Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "organization_default_label.create", @@ -11,7 +11,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531630249Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"action\":\"organization_default_label.create\",\"created_at\":1583364251067}", "type": [ @@ -37,7 +36,7 @@ { "@timestamp": "2020-03-04T23:24:11.273Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "organization_default_label.create", @@ -45,7 +44,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531632581Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"action\":\"organization_default_label.create\",\"created_at\":1583364251273}", "type": [ @@ -71,7 +69,7 @@ { "@timestamp": "2020-03-04T23:24:11.179Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "organization_default_label.create", @@ -79,7 +77,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531633558Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"action\":\"organization_default_label.create\",\"created_at\":1583364251179}", "type": [ @@ -110,7 +107,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.invite_member", @@ -118,7 +115,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531634407Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1583364382722,\"action\":\"org.invite_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -154,7 +150,7 @@ { "@timestamp": "2020-03-04T23:24:11.101Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "organization_default_label.create", @@ -162,7 +158,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531635227Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"action\":\"organization_default_label.create\",\"created_at\":1583364251101}", "type": [ @@ -188,7 +183,7 @@ { "@timestamp": "2020-03-04T23:24:11.214Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "organization_default_label.create", @@ -196,7 +191,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531636037Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"action\":\"organization_default_label.create\",\"created_at\":1583364251214}", "type": [ @@ -222,7 +216,7 @@ { "@timestamp": "2020-03-04T23:24:11.364Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "organization_default_label.create", @@ -230,7 +224,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531636844Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"action\":\"organization_default_label.create\",\"created_at\":1583364251364}", "type": [ @@ -261,7 +254,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.invite_member", @@ -269,7 +262,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531637670Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1583364358888,\"action\":\"org.invite_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -305,7 +297,7 @@ { "@timestamp": "2020-03-04T23:42:30.878Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.add_member", @@ -313,7 +305,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531638472Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1583365350878,\"action\":\"org.add_member\",\"user\":\"github-user\"}", "type": [ @@ -349,7 +340,7 @@ { "@timestamp": "2020-03-04T23:24:11.144Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "organization_default_label.create", @@ -357,7 +348,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531639267Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"action\":\"organization_default_label.create\",\"created_at\":1583364251144}", "type": [ @@ -383,7 +373,7 @@ { "@timestamp": "2020-03-04T23:24:11.325Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "organization_default_label.create", @@ -391,7 +381,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531640066Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"action\":\"organization_default_label.create\",\"created_at\":1583364251325}", "type": [ @@ -417,7 +406,7 @@ { "@timestamp": "2020-03-05T02:45:22.166Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.add_member", @@ -425,7 +414,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531641064Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1583376322166,\"action\":\"org.add_member\",\"user\":\"github-user\"}", "type": [ @@ -466,7 +454,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.create", @@ -474,7 +462,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531641857Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-abc\",\"created_at\":1583763373109,\"action\":\"repo.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -501,7 +488,7 @@ { "@timestamp": "2020-03-04T23:24:11.399Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "organization_default_label.create", @@ -509,7 +496,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531642657Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"action\":\"organization_default_label.create\",\"created_at\":1583364251399}", "type": [ @@ -535,7 +521,7 @@ { "@timestamp": "2020-03-04T23:24:08.566Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.add_member", @@ -543,7 +529,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531643460Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1583364248566,\"action\":\"org.add_member\",\"user\":\"github-user\"}", "type": [ @@ -584,7 +569,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.oauth_app_access_approved", @@ -592,7 +577,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531644258Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1608939056939,\"action\":\"org.oauth_app_access_approved\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -626,7 +610,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.create", @@ -634,7 +618,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531645166Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"created_at\":1611618092215,\"action\":\"team.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -669,7 +652,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -677,7 +660,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531674235Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"created_at\":1611618266125,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -719,7 +701,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -727,7 +709,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531676208Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"created_at\":1611618409430,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -769,7 +750,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.invite_member", @@ -777,7 +758,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531677235Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1611611818485,\"action\":\"org.invite_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -818,7 +798,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -826,7 +806,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531678078Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611616633246,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -858,7 +837,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -866,7 +845,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531678917Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"created_at\":1611618092307,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -908,7 +886,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -916,7 +894,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531679756Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"created_at\":1611618294064,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -958,7 +935,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.create", @@ -966,7 +943,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531680748Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"created_at\":1611618375474,\"action\":\"team.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -1001,7 +977,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.invite_member", @@ -1009,7 +985,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531681681Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1611611772493,\"action\":\"org.invite_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -1050,7 +1025,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1058,7 +1033,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531682513Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611785570945,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -1090,7 +1064,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -1098,7 +1072,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531683352Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"created_at\":1611618340739,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -1140,7 +1113,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.invite_member", @@ -1148,7 +1121,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531684203Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1611611745448,\"action\":\"org.invite_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -1184,7 +1156,7 @@ { "@timestamp": "2021-01-25T22:02:24.633Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.add_member", @@ -1192,7 +1164,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531685041Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1611612144633,\"action\":\"org.add_member\",\"user\":\"github-user\"}", "type": [ @@ -1233,7 +1204,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1241,7 +1212,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531685874Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611957750013,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -1273,7 +1243,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -1281,7 +1251,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531686751Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"created_at\":1611618327075,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -1323,7 +1292,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_repository", @@ -1331,7 +1300,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531687588Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611618183985,\"action\":\"team.add_repository\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -1367,7 +1335,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1375,7 +1343,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531688432Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611957786812,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -1407,7 +1374,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -1415,7 +1382,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531689269Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"created_at\":1611618312971,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -1452,7 +1418,7 @@ { "@timestamp": "2021-01-26T01:10:57.848Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.actions_enabled", @@ -1460,7 +1426,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531690274Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611623457848,\"action\":\"repo.actions_enabled\"}", "type": [ @@ -1492,7 +1457,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repository_vulnerability_alerts.disable", @@ -1500,7 +1465,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531691138Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611615837289,\"action\":\"repository_vulnerability_alerts.disable\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -1531,7 +1495,7 @@ { "@timestamp": "2021-01-25T21:57:02.014Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.add_member", @@ -1539,7 +1503,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531691985Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1611611822014,\"action\":\"org.add_member\",\"user\":\"github-user\"}", "type": [ @@ -1580,7 +1543,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_repository", @@ -1588,7 +1551,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531692826Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611618487813,\"action\":\"team.add_repository\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -1624,7 +1586,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -1632,7 +1594,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531693673Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611616953278,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -1664,7 +1625,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -1672,7 +1633,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531694535Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"created_at\":1611618280614,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -1714,7 +1674,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "integration_installation.create", @@ -1722,7 +1682,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531695483Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1611672373575,\"action\":\"integration_installation.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -1748,7 +1707,7 @@ { "@timestamp": "2021-01-25T21:57:36.834Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.add_member", @@ -1756,7 +1715,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531696377Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1611611856834,\"action\":\"org.add_member\",\"user\":\"github-user\"}", "type": [ @@ -1797,7 +1755,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.create", @@ -1805,7 +1763,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531697233Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611615837503,\"action\":\"repo.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -1837,7 +1794,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.invite_member", @@ -1845,7 +1802,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531698074Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1611611791641,\"action\":\"org.invite_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -1886,7 +1842,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.create", @@ -1894,7 +1850,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531698913Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611616583742,\"action\":\"protected_branch.create\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -1930,7 +1885,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -1938,7 +1893,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531699749Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"created_at\":1611618393091,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -1975,7 +1929,7 @@ { "@timestamp": "2021-01-25T22:00:13.018Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.add_member", @@ -1983,7 +1937,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531700689Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1611612013018,\"action\":\"org.add_member\",\"user\":\"github-user\"}", "type": [ @@ -2024,7 +1977,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -2032,7 +1985,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531701527Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"created_at\":1611618375570,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -2074,7 +2026,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -2082,7 +2034,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531702429Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611633883211,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2114,7 +2065,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2122,7 +2073,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531703287Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1611785607543,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2154,7 +2104,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2162,7 +2112,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531704230Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1614195224710,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2194,7 +2143,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "workflows.delete_workflow_run", @@ -2202,7 +2151,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531705154Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"workflow_id\":5295458,\"head_branch\":\"Barrel-Racing-Path\",\"trigger_id\":6603009132,\"started_at\":\"2021-02-25T23:29:00.000Z\",\"event\":\"push\",\"head_sha\":\"c2b54496f96d8bd518d1b95b3f91e25d7e5a3068\",\"workflow_run_id\":601065160},\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1614296047285,\"action\":\"workflows.delete_workflow_run\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2234,7 +2182,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2242,7 +2190,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531705991Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1614195238102,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2274,7 +2221,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2282,7 +2229,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531706839Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1614195685549,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2314,7 +2260,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2322,7 +2268,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531707690Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1617161729305,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2354,7 +2299,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2362,7 +2307,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531708525Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1617161720150,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2394,7 +2338,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2402,7 +2346,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531709364Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1617161700105,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2434,7 +2377,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2442,7 +2385,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531710296Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1619473513093,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2474,7 +2416,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.add_member", @@ -2482,7 +2424,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531711218Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-abc-123\",\"created_at\":1619733030434,\"action\":\"repo.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -2518,7 +2459,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request_review.submit", @@ -2526,7 +2467,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531712058Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1619474367775,\"action\":\"pull_request_review.submit\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2556,7 +2496,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2564,7 +2504,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531712908Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1617579395496,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2596,7 +2535,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -2604,7 +2543,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531713744Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1619474375960,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2634,7 +2572,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.transfer", @@ -2642,7 +2580,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531714585Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"old_user\":\"agrinmanriv0537\"},\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-abc-123\",\"created_at\":1619733030516,\"action\":\"repo.transfer\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2679,7 +2616,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "workflows.delete_workflow_run", @@ -2687,7 +2624,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531715429Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"workflow_id\":5295458,\"head_branch\":\"PIDTurret\",\"trigger_id\":6454857724,\"started_at\":\"2021-04-26T21:31:54.000Z\",\"event\":\"push\",\"head_sha\":\"5e66d4c16db382dd28f660240121248ca015c20f\",\"workflow_run_id\":787035990},\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1619472938032,\"action\":\"workflows.delete_workflow_run\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2719,7 +2655,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2727,7 +2663,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531716270Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1619472990084,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2759,7 +2694,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -2767,7 +2702,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531717109Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1619733497686,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2797,7 +2731,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2805,7 +2739,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531717939Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1617579430186,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2837,7 +2770,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_repository", @@ -2845,7 +2778,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531718774Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-abc-123\",\"created_at\":1619733030216,\"action\":\"team.add_repository\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2881,7 +2813,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -2889,7 +2821,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531719619Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1617579367679,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2921,7 +2852,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create_review_request", @@ -2929,7 +2860,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531720476Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1619473421968,\"action\":\"pull_request.create_review_request\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2959,7 +2889,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -2967,7 +2897,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531721324Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"action\":\"pull_request.merge\",\"created_at\":1619733612746,\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -2997,7 +2926,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -3005,7 +2934,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531722169Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1619473078873,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3037,7 +2965,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_repository", @@ -3045,7 +2973,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531723031Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-abc-123\",\"created_at\":1619733030283,\"action\":\"team.add_repository\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3081,7 +3008,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -3089,7 +3016,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531723869Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1619472400915,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3119,7 +3045,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create_review_request", @@ -3127,7 +3053,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531724890Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"action\":\"pull_request.create_review_request\",\"created_at\":1623197286783,\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3157,7 +3082,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create_review_request", @@ -3165,7 +3090,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531725744Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1623284928961,\"action\":\"pull_request.create_review_request\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3195,7 +3119,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request_review.submit", @@ -3203,7 +3127,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531726578Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"action\":\"pull_request_review.submit\",\"created_at\":1623197303036,\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3233,7 +3156,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -3241,7 +3164,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531727529Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1623709113238,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3271,7 +3193,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -3279,7 +3201,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531728384Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1623200606165,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3309,7 +3230,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -3317,7 +3238,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531729240Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1622852455604,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3347,7 +3267,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create_review_request", @@ -3355,7 +3275,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531730084Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1622852615112,\"action\":\"pull_request.create_review_request\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3385,7 +3304,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request_review.submit", @@ -3393,7 +3312,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531730939Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"action\":\"pull_request_review.submit\",\"created_at\":1623709107881,\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3423,7 +3341,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create_review_request", @@ -3431,7 +3349,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531731779Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1623284935234,\"action\":\"pull_request.create_review_request\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3461,7 +3378,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create_review_request", @@ -3469,7 +3386,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531732633Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1623200615714,\"action\":\"pull_request.create_review_request\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3499,7 +3415,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request_review.submit", @@ -3507,7 +3423,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531733471Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"action\":\"pull_request_review.submit\",\"created_at\":1623366866659,\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3537,7 +3452,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request_review.submit", @@ -3545,7 +3460,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531734309Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"action\":\"pull_request_review.submit\",\"created_at\":1623200629331,\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3575,7 +3489,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create_review_request", @@ -3583,7 +3497,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531735188Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"action\":\"pull_request.create_review_request\",\"created_at\":1623197274294,\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3613,7 +3526,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -3621,7 +3534,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531736028Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1623200651042,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3651,7 +3563,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request_review.submit", @@ -3659,7 +3571,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531736864Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"action\":\"pull_request_review.submit\",\"created_at\":1623197300963,\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3689,7 +3600,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request_review.submit", @@ -3697,7 +3608,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531737714Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"action\":\"pull_request_review.submit\",\"created_at\":1622852649552,\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3727,7 +3637,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -3735,7 +3645,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531738551Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1622852723876,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3765,7 +3674,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -3773,7 +3682,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531739393Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1623284903152,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3803,7 +3711,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -3811,7 +3719,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531740228Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1623197138430,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3841,7 +3748,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.rejected_ref_update", @@ -3849,7 +3756,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531741064Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123\",\"created_at\":1623200513984,\"action\":\"protected_branch.rejected_ref_update\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3881,7 +3787,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -3889,7 +3795,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531741905Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1623366896448,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3919,7 +3824,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create_review_request", @@ -3927,7 +3832,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531742741Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1623371009948,\"action\":\"pull_request.create_review_request\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3957,7 +3861,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -3965,7 +3869,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531743598Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"action\":\"pull_request.merge\",\"created_at\":1623197309607,\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -3995,7 +3898,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -4003,7 +3906,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531744430Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1623371005977,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4033,7 +3935,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -4041,7 +3943,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531745273Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-5678\",\"created_at\":1625314262517,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4073,7 +3974,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.create", @@ -4081,7 +3982,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531746105Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-5678\",\"created_at\":1625283218542,\"action\":\"repo.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4113,7 +4013,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.add_member", @@ -4121,7 +4021,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531746945Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-5678\",\"created_at\":1625283218373,\"action\":\"repo.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -4152,7 +4051,7 @@ { "@timestamp": "2021-07-03T03:33:42.495Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.update_default_branch", @@ -4160,7 +4059,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531747785Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-5678\",\"created_at\":1625283222495,\"action\":\"repo.update_default_branch\"}", "type": [ @@ -4192,7 +4090,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.remove_member", @@ -4200,7 +4098,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531748624Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"created_at\":1629754452056,\"action\":\"team.remove_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -4242,7 +4139,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -4250,7 +4147,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531749475Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"created_at\":1629754543604,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -4292,7 +4188,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.add_member", @@ -4300,7 +4196,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531750332Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-2021\",\"created_at\":1629769833205,\"action\":\"repo.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -4336,7 +4231,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.remove_member", @@ -4344,7 +4239,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531751166Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"created_at\":1629754473817,\"action\":\"team.remove_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -4386,7 +4280,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.create", @@ -4394,7 +4288,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531752Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-2021\",\"created_at\":1629769833389,\"action\":\"repo.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4426,7 +4319,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.remove_member", @@ -4434,7 +4327,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531752844Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"created_at\":1629754474042,\"action\":\"team.remove_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -4476,7 +4368,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.update_repository_permission", @@ -4484,7 +4376,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531753684Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-5678\",\"created_at\":1629767631761,\"action\":\"team.update_repository_permission\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4520,7 +4411,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.remove_member", @@ -4528,7 +4419,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531754527Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"created_at\":1629754429430,\"action\":\"team.remove_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -4570,7 +4460,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_repository", @@ -4578,7 +4468,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531755470Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-5678\",\"created_at\":1629767578993,\"action\":\"team.add_repository\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4614,7 +4503,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.destroy", @@ -4622,7 +4511,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531756304Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-2021\",\"created_at\":1629769916760,\"action\":\"repo.destroy\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4654,7 +4542,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.remove_member", @@ -4662,7 +4550,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531757152Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"created_at\":1629754452206,\"action\":\"team.remove_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -4704,7 +4591,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "project.create", @@ -4712,7 +4599,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531757989Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631894812761,\"action\":\"project.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4739,7 +4625,7 @@ { "@timestamp": "2021-09-20T13:54:28.095Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.actions_enabled", @@ -4747,7 +4633,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531758832Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146068095,\"action\":\"repo.actions_enabled\"}", "type": [ @@ -4779,7 +4664,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -4787,7 +4672,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531759668Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632145649686,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4819,7 +4703,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.update_required_status_checks_enforcement_level", @@ -4827,7 +4711,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531760505Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632155655619,\"action\":\"protected_branch.update_required_status_checks_enforcement_level\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4859,7 +4742,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -4867,7 +4750,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531761338Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631834277596,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4899,7 +4781,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -4907,7 +4789,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531762178Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146504145,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4939,7 +4820,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -4947,7 +4828,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531763035Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632440423281,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -4979,7 +4859,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request_review.submit", @@ -4987,7 +4867,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531763885Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1631573140006,\"action\":\"pull_request_review.submit\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5017,7 +4896,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -5025,7 +4904,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531764720Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146510168,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5057,7 +4935,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -5065,7 +4943,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531765560Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631896079162,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5097,7 +4974,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -5105,7 +4982,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531766400Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631834480813,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5137,7 +5013,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -5145,7 +5021,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531767242Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/contributors\"},\"org\":\"Example-Org\",\"created_at\":1631999351294,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -5187,7 +5062,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "required_status_check.create", @@ -5195,7 +5070,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531768127Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631999445252,\"action\":\"required_status_check.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5227,7 +5101,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -5235,7 +5109,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531768970Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146504600,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5267,7 +5140,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -5275,7 +5148,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531769846Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-5678\",\"created_at\":1630619331143,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5307,7 +5179,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -5315,7 +5187,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531770693Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1630693170285,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5347,7 +5218,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -5355,7 +5226,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531771534Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146504174,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5387,7 +5257,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -5395,7 +5265,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531772397Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146507550,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5427,7 +5296,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.create", @@ -5435,7 +5304,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531773235Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631999445214,\"action\":\"protected_branch.create\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -5471,7 +5339,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -5479,7 +5347,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531774071Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631999520468,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5511,7 +5378,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_repository", @@ -5519,7 +5386,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531774923Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/authors\"},\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146103741,\"action\":\"team.add_repository\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5555,7 +5421,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_repository", @@ -5563,7 +5429,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531775762Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/contributors\"},\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146117823,\"action\":\"team.add_repository\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5599,7 +5464,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.create", @@ -5607,7 +5472,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531776600Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632145650082,\"action\":\"repo.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5639,7 +5503,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -5647,7 +5511,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531777437Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632155655669,\"action\":\"protected_branch.update_linear_history_requirement_enforcement_level\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5679,7 +5542,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -5687,7 +5550,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531778273Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632421196978,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5719,7 +5581,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -5727,7 +5589,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531779106Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-5678\",\"created_at\":1630619330775,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5759,7 +5620,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -5767,7 +5628,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531779942Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631573111131,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5799,7 +5659,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -5807,7 +5667,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531780795Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631575577913,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5834,7 +5693,7 @@ { "@timestamp": "2021-09-17T16:59:20.413Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.actions_enabled", @@ -5842,7 +5701,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531781591Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631897960413,\"action\":\"repo.actions_enabled\"}", "type": [ @@ -5874,7 +5732,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -5882,7 +5740,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531782393Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1630693191818,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5914,7 +5771,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.create", @@ -5922,7 +5779,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531783190Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146170407,\"action\":\"protected_branch.create\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -5958,7 +5814,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -5966,7 +5822,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531783986Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146506531,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -5998,7 +5853,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "required_status_check.create", @@ -6006,7 +5861,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531784784Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146549475,\"action\":\"required_status_check.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6038,7 +5892,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.rename", @@ -6046,7 +5900,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531785631Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1630625448041,\"action\":\"repo.rename\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6078,7 +5931,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -6086,7 +5939,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531786430Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631310992353,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6118,7 +5970,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -6126,7 +5978,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531787247Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631573290891,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6158,7 +6009,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.update_admin_enforced", @@ -6166,7 +6017,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531788096Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632155655683,\"action\":\"protected_branch.update_admin_enforced\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6198,7 +6048,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -6206,7 +6056,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531788895Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632421366852,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6238,7 +6087,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.access", @@ -6246,7 +6095,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531789691Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-5678\",\"created_at\":1630625423921,\"action\":\"repo.access\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6278,7 +6126,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -6286,7 +6134,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531790493Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631314271117,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6318,7 +6165,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -6326,7 +6173,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531791313Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631834442043,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6358,7 +6204,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -6366,7 +6212,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531792177Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631834270875,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6398,7 +6243,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -6406,7 +6251,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531793025Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632177923051,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6438,7 +6282,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -6446,7 +6290,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531793826Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631999556056,\"action\":\"protected_branch.update_linear_history_requirement_enforcement_level\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6478,7 +6321,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.update_required_status_checks_enforcement_level", @@ -6486,7 +6329,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531794631Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632155595828,\"action\":\"protected_branch.update_required_status_checks_enforcement_level\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6518,7 +6360,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -6526,7 +6368,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531795447Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632181439344,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6558,7 +6399,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "project.create", @@ -6566,7 +6407,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531796246Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631317044168,\"action\":\"project.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6598,7 +6438,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.audit_log_export", @@ -6606,7 +6446,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531797046Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1631999791816,\"action\":\"org.audit_log_export\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6640,7 +6479,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_member", @@ -6648,7 +6487,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531797855Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"created_at\":1632173981540,\"action\":\"team.add_member\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -6690,7 +6528,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -6698,7 +6536,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531798650Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632178684304,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6730,7 +6567,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.update_linear_history_requirement_enforcement_level", @@ -6738,7 +6575,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531799446Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632155595845,\"action\":\"protected_branch.update_linear_history_requirement_enforcement_level\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6770,7 +6606,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.merge", @@ -6778,7 +6614,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531800399Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632155621270,\"action\":\"pull_request.merge\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6810,7 +6645,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -6818,7 +6653,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531801201Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632181178974,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6850,7 +6684,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -6858,7 +6692,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531802001Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146504576,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6890,7 +6723,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -6898,7 +6731,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531802806Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631310927600,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6930,7 +6762,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request_review_comment.create", @@ -6938,7 +6770,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531803603Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"created_at\":1631573139911,\"action\":\"pull_request_review_comment.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -6968,7 +6799,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repository_vulnerability_alerts.disable", @@ -6976,7 +6807,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531804395Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632145649767,\"action\":\"repository_vulnerability_alerts.disable\",\"actor_location\":{\"country_code\":\"US\"},\"user\":\"github-user\"}", "type": [ @@ -7012,7 +6842,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_repository", @@ -7020,7 +6850,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531805197Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146087112,\"action\":\"team.add_repository\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7056,7 +6885,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -7064,7 +6893,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531806001Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631896070699,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7096,7 +6924,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -7104,7 +6932,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531806813Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631898264113,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7136,7 +6963,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.create", @@ -7144,7 +6971,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531807612Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/contributors\"},\"org\":\"Example-Org\",\"created_at\":1631999351150,\"action\":\"team.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7179,7 +7005,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "team.add_repository", @@ -7187,7 +7013,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531808407Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"data\":{\"team\":\"Example-Org/admins\"},\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-5678\",\"created_at\":1630619298089,\"action\":\"team.add_repository\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7223,7 +7048,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -7231,7 +7056,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531809253Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631314239837,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7263,7 +7087,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -7271,7 +7095,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531810042Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631575217017,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7303,7 +7126,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -7311,7 +7134,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531810835Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1631999520452,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7343,7 +7165,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.update_pull_request_reviews_enforcement_level", @@ -7351,7 +7173,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531811659Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632155655636,\"action\":\"protected_branch.update_pull_request_reviews_enforcement_level\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7383,7 +7204,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.update_admin_enforced", @@ -7391,7 +7212,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531812453Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632155595860,\"action\":\"protected_branch.update_admin_enforced\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7423,7 +7243,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -7431,7 +7251,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531813251Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146507567,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7463,7 +7282,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "repo.change_merge_setting", @@ -7471,7 +7290,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531814087Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146506554,\"action\":\"repo.change_merge_setting\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7503,7 +7321,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.create", @@ -7511,7 +7329,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531814902Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632437191581,\"action\":\"pull_request.create\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7543,7 +7360,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "protected_branch.policy_override", @@ -7551,7 +7368,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531815699Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/Java\",\"created_at\":1632146375501,\"action\":\"protected_branch.policy_override\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7583,7 +7399,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "pull_request.ready_for_review", @@ -7591,7 +7407,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531816521Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"repo\":\"Example-Org/repo-123-Java\",\"created_at\":1632439409862,\"action\":\"pull_request.ready_for_review\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ @@ -7623,7 +7438,7 @@ } }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "org.audit_log_git_event_export", @@ -7631,7 +7446,6 @@ "web", "iam" ], - "ingested": "2022-02-03T12:33:12.531817319Z", "kind": "event", "original": "{\"actor\":\"github-actor\",\"org\":\"Example-Org\",\"created_at\":1632712526255,\"action\":\"org.audit_log_git_event_export\",\"actor_location\":{\"country_code\":\"US\"}}", "type": [ diff --git a/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 1230312403d..c75e40eef0f 100644 --- a/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/github/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -1,15 +1,12 @@ --- description: Pipeline for parsing GitHub audit logs processors: -- set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: event.kind value: event - set: field: ecs.version - value: "8.0.0" + value: "8.2.0" - append: field: event.type value: access diff --git a/packages/github/data_stream/audit/sample_event.json b/packages/github/data_stream/audit/sample_event.json index 6e39ba2bfa4..04e6483361b 100644 --- a/packages/github/data_stream/audit/sample_event.json +++ b/packages/github/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/github/docs/README.md b/packages/github/docs/README.md index d927294b7cd..8971a5d008e 100644 --- a/packages/github/docs/README.md +++ b/packages/github/docs/README.md @@ -84,7 +84,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/github/manifest.yml b/packages/github/manifest.yml index 325c2de7d7f..fe7ec5717f3 100644 --- a/packages/github/manifest.yml +++ b/packages/github/manifest.yml @@ -1,6 +1,6 @@ name: github title: GitHub -version: 0.3.4 +version: 0.4.0 release: experimental description: Collect events from GitHub with Elastic Agent. type: integration diff --git a/packages/google_workspace/_dev/build/build.yml b/packages/google_workspace/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/google_workspace/_dev/build/build.yml +++ b/packages/google_workspace/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/google_workspace/changelog.yml b/packages/google_workspace/changelog.yml index b354fb6856c..101e3f08e52 100644 --- a/packages/google_workspace/changelog.yml +++ b/packages/google_workspace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "1.3.4" changes: - description: Fix pagination to prevent skipped events when more than one page is present. diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json index 52db90684fe..d49013e3306 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-application.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_APPLICATION_SETTING", @@ -101,7 +101,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_APPLICATION_SETTING", @@ -198,7 +198,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_APPLICATION_SETTING", @@ -295,7 +295,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REORDER_GROUP_BASED_POLICIES_EVENT", @@ -380,7 +380,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GPLUS_PREMIUM_FEATURES", @@ -457,7 +457,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_MANAGED_CONFIGURATION", @@ -533,7 +533,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_MANAGED_CONFIGURATION", @@ -609,7 +609,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_MANAGED_CONFIGURATION", @@ -686,7 +686,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "FLASHLIGHT_EDU_NON_FEATURED_SERVICES_SELECTED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json index b9ce03073f1..5351cfdd411 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-calendar.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_BUILDING", @@ -79,7 +79,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_BUILDING", @@ -155,7 +155,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_BUILDING", @@ -236,7 +236,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_CALENDAR_RESOURCE", @@ -312,7 +312,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_CALENDAR_RESOURCE", @@ -388,7 +388,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_CALENDAR_RESOURCE_FEATURE", @@ -464,7 +464,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_CALENDAR_RESOURCE_FEATURE", @@ -540,7 +540,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_CALENDAR_RESOURCE_FEATURE", @@ -622,7 +622,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RENAME_CALENDAR_RESOURCE", @@ -699,7 +699,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_CALENDAR_RESOURCE", @@ -780,7 +780,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CALENDAR_SETTING", @@ -877,7 +877,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CANCEL_CALENDAR_EVENTS", @@ -958,7 +958,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RELEASE_CALENDAR_RESOURCES", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json index 1fce60bb38c..4629a59f729 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chat.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MEET_INTEROP_CREATE_GATEWAY", @@ -78,7 +78,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MEET_INTEROP_DELETE_GATEWAY", @@ -153,7 +153,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MEET_INTEROP_MODIFY_GATEWAY", @@ -229,7 +229,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CHAT_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json index 68d9aefed69..80ce12f78be 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-chromeos.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CHROME_OS_ANDROID_APPLICATION_SETTING", @@ -103,7 +103,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_DEVICE_STATE", @@ -181,7 +181,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CHROME_OS_APPLICATION_SETTING", @@ -281,7 +281,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SEND_CHROME_OS_DEVICE_COMMAND", @@ -357,7 +357,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_ANNOTATION", @@ -432,7 +432,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_SETTING", @@ -513,7 +513,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CHROME_OS_DEVICE_STATE", @@ -593,7 +593,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CHROME_OS_PUBLIC_SESSION_SETTING", @@ -674,7 +674,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "INSERT_CHROME_OS_PRINT_SERVER", @@ -749,7 +749,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_CHROME_OS_PRINT_SERVER", @@ -824,7 +824,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_CHROME_OS_PRINT_SERVER", @@ -901,7 +901,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "INSERT_CHROME_OS_PRINTER", @@ -976,7 +976,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_CHROME_OS_PRINTER", @@ -1051,7 +1051,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_CHROME_OS_PRINTER", @@ -1128,7 +1128,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CHROME_OS_SETTING", @@ -1209,7 +1209,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CHROME_OS_USER_SETTING", @@ -1290,7 +1290,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ISSUE_DEVICE_COMMAND", @@ -1370,7 +1370,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MOVE_DEVICE_TO_ORG_UNIT_DETAILED", @@ -1448,7 +1448,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_CHROME_OS_APPLICATION_SETTINGS", @@ -1523,7 +1523,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_DEVICE", @@ -1599,7 +1599,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CONTACTS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json index ec37699b429..eac830d0319 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-contacts.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CONTACTS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json index 8692336b272..a306d54e0f9 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-delegatedadmin.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ASSIGN_ROLE", @@ -90,7 +90,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_ROLE", @@ -166,7 +166,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_ROLE", @@ -242,7 +242,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_PRIVILEGE", @@ -321,7 +321,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_PRIVILEGE", @@ -400,7 +400,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RENAME_ROLE", @@ -476,7 +476,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_ROLE", @@ -552,7 +552,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UNASSIGN_ROLE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json index 63e0dc5983c..d2e9755c845 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-docs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TRANSFER_DOCUMENT_OWNERSHIP", @@ -88,7 +88,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DRIVE_DATA_RESTORE", @@ -172,7 +172,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_DOCS_SETTING", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json index dae31e1304a..aca61281110 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-domain.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_ACCOUNT_AUTO_RENEWAL", @@ -79,7 +79,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_APPLICATION", @@ -156,7 +156,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_APPLICATION_TO_WHITELIST", @@ -232,7 +232,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_ADVERTISEMENT_OPTION", @@ -309,7 +309,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_ALERT", @@ -384,7 +384,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_ALERT_CRITERIA", @@ -459,7 +459,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_ALERT", @@ -534,7 +534,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ALERT_RECEIVERS_CHANGED", @@ -611,7 +611,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RENAME_ALERT", @@ -685,7 +685,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ALERT_STATUS_CHANGED", @@ -762,7 +762,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_DOMAIN_ALIAS", @@ -838,7 +838,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_DOMAIN_ALIAS", @@ -914,7 +914,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SKIP_DOMAIN_ALIAS_MX", @@ -990,7 +990,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "VERIFY_DOMAIN_ALIAS_MX", @@ -1066,7 +1066,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "VERIFY_DOMAIN_ALIAS", @@ -1143,7 +1143,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_OAUTH_ACCESS_TO_ALL_APIS", @@ -1220,7 +1220,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_ALLOW_ADMIN_PASSWORD_RESET", @@ -1297,7 +1297,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ENABLE_API_ACCESS", @@ -1375,7 +1375,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "AUTHORIZE_API_CLIENT_ACCESS", @@ -1459,7 +1459,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_API_CLIENT_ACCESS", @@ -1539,7 +1539,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHROME_LICENSES_REDEEMED", @@ -1616,7 +1616,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_AUTO_ADD_NEW_SERVICE", @@ -1692,7 +1692,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_PRIMARY_DOMAIN", @@ -1768,7 +1768,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_WHITELIST_SETTING", @@ -1846,7 +1846,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "COMMUNICATION_PREFERENCES_SETTING_CHANGE", @@ -1927,7 +1927,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CONFLICT_ACCOUNT_ACTION", @@ -2004,7 +2004,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ENABLE_FEEDBACK_SOLICITATION", @@ -2082,7 +2082,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_CONTACT_SHARING", @@ -2159,7 +2159,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_PLAY_FOR_WORK_TOKEN", @@ -2234,7 +2234,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_USE_CUSTOM_LOGO", @@ -2311,7 +2311,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CUSTOM_LOGO", @@ -2386,7 +2386,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", @@ -2463,7 +2463,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_DATA_LOCALIZATION_SETTING", @@ -2541,7 +2541,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_DATA_PROTECTION_OFFICER_CONTACT_INFO", @@ -2616,7 +2616,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_PLAY_FOR_WORK_TOKEN", @@ -2691,7 +2691,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "VIEW_DNS_LOGIN_DETAILS", @@ -2766,7 +2766,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_DOMAIN_DEFAULT_LOCALE", @@ -2843,7 +2843,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_DOMAIN_DEFAULT_TIMEZONE", @@ -2920,7 +2920,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_DOMAIN_NAME", @@ -2996,7 +2996,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_ENABLE_PRE_RELEASE_FEATURES", @@ -3072,7 +3072,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_DOMAIN_SUPPORT_MESSAGE", @@ -3149,7 +3149,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_TRUSTED_DOMAINS", @@ -3224,7 +3224,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_TRUSTED_DOMAINS", @@ -3299,7 +3299,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_EDU_TYPE", @@ -3376,7 +3376,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_ENABLE_OAUTH_CONSUMER_KEY", @@ -3453,7 +3453,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_SSO_ENABLED", @@ -3530,7 +3530,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_SSL", @@ -3607,7 +3607,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_EU_REPRESENTATIVE_CONTACT_INFO", @@ -3682,7 +3682,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GENERATE_TRANSFER_TOKEN", @@ -3752,7 +3752,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_LOGIN_BACKGROUND_COLOR", @@ -3829,7 +3829,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_LOGIN_BORDER_COLOR", @@ -3906,7 +3906,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_LOGIN_ACTIVITY_TRACE", @@ -3983,7 +3983,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "PLAY_FOR_WORK_ENROLL", @@ -4059,7 +4059,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "PLAY_FOR_WORK_UNENROLL", @@ -4134,7 +4134,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MX_RECORD_VERIFICATION_CLAIM", @@ -4218,7 +4218,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_NEW_APP_FEATURES", @@ -4295,7 +4295,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_USE_NEXT_GEN_CONTROL_PANEL", @@ -4372,7 +4372,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPLOAD_OAUTH_CERTIFICATE", @@ -4447,7 +4447,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REGENERATE_OAUTH_CONSUMER_SECRET", @@ -4522,7 +4522,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_OPEN_ID_ENABLED", @@ -4599,7 +4599,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_ORGANIZATION_NAME", @@ -4676,7 +4676,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_OUTBOUND_RELAY", @@ -4757,7 +4757,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_PASSWORD_MAX_LENGTH", @@ -4834,7 +4834,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_PASSWORD_MIN_LENGTH", @@ -4911,7 +4911,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_DOMAIN_PRIMARY_ADMIN_EMAIL", @@ -4988,7 +4988,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ENABLE_SERVICE_OR_FEATURE_NOTIFICATIONS", @@ -5066,7 +5066,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_APPLICATION", @@ -5142,7 +5142,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_APPLICATION_FROM_WHITELIST", @@ -5218,7 +5218,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_RENEW_DOMAIN_REGISTRATION", @@ -5295,7 +5295,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_RESELLER_ACCESS", @@ -5369,7 +5369,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RULE_ACTIONS_CHANGED", @@ -5444,7 +5444,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_RULE", @@ -5519,7 +5519,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_RULE_CRITERIA", @@ -5594,7 +5594,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_RULE", @@ -5669,7 +5669,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RENAME_RULE", @@ -5743,7 +5743,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RULE_STATUS_CHANGED", @@ -5820,7 +5820,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_SECONDARY_DOMAIN", @@ -5896,7 +5896,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_SECONDARY_DOMAIN", @@ -5972,7 +5972,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SKIP_SECONDARY_DOMAIN_MX", @@ -6048,7 +6048,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "VERIFY_SECONDARY_DOMAIN_MX", @@ -6124,7 +6124,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "VERIFY_SECONDARY_DOMAIN", @@ -6200,7 +6200,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_DOMAIN_SECONDARY_EMAIL", @@ -6277,7 +6277,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_SSO_SETTINGS", @@ -6353,7 +6353,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GENERATE_PIN", @@ -6423,7 +6423,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_RULE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json index 991f280cc23..ad500452a0e 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-gmail.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DROP_FROM_QUARANTINE", @@ -81,7 +81,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EMAIL_LOG_SEARCH", @@ -168,7 +168,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EMAIL_UNDELETE", @@ -252,7 +252,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_EMAIL_SETTING", @@ -349,7 +349,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_GMAIL_SETTING", @@ -432,7 +432,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_GMAIL_SETTING", @@ -515,7 +515,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_GMAIL_SETTING", @@ -598,7 +598,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REJECT_FROM_QUARANTINE", @@ -676,7 +676,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RELEASE_FROM_QUARANTINE", @@ -754,7 +754,7 @@ { "@timestamp": "2022-03-07T04:48:46.816Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EMAIL_LOG_SEARCH", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json index 35bbe0837f2..31b8408a45a 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-groups.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_GROUP", @@ -88,7 +88,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_GROUP", @@ -173,7 +173,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_GROUP_DESCRIPTION", @@ -259,7 +259,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GROUP_LIST_DOWNLOAD", @@ -330,7 +330,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_GROUP_MEMBER", @@ -423,7 +423,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_GROUP_MEMBER", @@ -516,7 +516,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_GROUP_MEMBER", @@ -611,7 +611,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS", @@ -706,7 +706,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS_CAN_EMAIL_OVERRIDE", @@ -801,7 +801,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GROUP_MEMBER_BULK_UPLOAD", @@ -878,7 +878,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GROUP_MEMBERS_DOWNLOAD", @@ -949,7 +949,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_GROUP_NAME", @@ -1036,7 +1036,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_GROUP_SETTING", @@ -1127,7 +1127,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "WHITELISTED_GROUPS_UPDATED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json index 19ca73d8d9a..6514b7e9c40 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-licenses.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ORG_USERS_LICENSE_ASSIGNMENT", @@ -82,7 +82,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ORG_ALL_USERS_LICENSE_ASSIGNMENT", @@ -161,7 +161,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USER_LICENSE_ASSIGNMENT", @@ -246,7 +246,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_LICENSE_AUTO_ASSIGN", @@ -323,7 +323,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USER_LICENSE_REASSIGNMENT", @@ -409,7 +409,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ORG_LICENSE_REVOKE", @@ -488,7 +488,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USER_LICENSE_REVOKE", @@ -573,7 +573,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_DYNAMIC_LICENSE", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json index bfe267bbb07..9eb68dc27a6 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-mobile.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ACTION_CANCELLED", @@ -95,7 +95,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ACTION_REQUESTED", @@ -187,7 +187,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_MOBILE_CERTIFICATE", @@ -270,7 +270,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "COMPANY_DEVICES_BULK_CREATION", @@ -345,7 +345,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_BLOCKED", @@ -421,7 +421,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "COMPANY_DEVICE_DELETION", @@ -497,7 +497,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_UNBLOCKED", @@ -573,7 +573,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "COMPANY_OWNED_DEVICE_WIPED", @@ -649,7 +649,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_PERMISSION_GRANT", @@ -738,7 +738,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_PRIORITY_ORDER", @@ -816,7 +816,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_MOBILE_APPLICATION_FROM_WHITELIST", @@ -900,7 +900,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_MOBILE_APPLICATION_SETTINGS", @@ -990,7 +990,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_MOBILE_APPLICATION_TO_WHITELIST", @@ -1074,7 +1074,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MOBILE_DEVICE_APPROVE", @@ -1160,7 +1160,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MOBILE_DEVICE_BLOCK", @@ -1246,7 +1246,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MOBILE_DEVICE_DELETE", @@ -1332,7 +1332,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MOBILE_DEVICE_WIPE", @@ -1418,7 +1418,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_MOBILE_SETTING", @@ -1502,7 +1502,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_ADMIN_RESTRICTIONS_PIN", @@ -1580,7 +1580,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_MOBILE_WIRELESS_NETWORK", @@ -1661,7 +1661,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_MOBILE_WIRELESS_NETWORK", @@ -1742,7 +1742,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_MOBILE_WIRELESS_NETWORK", @@ -1823,7 +1823,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_MOBILE_WIRELESS_NETWORK_PASSWORD", @@ -1904,7 +1904,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_MOBILE_CERTIFICATE", @@ -1987,7 +1987,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ENROLL_FOR_GOOGLE_DEVICE_MANAGEMENT", @@ -2057,7 +2057,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT", @@ -2127,7 +2127,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_NON_IOS", @@ -2197,7 +2197,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_IOS", @@ -2267,7 +2267,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MOBILE_ACCOUNT_WIPE", @@ -2353,7 +2353,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_APPROVE", @@ -2439,7 +2439,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_BLOCK", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json index 79dbb9b3afc..5956e568d14 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-org.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHROME_LICENSES_ENABLED", @@ -84,7 +84,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_CREATED", @@ -166,7 +166,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_DELETED", @@ -247,7 +247,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHROME_APPLICATION_LICENSE_RESERVATION_UPDATED", @@ -330,7 +330,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_DEVICE_ENROLLMENT_TOKEN", @@ -405,7 +405,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ASSIGN_CUSTOM_LOGO", @@ -480,7 +480,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UNASSIGN_CUSTOM_LOGO", @@ -555,7 +555,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_ENROLLMENT_TOKEN", @@ -630,7 +630,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REVOKE_ENROLLMENT_TOKEN", @@ -705,7 +705,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHROME_LICENSES_ALLOWED", @@ -786,7 +786,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_ORG_UNIT", @@ -861,7 +861,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_ORG_UNIT", @@ -936,7 +936,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EDIT_ORG_UNIT_DESCRIPTION", @@ -1011,7 +1011,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MOVE_ORG_UNIT", @@ -1087,7 +1087,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "EDIT_ORG_UNIT_NAME", @@ -1163,7 +1163,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REVOKE_DEVICE_ENROLLMENT_TOKEN", @@ -1238,7 +1238,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_SERVICE_ENABLED", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json index d3f42dd7289..304cd8f260d 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-security.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ALLOW_STRONG_AUTHENTICATION", @@ -81,7 +81,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -162,7 +162,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DISALLOW_SERVICE_FOR_OAUTH2_ACCESS", @@ -243,7 +243,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID", @@ -327,7 +327,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_TO_TRUSTED_OAUTH2_APPS", @@ -409,7 +409,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_FROM_TRUSTED_OAUTH2_APPS", @@ -491,7 +491,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "BLOCK_ON_DEVICE_ACCESS", @@ -571,7 +571,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", @@ -662,7 +662,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", @@ -753,7 +753,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION", @@ -844,7 +844,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_TWO_STEP_VERIFICATION_START_DATE", @@ -935,7 +935,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", @@ -1025,7 +1025,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_CAA_ENABLEMENT", @@ -1098,7 +1098,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CAA_ERROR_MESSAGE", @@ -1174,7 +1174,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_CAA_APP_ASSIGNMENTS", @@ -1262,7 +1262,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UNTRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -1337,7 +1337,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TRUST_DOMAIN_OWNED_OAUTH2_APPS", @@ -1412,7 +1412,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY", @@ -1503,7 +1503,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ENFORCE_STRONG_AUTHENTICATION", @@ -1600,7 +1600,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS", @@ -1678,7 +1678,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", @@ -1769,7 +1769,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SESSION_CONTROL_SETTINGS_CHANGE", @@ -1850,7 +1850,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_SESSION_LENGTH", @@ -1925,7 +1925,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UNBLOCK_ON_DEVICE_ACCESS", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json index 371015c78be..abe7ae9c569 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-sites.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_WEB_ADDRESS", @@ -89,7 +89,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_WEB_ADDRESS", @@ -175,7 +175,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_SITES_SETTING", @@ -259,7 +259,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_SITES_WEB_ADDRESS_MAPPING_UPDATES", @@ -341,7 +341,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "VIEW_SITE_DETAILS", diff --git a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json index 22fde4d14f2..44bdbb90f45 100644 --- a/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json +++ b/packages/google_workspace/data_stream/admin/_dev/test/pipeline/test-admin-user.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_2SV_SCRATCH_CODES", @@ -85,7 +85,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GENERATE_2SV_SCRATCH_CODES", @@ -167,7 +167,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REVOKE_3LO_DEVICE_TOKENS", @@ -253,7 +253,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REVOKE_3LO_TOKEN", @@ -338,7 +338,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_RECOVERY_EMAIL", @@ -420,7 +420,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_RECOVERY_PHONE", @@ -502,7 +502,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GRANT_ADMIN_PRIVILEGE", @@ -584,7 +584,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REVOKE_ADMIN_PRIVILEGE", @@ -666,7 +666,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REVOKE_ASP", @@ -751,7 +751,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TOGGLE_AUTOMATIC_CONTACT_SHARING", @@ -834,7 +834,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "BULK_UPLOAD", @@ -913,7 +913,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "BULK_UPLOAD_NOTIFICATION_SENT", @@ -998,7 +998,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CANCEL_USER_INVITE", @@ -1083,7 +1083,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_USER_CUSTOM_FIELD", @@ -1170,7 +1170,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_USER_EXTERNAL_ID", @@ -1254,7 +1254,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_USER_GENDER", @@ -1338,7 +1338,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_USER_IM", @@ -1422,7 +1422,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ENABLE_USER_IP_WHITELIST", @@ -1506,7 +1506,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_USER_KEYWORD", @@ -1590,7 +1590,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_USER_LANGUAGE", @@ -1674,7 +1674,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_USER_LOCATION", @@ -1758,7 +1758,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_USER_ORGANIZATION", @@ -1842,7 +1842,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_USER_PHONE_NUMBER", @@ -1926,7 +1926,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_RECOVERY_EMAIL", @@ -2008,7 +2008,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_RECOVERY_PHONE", @@ -2090,7 +2090,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_USER_RELATION", @@ -2174,7 +2174,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_USER_ADDRESS", @@ -2258,7 +2258,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_EMAIL_MONITOR", @@ -2352,7 +2352,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_DATA_TRANSFER_REQUEST", @@ -2438,7 +2438,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GRANT_DELEGATED_ADMIN_PRIVILEGES", @@ -2521,7 +2521,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_ACCOUNT_INFO_DUMP", @@ -2606,7 +2606,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_EMAIL_MONITOR", @@ -2691,7 +2691,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_MAILBOX_DUMP", @@ -2776,7 +2776,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_FIRST_NAME", @@ -2860,7 +2860,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "GMAIL_RESET_USER", @@ -2943,7 +2943,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_LAST_NAME", @@ -3027,7 +3027,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MAIL_ROUTING_DESTINATION_ADDED", @@ -3110,7 +3110,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MAIL_ROUTING_DESTINATION_REMOVED", @@ -3193,7 +3193,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ADD_NICKNAME", @@ -3276,7 +3276,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_NICKNAME", @@ -3359,7 +3359,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_PASSWORD", @@ -3441,7 +3441,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CHANGE_PASSWORD_ON_NEXT_LOGIN", @@ -3525,7 +3525,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DOWNLOAD_PENDING_INVITES_LIST", @@ -3595,7 +3595,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_RECOVERY_EMAIL", @@ -3677,7 +3677,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REMOVE_RECOVERY_PHONE", @@ -3759,7 +3759,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REQUEST_ACCOUNT_INFO", @@ -3841,7 +3841,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REQUEST_MAILBOX_DUMP", @@ -3931,7 +3931,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RESEND_USER_INVITE", @@ -4016,7 +4016,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RESET_SIGNIN_COOKIES", @@ -4098,7 +4098,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SECURITY_KEY_REGISTERED_FOR_USER", @@ -4180,7 +4180,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "REVOKE_SECURITY_KEY", @@ -4262,7 +4262,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USER_INVITE", @@ -4347,7 +4347,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "VIEW_TEMP_PASSWORD", @@ -4432,7 +4432,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "TURN_OFF_2_STEP_VERIFICATION", @@ -4514,7 +4514,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UNBLOCK_USER_SESSION", @@ -4596,7 +4596,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UNENROLL_USER_FROM_TITANIUM", @@ -4678,7 +4678,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ARCHIVE_USER", @@ -4760,7 +4760,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPDATE_BIRTHDATE", @@ -4843,7 +4843,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "CREATE_USER", @@ -4925,7 +4925,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DELETE_USER", @@ -5007,7 +5007,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DOWNGRADE_USER_FROM_GPLUS", @@ -5089,7 +5089,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USER_ENROLLED_IN_TWO_STEP_VERIFICATION", @@ -5171,7 +5171,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "DOWNLOAD_USERLIST_CSV", @@ -5241,7 +5241,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "MOVE_USER_TO_ORG_UNIT", @@ -5327,7 +5327,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USER_PUT_IN_TWO_STEP_VERIFICATION_GRACE_PERIOD", @@ -5410,7 +5410,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "RENAME_USER", @@ -5493,7 +5493,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UNENROLL_USER_FROM_STRONG_AUTH", @@ -5575,7 +5575,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "SUSPEND_USER", @@ -5657,7 +5657,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UNARCHIVE_USER", @@ -5739,7 +5739,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UNDELETE_USER", @@ -5821,7 +5821,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UNSUSPEND_USER", @@ -5903,7 +5903,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "UPGRADE_USER_TO_GPLUS", @@ -5985,7 +5985,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USERS_BULK_UPLOAD", @@ -6061,7 +6061,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "USERS_BULK_UPLOAD_NOTIFICATION_SENT", diff --git a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index 4702733aad7..3bacd3943ba 100644 --- a/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: iam diff --git a/packages/google_workspace/data_stream/admin/sample_event.json b/packages/google_workspace/data_stream/admin/sample_event.json index 2f13e2350dc..64793950330 100644 --- a/packages/google_workspace/data_stream/admin/sample_event.json +++ b/packages/google_workspace/data_stream/admin/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json b/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json index b2734f0e272..64313b435a7 100644 --- a/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json +++ b/packages/google_workspace/data_stream/drive/_dev/test/pipeline/test-drive.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add_to_folder", @@ -11,7 +11,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.786988822Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"add_to_folder\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"destination_folder_id\",\"value\":\"1234\"},{\"name\":\"destination_folder_title\",\"value\":\"folder title\"},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -96,7 +95,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "approval_canceled", @@ -106,7 +105,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:34.786991478Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"approval_canceled\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -189,7 +187,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "approval_comment_added", @@ -199,7 +197,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:34.786992639Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"approval_comment_added\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -282,7 +279,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "approval_requested", @@ -292,7 +289,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:34.786993655Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"approval_requested\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -375,7 +371,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "approval_reviewer_responded", @@ -385,7 +381,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:34.786994676Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"approval_reviewer_responded\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -468,7 +463,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "create", @@ -476,7 +471,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.786995645Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"create\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -559,7 +553,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete", @@ -567,7 +561,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.786996640Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"delete\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -650,7 +643,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "download", @@ -658,7 +651,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.786997640Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"download\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -741,7 +733,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "edit", @@ -749,7 +741,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.786998608Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"edit\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -832,7 +823,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add_lock", @@ -840,7 +831,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.786999592Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"add_lock\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -923,7 +913,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "move", @@ -931,7 +921,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787000560Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"move\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"destination_folder_id\",\"value\":\"1234\"},{\"name\":\"destination_folder_title\",\"value\":\"folder title\"},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"},{\"name\":\"source_folder_id\",\"value\":\"1234\"},{\"name\":\"source_folder_title\",\"value\":\"a folder title\"}]}}", "provider": "drive", "type": [ @@ -1018,7 +1007,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "preview", @@ -1026,7 +1015,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787001726Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"preview\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -1109,7 +1097,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "print", @@ -1117,7 +1105,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787002714Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"print\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -1200,7 +1187,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "remove_from_folder", @@ -1208,7 +1195,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787003696Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"remove_from_folder\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"},{\"name\":\"source_folder_id\",\"value\":\"1234\"},{\"name\":\"source_folder_title\",\"value\":\"a folder title\"}]}}", "provider": "drive", "type": [ @@ -1293,7 +1279,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "rename", @@ -1301,7 +1287,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787004676Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"rename\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":true},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"bar.gif\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"},{\"name\":\"old_value\",\"value\":\"foo.gif\",\"new_value\":\"bar.gif\"}]}}", "provider": "drive", "type": [ @@ -1386,7 +1371,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "untrash", @@ -1394,7 +1379,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787005642Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"untrash\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -1477,7 +1461,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sheets_import_range", @@ -1485,7 +1469,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787006731Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"sheets_import_range\",\"parameters\":[{\"name\":\"sheets_import_range_recipient_doc\",\"value\":\"1234\"},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -1568,7 +1551,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "trash", @@ -1576,7 +1559,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787007699Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"trash\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -1659,7 +1641,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "remove_lock", @@ -1667,7 +1649,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787008719Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"remove_lock\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -1750,7 +1731,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "upload", @@ -1758,7 +1739,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787009687Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"upload\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"}]}}", "provider": "drive", "type": [ @@ -1841,7 +1821,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "view", @@ -1849,7 +1829,6 @@ "file" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787010660Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"access\",\"name\":\"view\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"},{\"name\":\"shared_drive_id\",\"value\":\"1234\"}]}}", "provider": "drive", "type": [ @@ -1933,7 +1912,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_acl_editors", @@ -1943,7 +1922,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787011627Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"acl_change\",\"name\":\"change_acl_editors\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"new_value\",\"value\":\"owner\"},{\"name\":\"old_value\",\"value\":\"writers\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"},{\"name\":\"old_visibility\",\"value\":\"people_within_domain_with_link\"},{\"name\":\"visibility_change\",\"value\":\"external\"}]}}", "provider": "drive", "type": [ @@ -2030,7 +2008,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_document_access_scope", @@ -2040,7 +2018,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787012612Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"acl_change\",\"name\":\"change_document_access_scope\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"new_value\",\"value\":\"owner\"},{\"name\":\"old_value\",\"value\":\"writers\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"},{\"name\":\"old_visibility\",\"value\":\"people_within_domain_with_link\"},{\"name\":\"visibility_change\",\"value\":\"external\"},{\"name\":\"target_domain\",\"value\":\"all\"}]}}", "provider": "drive", "type": [ @@ -2128,7 +2105,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_document_visibility", @@ -2138,7 +2115,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787013727Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"acl_change\",\"name\":\"change_document_visibility\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"new_value\",\"value\":\"owner\"},{\"name\":\"old_value\",\"value\":\"writers\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"},{\"name\":\"old_visibility\",\"value\":\"people_within_domain_with_link\"},{\"name\":\"visibility_change\",\"value\":\"external\"},{\"name\":\"target_domain\",\"value\":\"all\"}]}}", "provider": "drive", "type": [ @@ -2226,7 +2202,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "shared_drive_membership_change", @@ -2236,7 +2212,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787014707Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"acl_change\",\"name\":\"shared_drive_membership_change\",\"parameters\":[{\"name\":\"added_role\",\"value\":\"editor\"},{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"},{\"name\":\"removed_role\",\"value\":\"content_manager\"},{\"name\":\"membership_change_type\",\"value\":\"add_to_shared_drive\"},{\"name\":\"target\",\"value\":\"user@example.com\"}]}}", "provider": "drive", "type": [ @@ -2324,7 +2299,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "shared_drive_settings_change", @@ -2334,7 +2309,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787015679Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"acl_change\",\"name\":\"shared_drive_settings_change\",\"parameters\":[{\"name\":\"new_settings_state\",\"value\":\"restricted\"},{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"},{\"name\":\"old_settings_state\",\"value\":\"unrestricted\"},{\"name\":\"shared_drive_settings_change_type\",\"value\":\"direct_acl\"},{\"name\":\"target\",\"value\":\"user@example.com\"}]}}", "provider": "drive", "type": [ @@ -2422,7 +2396,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "sheets_import_range_access_change", @@ -2432,7 +2406,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787016657Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"acl_change\",\"name\":\"sheets_import_range_access_change\",\"parameters\":[{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"visibility\",\"value\":\"people_with_link\"},{\"name\":\"sheets_import_range_recipient_doc\",\"value\":\"1234\"}]}}", "provider": "drive", "type": [ @@ -2515,7 +2488,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_user_access", @@ -2525,7 +2498,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:34.787017623Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"drive\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"acl_change\",\"name\":\"change_user_access\",\"parameters\":[{\"name\":\"billable\",\"boolValue\":false},{\"name\":\"doc_id\",\"value\":\"1234\"},{\"name\":\"doc_title\",\"value\":\"document title\"},{\"name\":\"doc_type\",\"value\":\"document\"},{\"name\":\"new_value\",\"value\":\"can_comment\"},{\"name\":\"old_value\",\"value\":\"can_view\"},{\"name\":\"old_visibility\",\"value\":\"people_with_link\"},{\"name\":\"originating_app_id\",\"value\":\"1234\"},{\"name\":\"owner\",\"value\":\"owner@example.com\"},{\"name\":\"owner_is_shared_drive\",\"boolValue\":false},{\"name\":\"primary_event\",\"boolValue\":true},{\"name\":\"target_user\",\"value\":\"user@example.com\"},{\"name\":\"visibility\",\"value\":\"private\"},{\"name\":\"visibility_change\",\"value\":\"external\"}]}}", "provider": "drive", "type": [ diff --git a/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml index 345fb79060e..85f487e7a8d 100644 --- a/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/drive/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: file diff --git a/packages/google_workspace/data_stream/drive/sample_event.json b/packages/google_workspace/data_stream/drive/sample_event.json index 56e85b7b285..3a1ed6c11ce 100644 --- a/packages/google_workspace/data_stream/drive/sample_event.json +++ b/packages/google_workspace/data_stream/drive/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json b/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json index 80bcf9bd56b..23ddd3e6174 100644 --- a/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json +++ b/packages/google_workspace/data_stream/groups/_dev/test/pipeline/test-groups.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_acl_permission", @@ -11,7 +11,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692113876Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"acl_change\",\"name\":\"change_acl_permission\",\"parameters\":[{\"name\":\"acl_permission\",\"value\":\"can_add_members\"},{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"new_value_repeated\",\"multiValue\":[\"managers\",\"members\"]},{\"name\":\"old_value_repeated\",\"multiValue\":[\"managers\"]}]}}", "provider": "groups", "type": [ @@ -96,7 +95,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "accept_invitation", @@ -104,7 +103,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692116334Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"accept_invitation\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"}]}}", "provider": "groups", "type": [ @@ -182,7 +180,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "approve_join_request", @@ -190,7 +188,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692117314Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"approve_join_request\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"user_email\",\"value\":\"user@example.com\"}]}}", "provider": "groups", "type": [ @@ -275,7 +272,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "join", @@ -283,7 +280,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692118200Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"join\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"}]}}", "provider": "groups", "type": [ @@ -361,7 +357,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "request_to_join", @@ -369,7 +365,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692119010Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"request_to_join\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"}]}}", "provider": "groups", "type": [ @@ -447,7 +442,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_basic_setting", @@ -456,7 +451,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692119805Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"change_basic_setting\",\"parameters\":[{\"name\":\"basic_setting\",\"value\":\"allow_external_members\"},{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"new_value\",\"value\":\"true\"},{\"name\":\"old_value\",\"value\":\"false\"}]}}", "provider": "groups", "type": [ @@ -536,7 +530,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "create_group", @@ -544,7 +538,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692120621Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"create_group\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"}]}}", "provider": "groups", "type": [ @@ -621,7 +614,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "delete_group", @@ -629,7 +622,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692121429Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"delete_group\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"}]}}", "provider": "groups", "type": [ @@ -706,7 +698,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_identity_setting", @@ -715,7 +707,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692122227Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"change_identity_setting\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"identity_setting\",\"value\":\"required_forms_of_identity\"},{\"name\":\"new_value\",\"value\":\"display_name_only\"},{\"name\":\"old_value\",\"value\":\"display_name_or_google_profile\"}]}}", "provider": "groups", "type": [ @@ -795,7 +786,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add_info_setting", @@ -804,7 +795,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692123026Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"add_info_setting\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"info_setting\",\"value\":\"custom_footer\"},{\"name\":\"value\",\"value\":\"footer\"}]}}", "provider": "groups", "type": [ @@ -883,7 +873,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_info_setting", @@ -892,7 +882,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692123823Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"change_info_setting\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"info_setting\",\"value\":\"custom_footer\"},{\"name\":\"new_value\",\"value\":\"footer\"},{\"name\":\"old_value\",\"value\":\"old footer\"}]}}", "provider": "groups", "type": [ @@ -972,7 +961,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "remove_info_setting", @@ -981,7 +970,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692124730Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"remove_info_setting\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"info_setting\",\"value\":\"custom_footer\"},{\"name\":\"value\",\"value\":\"footer\"}]}}", "provider": "groups", "type": [ @@ -1060,7 +1048,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_new_members_restrictions_setting", @@ -1069,7 +1057,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692125551Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"change_new_members_restrictions_setting\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"new_members_restrictions_setting\",\"value\":\"new_members_can_post\"},{\"name\":\"new_value\",\"value\":\"inherit\"},{\"name\":\"old_value\",\"value\":\"overriden_to_false\"}]}}", "provider": "groups", "type": [ @@ -1149,7 +1136,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_post_replies_setting", @@ -1158,7 +1145,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692126351Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"change_post_replies_setting\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"post_replies_setting\",\"value\":\"where_should_replies_be_sent\"},{\"name\":\"new_value\",\"value\":\"reply_to_custom_address\"},{\"name\":\"old_value\",\"value\":\"reply_to_author_only\"}]}}", "provider": "groups", "type": [ @@ -1238,7 +1224,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_spam_moderation_setting", @@ -1247,7 +1233,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692127150Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"change_spam_moderation_setting\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"spam_moderation_setting\",\"value\":\"how_to_handle_suspected_spam_messages\"},{\"name\":\"new_value\",\"value\":\"moderate_and_do_not_send_notifications\"},{\"name\":\"old_value\",\"value\":\"moderate_and_send_notifications\"}]}}", "provider": "groups", "type": [ @@ -1327,7 +1312,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "change_topic_setting", @@ -1336,7 +1321,6 @@ "configuration" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692127942Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"change_topic_setting\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"topic_setting\",\"value\":\"allowed_topic_types\"},{\"name\":\"new_value\",\"value\":\"discussions_questions\"},{\"name\":\"old_value\",\"value\":\"discussions\"}]}}", "provider": "groups", "type": [ @@ -1416,7 +1400,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "moderate_message", @@ -1424,7 +1408,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692128855Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"moderate_message\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"message_moderation_action\",\"value\":\"approved\"},{\"name\":\"status\",\"value\":\"succeeded\"},{\"name\":\"message_id\",\"value\":\"message id\"}]}}", "provider": "groups", "type": [ @@ -1506,7 +1489,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "always_post_from_user", @@ -1514,7 +1497,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692129658Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"always_post_from_user\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"user_email\",\"value\":\"user@example.com\"},{\"name\":\"status\",\"value\":\"succeeded\"}]}}", "provider": "groups", "type": [ @@ -1599,7 +1581,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "add_user", @@ -1607,7 +1589,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692130446Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"add_user\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"user_email\",\"value\":\"user@example.com\"},{\"name\":\"member_role\",\"value\":\"manager\"}]}}", "provider": "groups", "type": [ @@ -1693,7 +1674,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "ban_user_with_moderation", @@ -1701,7 +1682,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692131241Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"ban_user_with_moderation\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"user_email\",\"value\":\"user@example.com\"},{\"name\":\"member_role\",\"value\":\"manager\"}]}}", "provider": "groups", "type": [ @@ -1787,7 +1767,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "revoke_invitation", @@ -1795,7 +1775,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692132041Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"revoke_invitation\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"user_email\",\"value\":\"user@example.com\"}]}}", "provider": "groups", "type": [ @@ -1880,7 +1859,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "invite_user", @@ -1888,7 +1867,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692132846Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"invite_user\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"user_email\",\"value\":\"user@example.com\"}]}}", "provider": "groups", "type": [ @@ -1973,7 +1951,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "reject_join_request", @@ -1981,7 +1959,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692133666Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"reject_join_request\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"user_email\",\"value\":\"user@example.com\"}]}}", "provider": "groups", "type": [ @@ -2066,7 +2043,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "reinvite_user", @@ -2074,7 +2051,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692134580Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"reinvite_user\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"user_email\",\"value\":\"user@example.com\"}]}}", "provider": "groups", "type": [ @@ -2159,7 +2135,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "remove_user", @@ -2167,7 +2143,6 @@ "iam" ], "id": "1", - "ingested": "2022-02-03T12:22:46.692135377Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"groups\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"moderator_action\",\"name\":\"remove_user\",\"parameters\":[{\"name\":\"group_email\",\"value\":\"group@example.com\"},{\"name\":\"user_email\",\"value\":\"user@example.com\"}]}}", "provider": "groups", "type": [ diff --git a/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml index dbf2afd9535..da25fdedc4b 100644 --- a/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/groups/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: iam diff --git a/packages/google_workspace/data_stream/groups/sample_event.json b/packages/google_workspace/data_stream/groups/sample_event.json index 18f463449ea..315609614de 100644 --- a/packages/google_workspace/data_stream/groups/sample_event.json +++ b/packages/google_workspace/data_stream/groups/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json b/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json index d7d72f9d257..f5588263d43 100644 --- a/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json +++ b/packages/google_workspace/data_stream/login/_dev/test/pipeline/test-login.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "account_disabled_password_leak", @@ -11,7 +11,6 @@ "authentication" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092782054Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"account_warning\",\"name\":\"account_disabled_password_leak\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"}]}}", "provider": "login", "type": [ @@ -83,7 +82,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "suspicious_login", @@ -91,7 +90,6 @@ "authentication" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092784537Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"account_warning\",\"name\":\"suspicious_login\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", "provider": "login", "start": "2020-07-02T13:08:25.123Z", @@ -164,7 +162,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "suspicious_login_less_secure_app", @@ -172,7 +170,6 @@ "authentication" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092785460Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"account_warning\",\"name\":\"suspicious_login_less_secure_app\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", "provider": "login", "start": "2020-07-02T13:08:25.123Z", @@ -245,7 +242,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "suspicious_programmatic_login", @@ -253,7 +250,6 @@ "authentication" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092786323Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"account_warning\",\"name\":\"suspicious_programmatic_login\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", "provider": "login", "start": "2020-07-02T13:08:25.123Z", @@ -326,7 +322,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "account_disabled_generic", @@ -334,7 +330,6 @@ "authentication" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092787101Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"account_warning\",\"name\":\"account_disabled_generic\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"}]}}", "provider": "login", "type": [ @@ -406,7 +401,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "account_disabled_spamming_through_relay", @@ -414,7 +409,6 @@ "authentication" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092787897Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"account_warning\",\"name\":\"account_disabled_spamming_through_relay\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"}]}}", "provider": "login", "type": [ @@ -486,7 +480,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "account_disabled_spamming", @@ -494,7 +488,6 @@ "authentication" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092788672Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"account_warning\",\"name\":\"account_disabled_spamming\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"}]}}", "provider": "login", "type": [ @@ -566,7 +559,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "account_disabled_hijacked", @@ -574,7 +567,6 @@ "authentication" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092789447Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"account_warning\",\"name\":\"account_disabled_hijacked\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", "provider": "login", "start": "2020-07-02T13:08:25.123Z", @@ -648,7 +640,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "gov_attack_warning", @@ -656,7 +648,6 @@ "authentication" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092790226Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"account_warning\",\"name\":\"gov_attack_warning\"}}", "provider": "login", "type": [ @@ -719,7 +710,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "login_failure", @@ -728,7 +719,6 @@ "session" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092791034Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"login\",\"name\":\"login_failure\",\"parameters\":[{\"name\":\"login_challenge_method\",\"value\":\"backup_code\"},{\"name\":\"login_failure_type\",\"value\":\"login_failure_access_code_disallowed\"},{\"name\":\"login_type\",\"value\":\"exchange\"}]}}", "outcome": "failure", "provider": "login", @@ -797,7 +787,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "login_challenge", @@ -805,7 +795,6 @@ "authentication" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092791833Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"login\",\"name\":\"login_challenge\",\"parameters\":[{\"name\":\"login_challenge_method\",\"value\":\"backup_code\"},{\"name\":\"login_challenge_status\",\"value\":\"Challenge Passed.\"},{\"name\":\"login_type\",\"value\":\"exchange\"}]}}", "outcome": "failure", "provider": "login", @@ -874,7 +863,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "login_verification", @@ -882,7 +871,6 @@ "authentication" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092792756Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"login\",\"name\":\"login_verification\",\"parameters\":[{\"name\":\"is_second_factor\",\"boolValue\":false},{\"name\":\"login_challenge_method\",\"value\":\"backup_code\"},{\"name\":\"login_challenge_status\",\"value\":\"Challenge Passed.\"},{\"name\":\"login_type\",\"value\":\"exchange\"}]}}", "outcome": "failure", "provider": "login", @@ -951,7 +939,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "logout", @@ -960,7 +948,6 @@ "session" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092793559Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"login\",\"name\":\"logout\",\"parameters\":[{\"name\":\"login_type\",\"value\":\"exchange\"}]}}", "provider": "login", "type": [ @@ -1026,7 +1013,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "login_success", @@ -1035,7 +1022,6 @@ "session" ], "id": "1", - "ingested": "2022-02-03T12:22:58.092794356Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"login\",\"name\":\"login_success\",\"parameters\":[{\"name\":\"login_challenge_method\",\"value\":\"backup_code\"},{\"name\":\"is_suspicious\",\"boolValue\":false},{\"name\":\"login_type\",\"value\":\"exchange\"}]}}", "outcome": "success", "provider": "login", diff --git a/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml index 03b34ade4e1..a4c02663853 100644 --- a/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/login/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.category value: authentication diff --git a/packages/google_workspace/data_stream/login/sample_event.json b/packages/google_workspace/data_stream/login/sample_event.json index 638c2029982..18ad1d78590 100644 --- a/packages/google_workspace/data_stream/login/sample_event.json +++ b/packages/google_workspace/data_stream/login/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json b/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json index eb1911e60f5..3c6f6ac7181 100644 --- a/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json +++ b/packages/google_workspace/data_stream/saml/_dev/test/pipeline/test-saml.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "login_failure", @@ -12,7 +12,6 @@ "session" ], "id": "1", - "ingested": "2022-02-03T12:23:03.743677718Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"saml\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"login\",\"name\":\"login_failure\",\"parameters\":[{\"name\":\"application_name\",\"value\":\"app\"},{\"name\":\"failure_type\",\"value\":\"failure_app_not_configured_for_user\"},{\"name\":\"initiated_by\",\"value\":\"idp\"},{\"name\":\"orgunit_path\",\"value\":\"ounit\"},{\"name\":\"saml_second_level_status_code\",\"value\":\"SUCCESS_URI\"},{\"name\":\"saml_status_code\",\"value\":\"SUCCESS_URI\"}]}}", "outcome": "failure", "provider": "saml", @@ -84,7 +83,7 @@ { "@timestamp": "2020-10-02T15:00:01.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "login_success", @@ -93,7 +92,6 @@ "session" ], "id": "1", - "ingested": "2022-02-03T12:23:03.743680852Z", "original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:01Z\",\"uniqueQualifier\":1,\"applicationName\":\"saml\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"67.43.156.13\",\"events\":{\"type\":\"login\",\"name\":\"login_success\",\"parameters\":[{\"name\":\"application_name\",\"value\":\"app\"},{\"name\":\"initiated_by\",\"value\":\"idp\"},{\"name\":\"orgunit_path\",\"value\":\"ounit\"},{\"name\":\"saml_status_code\",\"value\":\"SUCCESS_URI\"}]}}", "outcome": "success", "provider": "saml", diff --git a/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml index e19143aadff..4124d08c13b 100644 --- a/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/saml/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.type value: start diff --git a/packages/google_workspace/data_stream/saml/sample_event.json b/packages/google_workspace/data_stream/saml/sample_event.json index 2b725181237..239de702188 100644 --- a/packages/google_workspace/data_stream/saml/sample_event.json +++ b/packages/google_workspace/data_stream/saml/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json b/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json index a8ff332f235..35610a8ad4a 100644 --- a/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json +++ b/packages/google_workspace/data_stream/user_accounts/_dev/test/pipeline/test-user-accounts.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "2sv_disable", @@ -74,7 +74,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "2sv_enroll", @@ -145,7 +145,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "password_edit", @@ -216,7 +216,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "recovery_email_edit", @@ -287,7 +287,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "recovery_phone_edit", @@ -358,7 +358,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "recovery_secret_qa_edit", @@ -429,7 +429,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "titanium_enroll", @@ -500,7 +500,7 @@ { "@timestamp": "2020-10-02T15:00:00.000Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "titanium_unenroll", diff --git a/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml b/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml index 65c556197e2..22909027674 100644 --- a/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/google_workspace/data_stream/user_accounts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing google_workspace logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - append: field: event.type value: change diff --git a/packages/google_workspace/data_stream/user_accounts/sample_event.json b/packages/google_workspace/data_stream/user_accounts/sample_event.json index 453e0e10d64..ad8b8fb11e8 100644 --- a/packages/google_workspace/data_stream/user_accounts/sample_event.json +++ b/packages/google_workspace/data_stream/user_accounts/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/docs/README.md b/packages/google_workspace/docs/README.md index c6bf0ce0538..acfa620a719 100644 --- a/packages/google_workspace/docs/README.md +++ b/packages/google_workspace/docs/README.md @@ -69,7 +69,7 @@ An example event for `saml` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -286,7 +286,7 @@ An example event for `user_accounts` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -488,7 +488,7 @@ An example event for `login` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -706,7 +706,7 @@ An example event for `admin` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -1034,7 +1034,7 @@ An example event for `drive` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", @@ -1287,7 +1287,7 @@ An example event for `groups` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "584f3aea-648c-4e58-aba4-32b8f88d4396", diff --git a/packages/google_workspace/manifest.yml b/packages/google_workspace/manifest.yml index 35e8d3b026b..96d1f138714 100644 --- a/packages/google_workspace/manifest.yml +++ b/packages/google_workspace/manifest.yml @@ -1,6 +1,6 @@ name: google_workspace title: Google Workspace Audit Reports -version: 1.3.4 +version: 1.4.0 release: ga description: Collect audit reports from Google Workspaces with Elastic Agent. type: integration diff --git a/packages/hashicorp_vault/_dev/build/build.yml b/packages/hashicorp_vault/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/hashicorp_vault/_dev/build/build.yml +++ b/packages/hashicorp_vault/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/hashicorp_vault/changelog.yml b/packages/hashicorp_vault/changelog.yml index 0c933f81f07..15522bc940c 100644 --- a/packages/hashicorp_vault/changelog.yml +++ b/packages/hashicorp_vault/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "1.3.3" changes: - description: Use dynamic mappings for all hashicorp_vault.metrics fields. diff --git a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index c44d3319928..f65228ad33a 100644 --- a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-12-01T20:29:04.356Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { @@ -93,7 +93,7 @@ { "@timestamp": "2020-12-01T20:29:04.360Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { @@ -202,7 +202,7 @@ { "@timestamp": "2021-07-19T17:19:00.673Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { @@ -260,7 +260,7 @@ { "@timestamp": "2021-07-19T17:19:00.674Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { @@ -324,7 +324,7 @@ { "@timestamp": "2021-06-29T17:26:11.402Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { @@ -407,7 +407,7 @@ { "@timestamp": "2021-06-29T17:26:11.409Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { @@ -504,7 +504,7 @@ { "@timestamp": "2021-06-29T18:01:29.545Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { @@ -585,7 +585,7 @@ { "@timestamp": "2021-06-29T18:01:29.547Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { @@ -710,7 +710,7 @@ { "@timestamp": "2021-12-30T17:11:12.468Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { diff --git a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json index 17d628bbe31..6e392bc5f10 100644 --- a/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json +++ b/packages/hashicorp_vault/data_stream/audit/_dev/test/pipeline/test-faked-all-fields.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2018-04-09T21:04:29.640Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { @@ -69,7 +69,7 @@ { "@timestamp": "2018-04-09T21:04:29.642Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { @@ -163,7 +163,7 @@ { "@timestamp": "2021-07-21T12:37:50.936Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { @@ -252,7 +252,7 @@ { "@timestamp": "2021-07-21T12:37:50.936Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "audit": { diff --git a/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 6abdd54f1ff..6bff35b88dd 100644 --- a/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Hashicorp Vault audit logs. processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/hashicorp_vault/data_stream/audit/sample_event.json b/packages/hashicorp_vault/data_stream/audit/sample_event.json index 4c7cbaf6d06..0ff31120d12 100644 --- a/packages/hashicorp_vault/data_stream/audit/sample_event.json +++ b/packages/hashicorp_vault/data_stream/audit/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index b05b05a7d1e..b979a605854 100644 --- a/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/hashicorp_vault/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-07-16T06:30:48.194Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { @@ -27,7 +27,7 @@ { "@timestamp": "2021-07-16T06:33:08.867Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { @@ -50,7 +50,7 @@ { "@timestamp": "2021-07-09T17:20:27.184Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { @@ -77,7 +77,7 @@ { "@timestamp": "2021-07-09T17:20:27.190Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { @@ -100,7 +100,7 @@ { "@timestamp": "2021-07-09T17:20:27.182Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { @@ -127,7 +127,7 @@ { "@timestamp": "2021-07-09T17:20:27.212Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { @@ -151,7 +151,7 @@ { "@timestamp": "2021-07-09T17:04:06.945Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { @@ -175,7 +175,7 @@ { "@timestamp": "2021-07-16T19:05:02.795Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { @@ -198,7 +198,7 @@ { "@timestamp": "2021-07-09T17:01:42.203Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { @@ -222,7 +222,7 @@ { "@timestamp": "2021-07-22T17:33:20.689Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { @@ -248,7 +248,7 @@ "path": "/vault/logs/audit.json" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { @@ -272,7 +272,7 @@ { "@timestamp": "2021-07-22T17:33:20.691Z", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "hashicorp_vault": { "log": { diff --git a/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml index a255d2eeaf7..482a387daa1 100644 --- a/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Hashicorp Vault operational logs. processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: event.kind value: event diff --git a/packages/hashicorp_vault/data_stream/log/sample_event.json b/packages/hashicorp_vault/data_stream/log/sample_event.json index 7e6498b510b..e4a43ca70b4 100644 --- a/packages/hashicorp_vault/data_stream/log/sample_event.json +++ b/packages/hashicorp_vault/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml b/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml index cd7cbb5fe46..d41b15a7070 100644 --- a/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml +++ b/packages/hashicorp_vault/data_stream/metrics/elasticsearch/ingest_pipeline/default.yml @@ -11,7 +11,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - set: field: service.type value: hashicorp_vault diff --git a/packages/hashicorp_vault/data_stream/metrics/sample_event.json b/packages/hashicorp_vault/data_stream/metrics/sample_event.json index 30814ed6649..bf2a0d6c653 100644 --- a/packages/hashicorp_vault/data_stream/metrics/sample_event.json +++ b/packages/hashicorp_vault/data_stream/metrics/sample_event.json @@ -13,7 +13,7 @@ "type": "metrics" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/docs/README.md b/packages/hashicorp_vault/docs/README.md index 704aee9d1b8..5ae63ff5af4 100644 --- a/packages/hashicorp_vault/docs/README.md +++ b/packages/hashicorp_vault/docs/README.md @@ -97,7 +97,7 @@ An example event for `audit` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", @@ -318,7 +318,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "9878d192-22ad-49b6-a6c2-9959b0815d04", diff --git a/packages/hashicorp_vault/manifest.yml b/packages/hashicorp_vault/manifest.yml index 8d990a3e0f0..1ac240bd83f 100644 --- a/packages/hashicorp_vault/manifest.yml +++ b/packages/hashicorp_vault/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: hashicorp_vault title: Hashicorp Vault -version: 1.3.3 +version: 1.4.0 license: basic description: Collect logs and metrics from Hashicorp Vault with Elastic Agent. type: integration diff --git a/packages/http_endpoint/_dev/build/build.yml b/packages/http_endpoint/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/http_endpoint/_dev/build/build.yml +++ b/packages/http_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/http_endpoint/changelog.yml b/packages/http_endpoint/changelog.yml index 6d6a6d43bea..8873c447b19 100644 --- a/packages/http_endpoint/changelog.yml +++ b/packages/http_endpoint/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.1.0" + changes: + - description: Update ECS to 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "1.0.1" changes: - description: Update readme diff --git a/packages/http_endpoint/data_stream/generic/sample_event.json b/packages/http_endpoint/data_stream/generic/sample_event.json index a0effb1078c..d234d2e440a 100644 --- a/packages/http_endpoint/data_stream/generic/sample_event.json +++ b/packages/http_endpoint/data_stream/generic/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "d5d45ca4-6db0-4931-bf28-7de9e83c2223", diff --git a/packages/http_endpoint/manifest.yml b/packages/http_endpoint/manifest.yml index 8e53cbf8eaa..3894daea768 100644 --- a/packages/http_endpoint/manifest.yml +++ b/packages/http_endpoint/manifest.yml @@ -3,7 +3,7 @@ name: http_endpoint title: Custom HTTP Endpoint Logs description: Collect JSON data from listening HTTP port with Elastic Agent. type: integration -version: 1.0.1 +version: 1.1.0 release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" diff --git a/packages/httpjson/_dev/build/build.yml b/packages/httpjson/_dev/build/build.yml index 08d85edcf9a..d61527283ec 100644 --- a/packages/httpjson/_dev/build/build.yml +++ b/packages/httpjson/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: git@8.2 diff --git a/packages/httpjson/changelog.yml b/packages/httpjson/changelog.yml index 1819f168c5d..a80b05674dd 100644 --- a/packages/httpjson/changelog.yml +++ b/packages/httpjson/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.2.0" + changes: + - description: Update ECS to 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "1.1.1" changes: - description: Fixes typo in config template diff --git a/packages/httpjson/data_stream/generic/sample_event.json b/packages/httpjson/data_stream/generic/sample_event.json index 458db46715a..97f5b569295 100644 --- a/packages/httpjson/data_stream/generic/sample_event.json +++ b/packages/httpjson/data_stream/generic/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "0ddbfef9-4d38-400d-8404-d2df456bddc0", diff --git a/packages/httpjson/manifest.yml b/packages/httpjson/manifest.yml index 781e970ac90..93e2f2bd417 100644 --- a/packages/httpjson/manifest.yml +++ b/packages/httpjson/manifest.yml @@ -3,7 +3,7 @@ name: httpjson title: Custom HTTPJSON Input description: Collect custom data from REST API's with Elastic Agent. type: integration -version: 1.1.1 +version: 1.2.0 release: ga conditions: kibana.version: "^7.16.0 || ^8.0.0" diff --git a/packages/imperva/_dev/build/build.yml b/packages/imperva/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/imperva/_dev/build/build.yml +++ b/packages/imperva/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/imperva/changelog.yml b/packages/imperva/changelog.yml index 41e1f4ee3b6..7b520319361 100644 --- a/packages/imperva/changelog.yml +++ b/packages/imperva/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "0.7.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json b/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json index 3258e2817b0..5decd80626c 100644 --- a/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/imperva/data_stream/securesphere/_dev/test/pipeline/test-generated.log-expected.json @@ -2,10 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.162998333Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.70.155.35,dstPort=892,dbUsername=tatno,srcIP=10.81.122.126,srcPort=4141,creatTime=29 January 2016 06:09:59,srvGroup=uam,service=untutl,appName=rad,event#=taliqu,eventType=Login,usrGroup=ommod,usrAuth=True,application=\"scivel\",osUsername=aqui,srcHost=radipis5408.mail.local,dbName=enatuse,schemaName=magn,bindVar=equuntu,sqlError=failure,respSize=5910,respTime=10.347000,affRows=sum,action=\"cancel\",rawQuery=\"sit\"", "tags": [ @@ -14,10 +11,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163002295Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=nimadmin,createTime=2016-02-12 13:12:33,eventType=erep,eventSev=low,username=temq,subsystem=ugiatqu,message=\"eacomm\"", "tags": [ @@ -26,10 +20,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163003507Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.58.116.231,dstPort=996,dbUsername=qua,srcIP=10.159.182.171,srcPort=3947,creatTime=2016-02-26 20:15:08,srvGroup=apariat,service=mol,appName=pteursi,event#=onse,eventType=rumet,usrGroup=oll,usrAuth=erc,application=\"taliqu\",osUsername=temUten,srcHost=ccusan7572.api.home,dbName=aveniam,schemaName=uradi,bindVar=nimadmin,sqlError=failure,respSize=3626,respTime=79.328000,affRows=ender,action=\"accept\",rawQuery=\"ehenderi\"", "tags": [ @@ -38,10 +29,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163004692Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.232.27.250,dstPort=7838,dbUsername=mquidol,srcIP=10.18.124.28,srcPort=7668,creatTime=12 March 2016 03:17:42,srvGroup=rsitamet,service=lupt,appName=xea,event#=qua,eventType=Login,usrGroup=luptatev,usrAuth=False,application=\"admi\",osUsername=modocons,srcHost=elaudant5931.internal.invalid,dbName=lores,schemaName=lapariat,bindVar=eddoei,sqlError=failure,respSize=6564,respTime=87.496000,affRows=nimadmin,action=\"cancel\",rawQuery=\"xercitat\"", "tags": [ @@ -50,10 +38,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163005752Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=ationemu,event#=ice,createTime=2016-03-26 10:20:16,updateTime=estiae,alertSev=high,group=laborum,ruleName=\"tionof\",evntDesc=\"snostrud\",category=nama,disposition=quisnos,eventType=ite,proto=icmp,srcPort=2707,srcIP=10.6.137.200,dstPort=5697,dstIP=10.197.250.10,policyName=\"bor\",occurrences=7243,httpHost=hitect,webMethod=dol,url=\"https://internal.example.net/namali/taevit.html?nsecte=itame#eumfug\",webQuery=\"lit\",soapAction=asun,resultCode=estia,sessionID=eaq,username=occae,addUsername=ctetura,responseTime=labore,responseSize=texp,direction=external,dbUsername=adeseru,queryGroup=emoe,application=\"eaq\",srcHost=amest4147.mail.host,osUsername=intoc,schemaName=oluptas,dbName=tNequepo,hdrName=lup,action=cancel", "tags": [ @@ -62,10 +47,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163006795Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=sperna,event#=eabilloi,createTime=2016-04-09 17:22:51,updateTime=estia,alertSev=medium,group=tlab,ruleName=\"volupt\",evntDesc=\"osqui\",category=xerc,disposition=iutali,eventType=fdeFi,proto=igmp,srcPort=1696,srcIP=10.179.124.125,dstPort=5473,dstIP=10.36.194.106,policyName=\"eprehend\",occurrences=2462,httpHost=dutper,webMethod=lamcolab,url=\"https://example.net/tlabo/uames.gif?mpo=offi#giatnu\",webQuery=\"ulapa\",soapAction=liqui,resultCode=quioffi,sessionID=uptate,username=ncidid,addUsername=quaturve,responseTime=sequa,responseSize=aera,direction=outbound,dbUsername=rvel,queryGroup=uid,application=\"onsecte\",srcHost=eratv6205.internal.lan,osUsername=reme,schemaName=acommod,dbName=uaUteni,hdrName=udantium,action=accept", "tags": [ @@ -74,10 +56,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163007786Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.129.149.43,dstPort=3304,dbUsername=eveli,srcIP=10.211.105.204,srcPort=2742,creatTime=2016-04-24 00:25:25,srvGroup=aliquide,service=ofde,appName=equat,event#=derit,eventType=Logout,usrGroup=dexea,usrAuth=True,application=\"atcu\",osUsername=labor,srcHost=didunt1355.corp,dbName=udan,schemaName=orema,bindVar=invento,sqlError=failure,respSize=6855,respTime=74.098000,affRows=nofdeFin,action=\"accept\",rawQuery=\"rau\"", "tags": [ @@ -86,10 +65,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163008805Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.214.191.180,dstPort=5848,dbUsername=ipsumdol,srcIP=10.112.250.193,srcPort=5705,creatTime=2016-05-08 07:27:59,srvGroup=urerepr,service=ese,appName=isaute,event#=ptatemq,eventType=Logout,usrGroup=luptatev,usrAuth=False,application=\"tlabore\",osUsername=Exc,srcHost=pora6854.www5.home,dbName=nevo,schemaName=ide,bindVar=aali,sqlError=success,respSize=6852,respTime=49.573000,affRows=etcons,action=\"cancel\",rawQuery=\"tenbyCi\"", "tags": [ @@ -98,10 +74,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163009799Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.251.20.13,dstPort=264,dbUsername=iquipe,srcIP=10.192.34.76,srcPort=1450,creatTime=2016-05-22 14:30:33,srvGroup=upida,service=tvolupt,appName=eufugi,event#=pici,eventType=abor,usrGroup=utpe,usrAuth=onsequ,application=\"temqu\",osUsername=ovol,srcHost=ptasn6599.www.localhost,dbName=lore,schemaName=tnonpro,bindVar=ionemu,sqlError=success,respSize=3645,respTime=20.909000,affRows=tanimid,action=\"deny\",rawQuery=\"uamni\"", "tags": [ @@ -110,10 +83,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163010815Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.74.105.218,dstPort=2438,dbUsername=archite,srcIP=10.59.138.212,srcPort=7829,creatTime=2016-06-05 21:33:08,srvGroup=asi,service=datatno,appName=siutali,event#=amnih,eventType=Logout,usrGroup=ium,usrAuth=True,application=\"esciuntN\",osUsername=idunt,srcHost=ptasnu6684.mail.lan,dbName=orumSe,schemaName=boree,bindVar=intoc,sqlError=success,respSize=248,respTime=158.450000,affRows=eeufugia,action=\"block\",rawQuery=\"ofdeFini\"", "tags": [ @@ -122,10 +92,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163011808Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.168.159.13,dstPort=3319,dbUsername=inci,srcIP=10.230.173.4,srcPort=2631,creatTime=2016-06-20 04:35:42,srvGroup=avol,service=icero,appName=xer,event#=emipsumd,eventType=Logout,usrGroup=isisten,usrAuth=False,application=\"cusant\",osUsername=atemq,srcHost=rinre2977.api.corp,dbName=totamre,schemaName=isnostr,bindVar=umqu,sqlError=success,respSize=6135,respTime=86.668000,affRows=inesci,action=\"accept\",rawQuery=\"uia\"", "tags": [ @@ -134,10 +101,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163013101Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.49.167.57,dstPort=2119,dbUsername=tali,srcIP=10.41.21.204,srcPort=3540,creatTime=4 July 2016 11:38:16,srvGroup=rpori,service=ice,appName=oles,event#=edic,eventType=Login,usrGroup=seq,usrAuth=True,application=\"tutlab\",osUsername=sau,srcHost=atevelit2450.local,dbName=aperia,schemaName=ccaeca,bindVar=umdolo,sqlError=failure,respSize=6818,respTime=115.224000,affRows=stenatu,action=\"block\",rawQuery=\"orumSe\"", "tags": [ @@ -146,10 +110,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163014205Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=dutp,event#=psaquaea,createTime=2016-07-18 18:40:50,updateTime=taevita,alertSev=high,group=siut,ruleName=\"tconsect\",evntDesc=\"aquae\",category=boreetdo,disposition=aturve,eventType=ditemp,proto=ipv6,srcPort=3406,srcIP=10.216.125.252,dstPort=5592,dstIP=10.62.147.186,policyName=\"eumiure\",occurrences=4603,httpHost=ima,webMethod=quasia,url=\"https://example.org/umwrit/uptate.html?ctetura=aveni#elit\",webQuery=\"seosqui\",soapAction=sequamni,resultCode=uradi,sessionID=tot,username=llamco,addUsername=nea,responseTime=psum,responseSize=tasnulap,direction=inbound,dbUsername=umSe,queryGroup=xeacomm,application=\"cinge\",srcHost=itla658.api.localhost,osUsername=lorsita,schemaName=dolore,dbName=uptate,hdrName=quidexea,action=\"accept\",errormsg=\"unknown\"", "tags": [ @@ -158,10 +119,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163015242Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=ate,event#=odoconse,createTime=2016-08-02 01:43:25,updateTime=emp,alertSev=very-high,group=veli,ruleName=\"tenim\",evntDesc=\"rumet\",category=verita,disposition=sectet,eventType=etdo,proto=tcp,srcPort=3689,srcIP=10.52.125.9,dstPort=2538,dstIP=10.204.128.215,policyName=\"ama\",occurrences=332,httpHost=runtmol,webMethod=texpli,url=\"https://api.example.org/roidents/tem.txt?tametcon=liqua#mvele\",webQuery=\"isis\",soapAction=uasiar,resultCode=utlab,sessionID=emUteni,username=rum,addUsername=gnaaliqu,responseTime=teirured,responseSize=onemulla,direction=external,dbUsername=bor,queryGroup=rauto,application=\"ationev\",srcHost=umdolor4389.api.home,osUsername=paquioff,schemaName=nci,dbName=isau,hdrName=rautodi,action=deny", "tags": [ @@ -170,10 +128,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163016292Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.200.68.129,dstPort=2558,dbUsername=icabo,srcIP=10.34.148.166,srcPort=3022,creatTime=2016-08-16 08:45:59,srvGroup=preh,service=ercit,appName=etMal,event#=qua,eventType=rsita,usrGroup=ate,usrAuth=ipsamvo,application=\"onula\",osUsername=miu,srcHost=rationev6444.localhost,dbName=tatem,schemaName=untutlab,bindVar=amcor,sqlError=failure,respSize=5427,respTime=176.685000,affRows=oremq,action=\"block\",rawQuery=\"uisaute\"", "tags": [ @@ -182,10 +137,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163017286Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.226.101.180,dstPort=1000,dbUsername=siu,srcIP=10.134.5.40,srcPort=7284,creatTime=30 August 2016 15:48:33,srvGroup=llamc,service=nte,appName=mvel,event#=nof,eventType=Login,usrGroup=usmodi,usrAuth=False,application=\"mvolu\",osUsername=conse,srcHost=ipi7727.www5.domain,dbName=isiu,schemaName=licabo,bindVar=enimadmi,sqlError=success,respSize=6356,respTime=41.238000,affRows=xeaco,action=\"deny\",rawQuery=\"amcor\"", "tags": [ @@ -194,10 +146,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163023287Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.126.26.131,dstPort=2595,dbUsername=velite,srcIP=10.30.98.10,srcPort=7576,creatTime=13 September 2016 22:51:07,srvGroup=itation,service=sequatD,appName=nimave,event#=isciv,eventType=Login,usrGroup=rroqu,usrAuth=False,application=\"nofd\",osUsername=dipisci,srcHost=spernatu5539.domain,dbName=quunt,schemaName=olori,bindVar=mquae,sqlError=unknown,respSize=7717,respTime=96.729000,affRows=cidunt,action=\"accept\",rawQuery=\"borisnis\"", "tags": [ @@ -206,10 +155,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163025965Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.190.10.219,dstPort=5530,dbUsername=accusant,srcIP=10.233.120.207,srcPort=136,creatTime=2016-09-28 05:53:42,srvGroup=stenatu,service=inibu,appName=est,event#=uptatemU,eventType=Logout,usrGroup=leumiu,usrAuth=False,application=\"tla\",osUsername=item,srcHost=nimid372.api.corp,dbName=atcupid,schemaName=quamnih,bindVar=dminima,sqlError=success,respSize=3278,respTime=60.949000,affRows=tame,action=\"cancel\",rawQuery=\"reetd\"", "tags": [ @@ -218,10 +164,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163027638Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=sitam,createTime=2016-10-12 12:56:16,eventType=rad,eventSev=low,username=sequa,subsystem=iosamnis,message=\"volupt\"", "tags": [ @@ -230,10 +173,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163029014Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.100.98.56,dstPort=1089,dbUsername=boru,srcIP=10.248.184.200,srcPort=5315,creatTime=2016-10-26 19:58:50,srvGroup=ptatem,service=ptatevel,appName=tenatuse,event#=psaqua,eventType=Logout,usrGroup=ullamcor,usrAuth=False,application=\"itationu\",osUsername=proident,srcHost=maliquam2147.internal.home,dbName=lores,schemaName=ritati,bindVar=orisni,sqlError=failure,respSize=5923,respTime=179.541000,affRows=sitam,action=\"deny\",rawQuery=\"mmodoc\"", "tags": [ @@ -242,10 +182,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163030277Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.197.6.245,dstPort=27,dbUsername=dtempo,srcIP=10.82.28.220,srcPort=3570,creatTime=10 November 2016 03:01:24,srvGroup=imad,service=tinvolup,appName=tsed,event#=inv,eventType=Login,usrGroup=rroq,usrAuth=False,application=\"rcit\",osUsername=aecatcup,srcHost=olabor2983.internal.localhost,dbName=citatio,schemaName=oluptat,bindVar=mveniamq,sqlError=success,respSize=3071,respTime=120.142000,affRows=eaqueips,action=\"allow\",rawQuery=\"aturve\"", "tags": [ @@ -254,10 +191,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163031335Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.6.27.103,dstPort=3179,dbUsername=redol,srcIP=10.167.252.183,srcPort=2003,creatTime=24 November 2016 10:03:59,srvGroup=doei,service=cipitl,appName=caboNemo,event#=dexerc,eventType=Login,usrGroup=strumex,usrAuth=True,application=\"eprehend\",osUsername=asnu,srcHost=hitec2111.mail.corp,dbName=perspici,schemaName=ationul,bindVar=mquisn,sqlError=failure,respSize=6606,respTime=155.907000,affRows=emUte,action=\"cancel\",rawQuery=\"ccae\"", "tags": [ @@ -266,10 +200,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163039176Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=ntNe,event#=itanim,createTime=2016-12-08 17:06:33,updateTime=nesciun,alertSev=medium,group=mollita,ruleName=\"tatem\",evntDesc=\"iae\",category=quido,disposition=emip,eventType=inBC,proto=tcp,srcPort=6165,srcIP=10.88.45.111,dstPort=6735,dstIP=10.81.184.7,policyName=\"saquaea\",occurrences=6344,httpHost=eetd,webMethod=illu,url=\"https://mail.example.com/lorsi/repreh.gif?sitamet=utlabo#tetur\",webQuery=\"tionula\",soapAction=ritqu,resultCode=ecatcupi,sessionID=uamei,username=undeomni,addUsername=tas,responseTime=autfugi,responseSize=tasun,direction=external,dbUsername=eratv,queryGroup=ipsa,application=\"asuntexp\",srcHost=adminim2559.www5.invalid,osUsername=lmole,schemaName=iameaque,dbName=nderi,hdrName=ssusci,action=\"deny\",errormsg=\"failure\"", "tags": [ @@ -278,10 +209,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163040682Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.214.3.140,dstPort=6127,dbUsername=scipitl,srcIP=10.29.119.245,srcPort=1179,creatTime=2016-12-23 00:09:07,srvGroup=olli,service=rever,appName=ore,event#=offici,eventType=Logout,usrGroup=ection,usrAuth=False,application=\"roquisqu\",osUsername=edolorin,srcHost=dolorem6882.api.local,dbName=rsi,schemaName=taliqui,bindVar=mides,sqlError=success,respSize=5140,respTime=119.229000,affRows=tcu,action=\"cancel\",rawQuery=\"inrepreh\"", "tags": [ @@ -290,10 +218,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163041679Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=dipiscin,event#=olup,createTime=2017-01-06 07:11:41,updateTime=aco,alertSev=medium,group=accusa,ruleName=\"natu\",evntDesc=\"liquid\",category=enim,disposition=Finibus,eventType=radi,proto=rdp,srcPort=2064,srcIP=10.218.123.234,dstPort=57,dstIP=10.110.133.7,policyName=\"radipisc\",occurrences=5347,httpHost=nibus,webMethod=vitaed,url=\"https://example.org/etconsec/elillum.htm?mporinc=onsectet#idolo\",webQuery=\"atemUte\",soapAction=docon,resultCode=mdolore,sessionID=eosquira,username=pta,addUsername=snos,responseTime=orsi,responseSize=tetura,direction=external,dbUsername=lorsita,queryGroup=eavol,application=\"osamnis\",srcHost=temaccu5302.test,osUsername=etconsec,schemaName=caboNem,dbName=urExcept,hdrName=rumetMal,action=\"allow\",errormsg=\"unknown\"", "tags": [ @@ -302,10 +227,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163042680Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.105.190.170,dstPort=2519,dbUsername=doeiu,srcIP=10.182.152.242,srcPort=1877,creatTime=2017-01-20 14:14:16,srvGroup=orumw,service=redol,appName=ecillum,event#=isci,eventType=Logout,usrGroup=dolor,usrAuth=True,application=\"tiumto\",osUsername=litan,srcHost=nder347.www.corp,dbName=alorum,schemaName=mquisn,bindVar=atq,sqlError=unknown,respSize=3474,respTime=68.556000,affRows=ugiatquo,action=\"block\",rawQuery=\"equamnih\"", "tags": [ @@ -314,10 +236,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163044021Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=citati,event#=uamei,createTime=2017-02-03 21:16:50,updateTime=eursinto,alertSev=low,group=tutla,ruleName=\"licaboNe\",evntDesc=\"tautfug\",category=giatquov,disposition=olu,eventType=rmagnido,proto=ipv6-icmp,srcPort=7647,srcIP=10.59.188.188,dstPort=7082,dstIP=10.123.166.197,policyName=\"ici\",occurrences=7102,httpHost=mips,webMethod=itae,url=\"https://internal.example.net/atnula/ditautf.jpg?iquidex=olup#remipsu\",webQuery=\"tan\",soapAction=quiac,resultCode=sunt,sessionID=autfugit,username=emUte,addUsername=iusmodi,responseTime=fdeFi,responseSize=Except,direction=inbound,dbUsername=equat,queryGroup=aliquid,application=\"usantiu\",srcHost=idunt4633.internal.host,osUsername=liquam,schemaName=min,dbName=oluptat,hdrName=odt,action=block", "tags": [ @@ -326,10 +245,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163045039Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.72.75.207,dstPort=6336,dbUsername=urau,srcIP=10.201.168.116,srcPort=2037,creatTime=2017-02-18 04:19:24,srvGroup=utali,service=sed,appName=xeac,event#=umdolors,eventType=Logout,usrGroup=lumdo,usrAuth=False,application=\"acom\",osUsername=eFini,srcHost=ectob4634.mail.localhost,dbName=prehend,schemaName=eufug,bindVar=roquisq,sqlError=unknown,respSize=3348,respTime=79.765000,affRows=civelits,action=\"accept\",rawQuery=\"reet\"", "tags": [ @@ -338,10 +254,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163046029Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.9.46.123,dstPort=586,dbUsername=mfu,srcIP=10.58.133.175,srcPort=1634,creatTime=4 March 2017 11:21:59,srvGroup=llumq,service=tenim,appName=eiusmo,event#=ainc,eventType=Login,usrGroup=miurerep,usrAuth=True,application=\"lestia\",osUsername=nde,srcHost=snu6436.www.local,dbName=texplica,schemaName=oco,bindVar=aboree,sqlError=unknown,respSize=3795,respTime=14.713000,affRows=edquian,action=\"block\",rawQuery=\"uames\"", "tags": [ @@ -350,10 +263,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163047028Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.169.50.59,dstPort=7693,dbUsername=pta,srcIP=10.70.29.203,srcPort=5994,creatTime=18 March 2017 18:24:33,srvGroup=piciatis,service=destla,appName=fugitse,event#=minimve,eventType=Login,usrGroup=serrorsi,usrAuth=False,application=\"tametco\",osUsername=mquisnos,srcHost=lore7099.www.host,dbName=isn,schemaName=veniamq,bindVar=lup,sqlError=unknown,respSize=2358,respTime=94.460000,affRows=ipitlabo,action=\"block\",rawQuery=\"prehen\"", "tags": [ @@ -362,10 +272,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163048078Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.165.182.111,dstPort=5525,dbUsername=ames,srcIP=10.137.85.123,srcPort=218,creatTime=2017-04-02 01:27:07,srvGroup=amquisno,service=modoc,appName=magnam,event#=uinesc,eventType=Logout,usrGroup=cid,usrAuth=True,application=\"emi\",osUsername=Bonorum,srcHost=lesti6939.api.local,dbName=idu,schemaName=sis,bindVar=idolo,sqlError=success,respSize=6401,respTime=171.434000,affRows=its,action=\"block\",rawQuery=\"edutp\"", "tags": [ @@ -374,10 +281,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163049071Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=enimadmi,createTime=2017-04-16 08:29:41,eventType=tateveli,eventSev=high,username=sumdolo,subsystem=idolorem,message=\"temvele\"", "tags": [ @@ -386,10 +290,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163050055Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=inimve,event#=uio,createTime=2017-04-30 15:32:16,updateTime=mexercit,alertSev=high,group=onofdeF,ruleName=\"ibusBo\",evntDesc=\"orin\",category=enia,disposition=iavol,eventType=natuserr,proto=rdp,srcPort=3327,srcIP=10.64.184.196,dstPort=6659,dstIP=10.173.178.109,policyName=\"tatemse\",occurrences=4493,httpHost=amqui,webMethod=lamco,url=\"https://www.example.net/hender/ptatemU.htm?mquisnos=tnulapa#madmi\",webQuery=\"tlabore\",soapAction=idunt,resultCode=expl,sessionID=olore,username=uian,addUsername=atuserro,responseTime=madminim,responseSize=tobeata,direction=inbound,dbUsername=ioff,queryGroup=oinBCS,application=\"itsedd\",srcHost=upt6017.api.localdomain,osUsername=nesci,schemaName=tam,dbName=sin,hdrName=idexeac,action=\"block\",errormsg=\"failure\"", "tags": [ @@ -398,10 +299,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163051038Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.90.50.149,dstPort=1936,dbUsername=olu,srcIP=10.168.225.209,srcPort=6,creatTime=2017-05-14 22:34:50,srvGroup=taliq,service=tautfugi,appName=fdeFinib,event#=uip,eventType=Logout,usrGroup=ectobea,usrAuth=True,application=\"dat\",osUsername=aUtenima,srcHost=turQuis4046.api.test,dbName=deomnisi,schemaName=olupta,bindVar=oll,sqlError=success,respSize=1127,respTime=55.870000,affRows=evelite,action=\"block\",rawQuery=\"iav\"", "tags": [ @@ -410,10 +308,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163052275Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.59.182.36,dstPort=5792,dbUsername=mtota,srcIP=10.18.150.82,srcPort=6648,creatTime=29 May 2017 05:37:24,srvGroup=rit,service=eumfu,appName=lors,event#=oluptat,eventType=Login,usrGroup=enimad,usrAuth=True,application=\"tis\",osUsername=qua,srcHost=con6049.internal.lan,dbName=quelaud,schemaName=luptat,bindVar=rinrep,sqlError=unknown,respSize=6112,respTime=135.357000,affRows=nimv,action=\"allow\",rawQuery=\"tconse\"", "tags": [ @@ -422,10 +317,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163053263Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=rem,createTime=2017-06-12 12:39:58,eventType=ulamcola,eventSev=very-high,username=llita,subsystem=ntsunt,message=\"nturmag\"", "tags": [ @@ -434,10 +326,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163054239Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.228.229.144,dstPort=3236,dbUsername=ametcons,srcIP=10.151.240.35,srcPort=3197,creatTime=2017-06-26 19:42:33,srvGroup=roquisq,service=uasi,appName=maveniam,event#=uis,eventType=lill,usrGroup=remeum,usrAuth=mmod,application=\"taevit\",osUsername=ama,srcHost=tatnonp1371.www.invalid,dbName=xercit,schemaName=lam,bindVar=asnu,sqlError=failure,respSize=4325,respTime=168.492000,affRows=eriam,action=\"cancel\",rawQuery=\"aquae\"", "tags": [ @@ -446,10 +335,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163055218Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.242.48.203,dstPort=1102,dbUsername=ese,srcIP=10.147.142.242,srcPort=2586,creatTime=2017-07-11 02:45:07,srvGroup=eca,service=ctionofd,appName=mpori,event#=olupt,eventType=Logout,usrGroup=ola,usrAuth=False,application=\"ptat\",osUsername=quasi,srcHost=tium3542.internal.invalid,dbName=squamest,schemaName=quisn,bindVar=pteu,sqlError=success,respSize=3970,respTime=11.548000,affRows=antium,action=\"block\",rawQuery=\"velillum\"", "tags": [ @@ -458,10 +344,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163056208Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=lapari,event#=Mal,createTime=2017-07-25 09:47:41,updateTime=itinvo,alertSev=very-high,group=paq,ruleName=\"emipsumq\",evntDesc=\"culpaq\",category=quamq,disposition=usan,eventType=tdolo,proto=ipv6,srcPort=4723,srcIP=10.213.165.165,dstPort=3787,dstIP=10.254.10.98,policyName=\"adipisc\",occurrences=7365,httpHost=tasnul,webMethod=uptasn,url=\"https://example.net/itati/oidentsu.gif?eporroqu=aturve#temqui\",webQuery=\"lup\",soapAction=aeca,resultCode=isau,sessionID=giat,username=ttenb,addUsername=eirure,responseTime=boreetd,responseSize=tNe,direction=outbound,dbUsername=eeufug,queryGroup=ntin,application=\"iades\",srcHost=radipis3991.mail.invalid,osUsername=civeli,schemaName=eufugia,dbName=utlabore,hdrName=tamr,action=\"cancel\",errormsg=\"success\"", "tags": [ @@ -470,10 +353,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163057201Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=onemul,createTime=2017-08-08 16:50:15,eventType=trudexe,eventSev=very-high,username=ura,subsystem=oreeufug,message=\"Quisa\"", "tags": [ @@ -482,10 +362,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163064248Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=llitani,event#=uscipit,createTime=2017-08-22 23:52:50,updateTime=luptat,alertSev=very-high,group=etco,ruleName=\"iuntN\",evntDesc=\"utfugi\",category=ursintoc,disposition=tio,eventType=mmodicon,proto=ipv6,srcPort=5439,srcIP=10.116.1.130,dstPort=3402,dstIP=10.169.28.157,policyName=\"exeacomm\",occurrences=1295,httpHost=ionula,webMethod=pexeaco,url=\"https://api.example.org/uamqua/Neq.gif?eumiu=nim#pteurs\",webQuery=\"ercitati\",soapAction=atem,resultCode=serro,sessionID=lumquid,username=eturadip,addUsername=amquaera,responseTime=rsitamet,responseSize=leumiur,direction=internal,dbUsername=utod,queryGroup=olesti,application=\"edquia\",srcHost=ihi7294.www5.localhost,osUsername=reseo,schemaName=amco,dbName=ons,hdrName=onsecte,action=\"accept\",errormsg=\"unknown\"", "tags": [ @@ -494,10 +371,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163066522Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.29.138.31,dstPort=5871,dbUsername=volupta,srcIP=10.45.69.152,srcPort=4083,creatTime=6 September 2017 06:55:24,srvGroup=emi,service=uaerat,appName=iduntu,event#=samvol,eventType=Login,usrGroup=equa,usrAuth=False,application=\"apari\",osUsername=tsunt,srcHost=caecat4920.api.host,dbName=enim,schemaName=umq,bindVar=sistena,sqlError=failure,respSize=744,respTime=33.416000,affRows=temquia,action=\"deny\",rawQuery=\"eumiu\"", "tags": [ @@ -506,10 +380,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163068421Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.152.213.228,dstPort=3387,dbUsername=ptatev,srcIP=10.100.113.11,srcPort=6971,creatTime=2017-09-20 13:57:58,srvGroup=aliqu,service=sequine,appName=utaliqui,event#=isciv,eventType=Logout,usrGroup=osqu,usrAuth=False,application=\"ptatemse\",osUsername=itationu,srcHost=setquas6188.internal.local,dbName=magnaali,schemaName=velillum,bindVar=ionev,sqlError=success,respSize=7245,respTime=131.118000,affRows=ameaq,action=\"cancel\",rawQuery=\"Except\"", "tags": [ @@ -518,10 +389,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163070006Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=uiac,createTime=2017-10-04 21:00:32,eventType=tquii,eventSev=low,username=reme,subsystem=emeumfu,message=\"inBCSedu\"", "tags": [ @@ -530,10 +398,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163071234Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.208.33.55,dstPort=1849,dbUsername=ulapari,srcIP=10.248.102.129,srcPort=3510,creatTime=2017-10-19 04:03:07,srvGroup=iatn,service=saquaeab,appName=eli,event#=rissusci,eventType=Logout,usrGroup=ectetur,usrAuth=True,application=\"dictasun\",osUsername=inimv,srcHost=nibusBo3674.www5.localhost,dbName=ntut,schemaName=mremaper,bindVar=uteirur,sqlError=unknown,respSize=6433,respTime=111.360000,affRows=isni,action=\"accept\",rawQuery=\"quovo\"", "tags": [ @@ -542,10 +407,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163072224Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.203.164.132,dstPort=6213,dbUsername=mporin,srcIP=10.109.230.216,srcPort=4447,creatTime=2017-11-02 11:05:41,srvGroup=uov,service=pariat,appName=icaboNe,event#=boreetd,eventType=Logout,usrGroup=uir,usrAuth=True,application=\"rumex\",osUsername=ectobea,srcHost=totamr7676.www5.home,dbName=imadm,schemaName=ibus,bindVar=lumdol,sqlError=success,respSize=547,respTime=166.971000,affRows=reprehe,action=\"block\",rawQuery=\"ihil\"", "tags": [ @@ -554,10 +416,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163073203Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.151.203.60,dstPort=482,dbUsername=dol,srcIP=10.117.81.75,srcPort=3365,creatTime=16 November 2017 18:08:15,srvGroup=iciatis,service=agn,appName=cul,event#=tate,eventType=Login,usrGroup=psam,usrAuth=True,application=\"itaedi\",osUsername=exeac,srcHost=idents7231.mail.home,dbName=veniamqu,schemaName=iconsequ,bindVar=ueporr,sqlError=unknown,respSize=484,respTime=27.563000,affRows=tur,action=\"block\",rawQuery=\"onorumet\"", "tags": [ @@ -566,10 +425,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163074312Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.224.217.153,dstPort=6339,dbUsername=eriti,srcIP=10.45.152.205,srcPort=6907,creatTime=1 December 2017 01:10:49,srvGroup=riame,service=datatn,appName=seq,event#=mquis,eventType=Login,usrGroup=tur,usrAuth=True,application=\"itation\",osUsername=utlabo,srcHost=tat50.mail.host,dbName=essequam,schemaName=imav,bindVar=mtot,sqlError=success,respSize=922,respTime=17.709000,affRows=prehend,action=\"allow\",rawQuery=\"liquid\"", "tags": [ @@ -578,10 +434,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163075331Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=umq,event#=ipsu,createTime=2017-12-15 08:13:24,updateTime=oremip,alertSev=low,group=odit,ruleName=\"vol\",evntDesc=\"epteurs\",category=itse,disposition=rever,eventType=sBonoru,proto=udp,srcPort=2652,srcIP=10.60.164.100,dstPort=5119,dstIP=10.1.193.187,policyName=\"yCice\",occurrences=508,httpHost=ionem,webMethod=taevitae,url=\"https://api.example.net/quam/saute.htm?nostru=docons#emipsumq\",webQuery=\"orinr\",soapAction=ineavol,resultCode=umdo,sessionID=tass,username=ugi,addUsername=riat,responseTime=atvol,responseSize=emipsum,direction=internal,dbUsername=uameiu,queryGroup=quiado,application=\"conse\",srcHost=mips3283.corp,osUsername=hite,schemaName=adipis,dbName=abo,hdrName=suntex,action=\"allow\",errormsg=\"failure\"", "tags": [ @@ -590,10 +443,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163076320Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.248.244.203,dstPort=806,dbUsername=mquamei,srcIP=10.146.228.234,srcPort=4346,creatTime=2017-12-29 15:15:58,srvGroup=rissusci,service=uaturQ,appName=iusmod,event#=susc,eventType=taed,usrGroup=eatae,usrAuth=siutali,application=\"oloremq\",osUsername=sum,srcHost=aliquip7229.mail.domain,dbName=doe,schemaName=eiusm,bindVar=oremipsu,sqlError=failure,respSize=3058,respTime=133.358000,affRows=llum,action=\"allow\",rawQuery=\"mto\"", "tags": [ @@ -602,10 +452,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163077568Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.122.127.237,dstPort=1138,dbUsername=consecte,srcIP=10.86.121.152,srcPort=3971,creatTime=2018-01-12 22:18:32,srvGroup=mquamei,service=litesse,appName=fug,event#=liquid,eventType=Logout,usrGroup=uidex,usrAuth=False,application=\"umdolo\",osUsername=nimv,srcHost=fde7756.mail.corp,dbName=usmod,schemaName=ine,bindVar=qui,sqlError=success,respSize=2771,respTime=136.167000,affRows=orsitame,action=\"block\",rawQuery=\"ipex\"", "tags": [ @@ -614,10 +461,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163078566Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.201.223.119,dstPort=3614,dbUsername=rcit,srcIP=10.204.223.184,srcPort=6092,creatTime=2018-01-27 05:21:06,srvGroup=giat,service=nculpa,appName=olupt,event#=tvol,eventType=Logout,usrGroup=ostru,usrAuth=True,application=\"mea\",osUsername=tuserror,srcHost=agnama5013.internal.example,dbName=boreetdo,schemaName=teni,bindVar=iin,sqlError=unknown,respSize=4113,respTime=161.837000,affRows=tNeq,action=\"block\",rawQuery=\"liq\"", "tags": [ @@ -626,10 +470,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163079550Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.200.12.126,dstPort=2347,dbUsername=magnido,srcIP=10.223.56.33,srcPort=5899,creatTime=10 February 2018 12:23:41,srvGroup=ing,service=amal,appName=aliq,event#=utem,eventType=Login,usrGroup=oreetd,usrAuth=True,application=\"itatis\",osUsername=Nequepo,srcHost=edictas4693.home,dbName=borisnis,schemaName=elitsedd,bindVar=hitecto,sqlError=failure,respSize=3243,respTime=75.415000,affRows=imven,action=\"block\",rawQuery=\"hende\"", "tags": [ @@ -638,10 +479,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163080573Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=deseru,event#=aquioff,createTime=2018-02-24 19:26:15,updateTime=cip,alertSev=very-high,group=onsequat,ruleName=\"tiumd\",evntDesc=\"atuse\",category=imad,disposition=tura,eventType=equuntur,proto=ipv6,srcPort=428,srcIP=10.94.89.177,dstPort=1752,dstIP=10.65.225.101,policyName=\"nulapari\",occurrences=2513,httpHost=ostrumex,webMethod=eruntmol,url=\"https://internal.example.com/imide/uiineav.htm?lloinve=eni#asia\",webQuery=\"edquiac\",soapAction=psamvolu,resultCode=teturad,sessionID=ritq,username=tuserror,addUsername=tla,responseTime=orroq,responseSize=modtempo,direction=outbound,dbUsername=uptate,queryGroup=sumqui,application=\"eritin\",srcHost=nibu2565.api.local,osUsername=citation,schemaName=emquel,dbName=rspiciat,hdrName=iavol,action=\"cancel\",errormsg=\"unknown\"", "tags": [ @@ -650,10 +488,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163081611Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.65.174.196,dstPort=472,dbUsername=iin,srcIP=10.191.184.105,srcPort=6821,creatTime=2018-03-11 02:28:49,srvGroup=iat,service=orain,appName=equaturQ,event#=llu,eventType=quaUt,usrGroup=labor,usrAuth=oris,application=\"tatemse\",osUsername=uta,srcHost=tsun7120.home,dbName=per,schemaName=tione,bindVar=nibus,sqlError=unknown,respSize=5836,respTime=61.864000,affRows=olo,action=\"deny\",rawQuery=\"BCSedutp\"", "tags": [ @@ -662,10 +497,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163082665Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=tdolor,event#=Ute,createTime=2018-03-25 09:31:24,updateTime=tura,alertSev=very-high,group=umSecti,ruleName=\"eabil\",evntDesc=\"ibusB\",category=rporis,disposition=etco,eventType=mip,proto=rdp,srcPort=6078,srcIP=10.224.148.48,dstPort=2803,dstIP=10.41.181.179,policyName=\"siarch\",occurrences=7468,httpHost=setq,webMethod=rumwr,url=\"https://api.example.com/ptatem/mporain.gif?corpo=commod#iumd\",webQuery=\"ntore\",soapAction=tect,resultCode=ion,sessionID=tutl,username=niam,addUsername=oru,responseTime=mcorp,responseSize=uelaud,direction=outbound,dbUsername=ameiu,queryGroup=utei,application=\"caecat\",srcHost=lumquid6940.mail.localdomain,osUsername=equepor,schemaName=iosamn,dbName=erspicia,hdrName=neavolup,action=\"deny\",errormsg=\"success\"", "tags": [ @@ -674,10 +506,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163083652Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.21.208.103,dstPort=5543,dbUsername=imidest,srcIP=10.21.61.134,srcPort=6124,creatTime=2018-04-08 16:33:58,srvGroup=iacon,service=ncu,appName=quaturve,event#=ciad,eventType=Logout,usrGroup=diconseq,usrAuth=False,application=\"utod\",osUsername=ostr,srcHost=amcorp7299.api.example,dbName=uptatem,schemaName=mipsa,bindVar=nproide,sqlError=success,respSize=7766,respTime=91.186000,affRows=siutali,action=\"deny\",rawQuery=\"nemullam\"", "tags": [ @@ -686,10 +515,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163084643Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.23.6.216,dstPort=4578,dbUsername=iarchit,srcIP=10.221.192.116,srcPort=4688,creatTime=2018-04-22 23:36:32,srvGroup=usBonor,service=mide,appName=sten,event#=enderi,eventType=Logout,usrGroup=labore,usrAuth=False,application=\"uasiarch\",osUsername=iamquisn,srcHost=magnama868.api.local,dbName=Section,schemaName=tevelite,bindVar=esciunt,sqlError=success,respSize=639,respTime=6.388000,affRows=borisnis,action=\"accept\",rawQuery=\"oremagn\"", "tags": [ @@ -698,10 +524,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163085691Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=rcita,event#=ataev,createTime=2018-05-07 06:39:06,updateTime=oris,alertSev=very-high,group=tate,ruleName=\"tutlabo\",evntDesc=\"nto\",category=sciv,disposition=tlabo,eventType=nsequun,proto=ipv6,srcPort=2976,srcIP=10.191.142.143,dstPort=5850,dstIP=10.240.62.238,policyName=\"sintoc\",occurrences=7580,httpHost=laboris,webMethod=ali,url=\"https://www5.example.net/aUten/edutpers.gif?apariatu=mnisis#onsequa\",webQuery=\"sunt\",soapAction=orumSe,resultCode=olupta,sessionID=emveleum,username=modtempo,addUsername=mfugi,responseTime=roqui,responseSize=ntutlabo,direction=external,dbUsername=isq,queryGroup=eacommo,application=\"amqua\",srcHost=tionevol3157.mail.invalid,osUsername=nofde,schemaName=animide,dbName=Lore,hdrName=oin,action=cancel", "tags": [ @@ -710,10 +533,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163086857Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=ecatcu,event#=entoreve,createTime=2018-05-21 13:41:41,updateTime=ion,alertSev=very-high,group=onev,ruleName=\"atu\",evntDesc=\"adeseru\",category=sitas,disposition=eni,eventType=cte,proto=igmp,srcPort=3124,srcIP=10.178.79.217,dstPort=7499,dstIP=10.111.22.134,policyName=\"datatno\",occurrences=3538,httpHost=siar,webMethod=orisnis,url=\"https://www.example.net/mvolup/pidat.jpg?ents=nsec#iaeco\",webQuery=\"ommodoco\",soapAction=ritinv,resultCode=rita,sessionID=oidents,username=ccusan,addUsername=inimav,responseTime=quel,responseSize=ugitsed,direction=external,dbUsername=idolor,queryGroup=xplic,application=\"stenat\",srcHost=mquis319.api.local,osUsername=inibusBo,schemaName=tqui,dbName=sequun,hdrName=nimadm,action=deny", "tags": [ @@ -722,10 +542,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163087870Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.161.225.172,dstPort=3708,dbUsername=meaqu,srcIP=10.77.86.215,srcPort=6390,creatTime=4 June 2018 20:44:15,srvGroup=con,service=aeabil,appName=iumtot,event#=edicta,eventType=Login,usrGroup=itaspern,usrAuth=False,application=\"tau\",osUsername=rcit,srcHost=urad5712.api.host,dbName=sitamet,schemaName=xerc,bindVar=mcolabor,sqlError=success,respSize=7286,respTime=143.926000,affRows=evita,action=\"block\",rawQuery=\"ant\"", "tags": [ @@ -734,10 +551,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163088880Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.186.133.184,dstPort=7864,dbUsername=boriosa,srcIP=10.211.161.187,srcPort=843,creatTime=2018-06-19 03:46:49,srvGroup=laud,service=uido,appName=uis,event#=msequin,eventType=autem,usrGroup=mporai,usrAuth=ipi,application=\"qua\",osUsername=acons,srcHost=enbyCic4659.www5.example,dbName=orroqui,schemaName=sci,bindVar=psamvolu,sqlError=unknown,respSize=1578,respTime=66.164000,affRows=temse,action=\"deny\",rawQuery=\"onevol\"", "tags": [ @@ -746,10 +560,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163089899Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.160.147.230,dstPort=2126,dbUsername=nimvenia,srcIP=10.254.198.47,srcPort=3925,creatTime=2018-07-03 10:49:23,srvGroup=lit,service=quin,appName=adipisc,event#=sedqui,eventType=ueporroq,usrGroup=dolo,usrAuth=adm,application=\"dolor\",osUsername=ndeomnis,srcHost=inBCSed5308.api.corp,dbName=modicons,schemaName=illoin,bindVar=rinre,sqlError=unknown,respSize=5988,respTime=34.664000,affRows=olorem,action=\"cancel\",rawQuery=\"dquiaco\"", "tags": [ @@ -758,10 +569,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163090888Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.40.24.93,dstPort=7487,dbUsername=mSecti,srcIP=10.182.197.243,srcPort=3687,creatTime=2018-07-17 17:51:58,srvGroup=xerci,service=qua,appName=iaecons,event#=pteurs,eventType=Logout,usrGroup=intocc,usrAuth=True,application=\"abo\",osUsername=orisnis,srcHost=reseo2067.api.localdomain,dbName=nsectetu,schemaName=exerci,bindVar=lit,sqlError=success,respSize=4129,respTime=171.277000,affRows=ono,action=\"cancel\",rawQuery=\"equuntu\"", "tags": [ @@ -770,10 +578,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163091899Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.249.13.159,dstPort=3023,dbUsername=uisautei,srcIP=10.108.130.106,srcPort=7601,creatTime=1 August 2018 00:54:32,srvGroup=scinge,service=lum,appName=iinea,event#=xercit,eventType=Login,usrGroup=reh,usrAuth=False,application=\"velitess\",osUsername=colab,srcHost=itte6905.mail.invalid,dbName=tesseq,schemaName=exeacomm,bindVar=uptat,sqlError=success,respSize=1044,respTime=112.679000,affRows=ptatema,action=\"cancel\",rawQuery=\"cepteurs\"", "tags": [ @@ -782,10 +587,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163092941Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=ioffic,event#=rumetMal,createTime=2018-08-15 07:57:06,updateTime=tiumtot,alertSev=very-high,group=caboNe,ruleName=\"ptate\",evntDesc=\"enimips\",category=Nequepor,disposition=nisiu,eventType=ptat,proto=ggp,srcPort=4082,srcIP=10.64.94.174,dstPort=3852,dstIP=10.39.244.49,policyName=\"ctas\",occurrences=7128,httpHost=sequ,webMethod=gna,url=\"https://internal.example.org/aev/uovolup.txt?aqueip=aqueip#rautod\",webQuery=\"tur\",soapAction=minimav,resultCode=uovo,sessionID=aven,username=Sedut,addUsername=stiaec,responseTime=rveli,responseSize=serr,direction=internal,dbUsername=uid,queryGroup=lamcor,application=\"rorsitv\",srcHost=caboNemo274.www.host,osUsername=estiae,schemaName=iunt,dbName=eFinibu,hdrName=uisaut,action=cancel", "tags": [ @@ -794,10 +596,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163093921Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=odit,createTime=2018-08-29 14:59:40,eventType=ercitati,eventSev=very-high,username=imad,subsystem=olo,message=\"deserun\"", "tags": [ @@ -806,10 +605,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163094932Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=scingeli,createTime=2018-09-12 22:02:15,eventType=uatDuis,eventSev=medium,username=apari,subsystem=itesseci,message=\"utali\"", "tags": [ @@ -818,10 +614,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163095927Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.115.203.143,dstPort=6889,dbUsername=utoditau,srcIP=10.134.135.22,srcPort=1809,creatTime=27 September 2018 05:04:49,srvGroup=serror,service=itl,appName=Bonoru,event#=rumetMa,eventType=Login,usrGroup=entor,usrAuth=False,application=\"urere\",osUsername=involu,srcHost=qui5978.api.test,dbName=amre,schemaName=orpori,bindVar=sistena,sqlError=failure,respSize=7868,respTime=5.277000,affRows=borisn,action=\"cancel\",rawQuery=\"quatu\"", "tags": [ @@ -830,10 +623,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163096918Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.43.244.252,dstPort=1752,dbUsername=inculp,srcIP=10.251.212.166,srcPort=3925,creatTime=11 October 2018 12:07:23,srvGroup=iur,service=aboNemo,appName=tsedquia,event#=ididun,eventType=Login,usrGroup=tatiset,usrAuth=False,application=\"enim\",osUsername=gnido,srcHost=iamq2577.internal.corp,dbName=uisa,schemaName=uptat,bindVar=siutal,sqlError=unknown,respSize=6947,respTime=144.976000,affRows=tempori,action=\"accept\",rawQuery=\"lamco\"", "tags": [ @@ -842,10 +632,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163097961Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=nimve,createTime=2018-10-25 19:09:57,eventType=edutpe,eventSev=medium,username=isunde,subsystem=nimadm,message=\"cepte\"", "tags": [ @@ -854,10 +641,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163099004Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.20.231.188,dstPort=1200,dbUsername=tesseq,srcIP=10.88.189.164,srcPort=1373,creatTime=2018-11-09 02:12:32,srvGroup=iusmod,service=aincid,appName=giatq,event#=tion,eventType=Logout,usrGroup=tNeque,usrAuth=False,application=\"uidolore\",osUsername=uatDuisa,srcHost=usB4127.localhost,dbName=ufugia,schemaName=mqu,bindVar=remagna,sqlError=failure,respSize=1623,respTime=33.468000,affRows=Uteni,action=\"cancel\",rawQuery=\"porinci\"", "tags": [ @@ -866,10 +650,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163099988Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=edd,createTime=2018-11-23 09:15:06,eventType=uianon,eventSev=low,username=quamquae,subsystem=aaliq,message=\"nos\"", "tags": [ @@ -878,10 +659,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163100970Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.231.77.26,dstPort=7082,dbUsername=rehe,srcIP=10.225.11.197,srcPort=3513,creatTime=7 December 2018 16:17:40,srvGroup=siarchi,service=seddoeiu,appName=lorinrep,event#=isq,eventType=Login,usrGroup=quines,usrAuth=False,application=\"entsu\",osUsername=ineavol,srcHost=abor3266.mail.home,dbName=voluptat,schemaName=volu,bindVar=iutaliqu,sqlError=failure,respSize=3064,respTime=61.960000,affRows=iusmo,action=\"allow\",rawQuery=\"uovo\"", "tags": [ @@ -890,10 +668,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163116039Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.148.3.197,dstPort=979,dbUsername=usa,srcIP=10.106.166.105,srcPort=4567,creatTime=2018-12-21 23:20:14,srvGroup=oremagna,service=siuta,appName=amnihil,event#=nderit,eventType=ficia,usrGroup=tru,usrAuth=tionu,application=\"natuser\",osUsername=olupt,srcHost=eprehe2455.www.home,dbName=smo,schemaName=avolup,bindVar=litse,sqlError=failure,respSize=2658,respTime=84.894000,affRows=untutlab,action=\"allow\",rawQuery=\"byCicer\"", "tags": [ @@ -902,10 +677,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163119401Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.172.121.239,dstPort=5339,dbUsername=iuta,srcIP=10.57.169.205,srcPort=3093,creatTime=2019-01-05 06:22:49,srvGroup=reeufugi,service=oloree,appName=xeaco,event#=urm,eventType=Logout,usrGroup=mpo,usrAuth=False,application=\"cept\",osUsername=ctas,srcHost=destla2110.www5.localdomain,dbName=inea,schemaName=ipsu,bindVar=iden,sqlError=failure,respSize=392,respTime=19.061000,affRows=reetd,action=\"cancel\",rawQuery=\"maven\"", "tags": [ @@ -914,10 +686,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163121415Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.129.234.200,dstPort=3833,dbUsername=tisundeo,srcIP=10.42.218.103,srcPort=3315,creatTime=19 January 2019 13:25:23,srvGroup=mnis,service=tametco,appName=snisiut,event#=lit,eventType=Login,usrGroup=laborio,usrAuth=False,application=\"aaliqu\",osUsername=tevelit,srcHost=exerc3694.api.home,dbName=consec,schemaName=dquia,bindVar=cep,sqlError=success,respSize=6709,respTime=34.273000,affRows=volupta,action=\"allow\",rawQuery=\"ipex\"", "tags": [ @@ -926,10 +695,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163123148Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.111.132.221,dstPort=2262,dbUsername=ali,srcIP=10.76.121.224,srcPort=4305,creatTime=2019-02-02 20:27:57,srvGroup=xcep,service=ehen,appName=remap,event#=mUt,eventType=Logout,usrGroup=admi,usrAuth=True,application=\"siarch\",osUsername=oloremi,srcHost=ididu5928.www5.local,dbName=tNe,schemaName=scive,bindVar=tcupi,sqlError=unknown,respSize=6155,respTime=139.491000,affRows=Sed,action=\"cancel\",rawQuery=\"ita\"", "tags": [ @@ -938,10 +704,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163124756Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.195.8.141,dstPort=4342,dbUsername=enimip,srcIP=10.17.214.21,srcPort=4821,creatTime=17 February 2019 03:30:32,srvGroup=umquiado,service=taspe,appName=empori,event#=mipsum,eventType=Login,usrGroup=tium,usrAuth=True,application=\"riaturE\",osUsername=ota,srcHost=boriosa7066.www.corp,dbName=Nequep,schemaName=dolo,bindVar=exeacom,sqlError=success,respSize=469,respTime=146.775000,affRows=eufugiat,action=\"accept\",rawQuery=\"non\"", "tags": [ @@ -950,10 +713,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163125782Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.173.13.179,dstPort=1211,dbUsername=ptasn,srcIP=10.179.60.167,srcPort=1124,creatTime=2019-03-03 10:33:06,srvGroup=amqui,service=itatise,appName=utlab,event#=ostr,eventType=Logout,usrGroup=liqu,usrAuth=True,application=\"cons\",osUsername=apar,srcHost=ssusc1892.internal.host,dbName=xplic,schemaName=isn,bindVar=quepor,sqlError=failure,respSize=758,respTime=58.800000,affRows=etur,action=\"block\",rawQuery=\"cusan\"", "tags": [ @@ -962,10 +722,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163126810Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.42.135.34,dstPort=4361,dbUsername=tiset,srcIP=10.178.190.123,srcPort=3288,creatTime=2019-03-17 17:35:40,srvGroup=xercitat,service=ueporr,appName=utlab,event#=entoreve,eventType=Logout,usrGroup=lmolest,usrAuth=False,application=\"ser\",osUsername=ore,srcHost=iatisund424.mail.localdomain,dbName=tametcon,schemaName=orsi,bindVar=ull,sqlError=success,respSize=2290,respTime=1.468000,affRows=etdolore,action=\"cancel\",rawQuery=\"ore\"", "tags": [ @@ -974,10 +731,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163127804Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=ectetur,createTime=2019-04-01 00:38:14,eventType=cons,eventSev=medium,username=fugit,subsystem=dantiu,message=\"ntutla\"", "tags": [ @@ -986,10 +740,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163128817Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.207.198.239,dstPort=4735,dbUsername=Loremips,srcIP=10.8.147.176,srcPort=5920,creatTime=15 April 2019 07:40:49,srvGroup=odtem,service=ite,appName=tseddo,event#=ptatems,eventType=Login,usrGroup=ori,usrAuth=False,application=\"exerc\",osUsername=aUteni,srcHost=uidolo7626.local,dbName=rchite,schemaName=incididu,bindVar=idolor,sqlError=failure,respSize=3043,respTime=36.712000,affRows=oinB,action=\"accept\",rawQuery=\"econsequ\"", "tags": [ @@ -998,10 +749,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163129950Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.116.26.185,dstPort=595,dbUsername=oNe,srcIP=10.206.221.180,srcPort=6818,creatTime=2019-04-29 14:43:23,srvGroup=repr,service=idu,appName=otam,event#=amquaera,eventType=rumS,usrGroup=uelau,usrAuth=quidolor,application=\"cca\",osUsername=litesseq,srcHost=dmini3435.internal.domain,dbName=rumexerc,schemaName=nseq,bindVar=quisnost,sqlError=unknown,respSize=3218,respTime=26.485000,affRows=orisnisi,action=\"block\",rawQuery=\"nul\"", "tags": [ @@ -1010,10 +758,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163131036Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.86.180.150,dstPort=5495,dbUsername=mnisis,srcIP=10.253.127.130,srcPort=5339,creatTime=2019-05-13 21:45:57,srvGroup=isciveli,service=urve,appName=sundeomn,event#=tasu,eventType=Logout,usrGroup=equunt,usrAuth=True,application=\"uat\",osUsername=itasper,srcHost=nibusBo1864.domain,dbName=ent,schemaName=etconsec,bindVar=docons,sqlError=failure,respSize=4564,respTime=4.592000,affRows=mremap,action=\"allow\",rawQuery=\"sperna\"", "tags": [ @@ -1022,10 +767,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163132060Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=mexe,event#=sequatDu,createTime=2019-05-28 04:48:31,updateTime=ssuscip,alertSev=high,group=ciade,ruleName=\"busBonor\",evntDesc=\"enima\",category=emseq,disposition=osamni,eventType=umetMa,proto=ipv6-icmp,srcPort=4469,srcIP=10.220.175.201,dstPort=579,dstIP=10.158.161.5,policyName=\"eab\",occurrences=4098,httpHost=ciduntut,webMethod=atisu,url=\"https://internal.example.com/architec/incul.txt?aborios=mco#amnisiu\",webQuery=\"suntincu\",soapAction=lore,resultCode=equatu,sessionID=enbyCi,username=dolo,addUsername=adipi,responseTime=beata,responseSize=evelites,direction=inbound,dbUsername=tNeq,queryGroup=umtot,application=\"eumiurer\",srcHost=inv6528.www5.example,osUsername=rrors,schemaName=dolo,dbName=tsed,hdrName=corpori,action=allow", "tags": [ @@ -1034,10 +776,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163133072Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,event#=uioff,createTime=2019-06-11 11:51:06,eventType=ema,eventSev=low,username=mpo,subsystem=deritinv,message=\"ten\"", "tags": [ @@ -1046,10 +785,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163134097Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.150.27.144,dstPort=5627,dbUsername=res,srcIP=10.248.16.82,srcPort=6834,creatTime=25 June 2019 18:53:40,srvGroup=loinv,service=umd,appName=madmi,event#=xercit,eventType=Login,usrGroup=avolup,usrAuth=True,application=\"etdo\",osUsername=tuserror,srcHost=nisiutal4437.www.example,dbName=uipex,schemaName=ditautf,bindVar=orr,sqlError=failure,respSize=4367,respTime=25.972000,affRows=uptas,action=\"cancel\",rawQuery=\"osquira\"", "tags": [ @@ -1058,10 +794,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163135106Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.146.131.76,dstPort=2281,dbUsername=orsi,srcIP=10.173.19.140,srcPort=7780,creatTime=2019-07-10 01:56:14,srvGroup=atu,service=ddo,appName=veli,event#=ata,eventType=Logout,usrGroup=untmoll,usrAuth=False,application=\"ididun\",osUsername=olo,srcHost=tqui5172.www.local,dbName=untex,schemaName=Except,bindVar=elitsedd,sqlError=failure,respSize=5844,respTime=52.550000,affRows=cingel,action=\"allow\",rawQuery=\"seos\"", "tags": [ @@ -1070,10 +803,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163136127Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.69.5.227,dstPort=5845,dbUsername=doloreme,srcIP=10.171.175.165,srcPort=5776,creatTime=2019-07-24 08:58:48,srvGroup=taspe,service=litess,appName=enimadm,event#=corpori,eventType=onemull,usrGroup=emeu,usrAuth=uisaute,application=\"tvol\",osUsername=ntocc,srcHost=intocca6708.mail.corp,dbName=dquiaco,schemaName=rumw,bindVar=ula,sqlError=failure,respSize=5201,respTime=46.690000,affRows=quam,action=\"deny\",rawQuery=\"edquian\"", "tags": [ @@ -1082,10 +812,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163137144Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.213.214.118,dstPort=7851,dbUsername=ate,srcIP=10.253.175.129,srcPort=5547,creatTime=7 August 2019 16:01:23,srvGroup=rsi,service=tuser,appName=equinesc,event#=ectet,eventType=Login,usrGroup=emull,usrAuth=False,application=\"enatuser\",osUsername=epteurs,srcHost=isetqu2843.www.invalid,dbName=niamqu,schemaName=nrep,bindVar=lauda,sqlError=failure,respSize=6260,respTime=9.295000,affRows=aincidu,action=\"deny\",rawQuery=\"ipsamvol\"", "tags": [ @@ -1094,10 +821,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163138212Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=estquido,event#=eufugiat,createTime=2019-08-21 23:03:57,updateTime=minima,alertSev=high,group=bor,ruleName=\"uisnos\",evntDesc=\"loi\",category=tation,disposition=seddoe,eventType=adol,proto=rdp,srcPort=7756,srcIP=10.149.91.130,dstPort=3548,dstIP=10.89.26.170,policyName=\"aqueipsa\",occurrences=5863,httpHost=ide,webMethod=atcupi,url=\"https://www.example.com/sit/ugi.gif?sitametc=rur#edut\",webQuery=\"sitametc\",soapAction=iarchite,resultCode=uide,sessionID=iono,username=aboris,addUsername=eturad,responseTime=ipiscive,responseSize=sequu,direction=internal,dbUsername=epteur,queryGroup=iqu,application=\"uptateve\",srcHost=commodo6041.mail.localhost,osUsername=atus,schemaName=orumetMa,dbName=inventor,hdrName=dolo,action=block", "tags": [ @@ -1106,10 +830,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163145699Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=tmolli,event#=orumSe,createTime=2019-09-05 06:06:31,updateTime=mSe,alertSev=high,group=teturad,ruleName=\"alorumwr\",evntDesc=\"pis\",category=idol,disposition=mmodico,eventType=emaccu,proto=rdp,srcPort=5818,srcIP=10.52.106.68,dstPort=856,dstIP=10.81.108.232,policyName=\"atemq\",occurrences=5098,httpHost=volupta,webMethod=Quisaut,url=\"https://internal.example.net/obeatae/sedqui.jpg?nulap=onseq#amrem\",webQuery=\"plicab\",soapAction=isisten,resultCode=eiusmodt,sessionID=naaliq,username=aco,addUsername=psamvolu,responseTime=inculp,responseSize=eni,direction=inbound,dbUsername=sedqu,queryGroup=ipitlabo,application=\"olorinr\",srcHost=gitse6744.api.local,osUsername=neavolup,schemaName=uaturve,dbName=lapa,hdrName=uepor,action=\"allow\",errormsg=\"failure\"", "tags": [ @@ -1118,10 +839,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163147834Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=umquamei,event#=nih,createTime=2019-09-19 13:09:05,updateTime=tionev,alertSev=high,group=quia,ruleName=\"eabill\",evntDesc=\"itatiset\",category=uaerat,disposition=met,eventType=isno,proto=icmp,srcPort=2572,srcIP=10.230.48.97,dstPort=1991,dstIP=10.223.10.28,policyName=\"emveleu\",occurrences=4029,httpHost=norumet,webMethod=tconse,url=\"https://mail.example.com/iaturE/inc.htm?uisaut=mnihilm#itinvo\",webQuery=\"lestia\",soapAction=anti,resultCode=eavo,sessionID=enderi,username=erit,addUsername=uptatem,responseTime=reeufug,responseSize=temveleu,direction=unknown,dbUsername=repre,queryGroup=consec,application=\"untmoll\",srcHost=par3605.internal.localdomain,osUsername=usmodte,schemaName=untex,dbName=ommodi,hdrName=ntiu,action=\"deny\",errormsg=\"success\"", "tags": [ @@ -1130,10 +848,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163149643Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.115.42.231,dstPort=2143,dbUsername=res,srcIP=10.161.212.150,srcPort=2748,creatTime=3 October 2019 20:11:40,srvGroup=corporis,service=turExc,appName=urvelil,event#=ulapa,eventType=Login,usrGroup=abi,usrAuth=False,application=\"ameiusm\",osUsername=tasnul,srcHost=isau4356.www.home,dbName=niamqui,schemaName=sequamn,bindVar=onse,sqlError=failure,respSize=4846,respTime=6.993000,affRows=aliquaUt,action=\"deny\",rawQuery=\"natus\"", "tags": [ @@ -1142,10 +857,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163151347Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=emp,event#=suscipit,createTime=2019-10-18 03:14:14,updateTime=iaconseq,alertSev=medium,group=sciuntNe,ruleName=\"nevo\",evntDesc=\"stiaec\",category=officia,disposition=ametcon,eventType=gnid,proto=ipv6,srcPort=5677,srcIP=10.226.75.20,dstPort=3896,dstIP=10.247.108.144,policyName=\"iutaliqu\",occurrences=3711,httpHost=onsectet,webMethod=iat,url=\"https://www5.example.org/elaud/temsequ.htm?dolo=iciatisu#eip\",webQuery=\"iquaUte\",soapAction=aborumSe,resultCode=writt,sessionID=dent,username=tema,addUsername=saquaeab,responseTime=rpo,responseSize=inr,direction=internal,dbUsername=edquiac,queryGroup=olore,application=\"urEx\",srcHost=labo3477.www5.domain,osUsername=maccusan,schemaName=fugia,dbName=psa,hdrName=iset,action=\"block\",errormsg=\"success\"", "tags": [ @@ -1154,10 +866,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163152399Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.192.15.65,dstPort=3328,dbUsername=nimides,srcIP=10.97.22.61,srcPort=6420,creatTime=2019-11-01 10:16:48,srvGroup=labor,service=quelaud,appName=ira,event#=gna,eventType=aparia,usrGroup=ntoreve,usrAuth=remips,application=\"uptatemU\",osUsername=illumd,srcHost=itseddo2209.mail.domain,dbName=olu,schemaName=rExcep,bindVar=turExcep,sqlError=success,respSize=4173,respTime=166.270000,affRows=duntutla,action=\"block\",rawQuery=\"tmollit\"", "tags": [ @@ -1166,10 +875,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163153418Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,alert#=venia,event#=Loremi,createTime=2019-11-15 17:19:22,updateTime=uisnostr,alertSev=medium,group=vol,ruleName=\"ommodi\",evntDesc=\"ritat\",category=dipi,disposition=asnulapa,eventType=atev,proto=tcp,srcPort=7469,srcIP=10.197.254.133,dstPort=2009,dstIP=10.116.76.161,policyName=\"tla\",occurrences=2608,httpHost=ender,webMethod=quid,url=\"https://mail.example.net/teturad/nimide.htm?ueporroq=writ#ema\",webQuery=\"ioffici\",soapAction=agni,resultCode=tat,sessionID=metconse,username=ide,addUsername=equu,responseTime=pernatur,responseSize=orem,direction=outbound,dbUsername=caecatc,queryGroup=iarc,application=\"emquia\",srcHost=duntutl3396.api.host,osUsername=idu,schemaName=trudex,dbName=ncul,hdrName=mcorpor,action=cancel", "tags": [ @@ -1178,10 +884,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163154433Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.28.77.79,dstPort=3615,dbUsername=upta,srcIP=10.144.14.15,srcPort=1150,creatTime=30 November 2019 00:21:57,srvGroup=consequ,service=min,appName=riame,event#=gnaal,eventType=Login,usrGroup=nti,usrAuth=True,application=\"tetura\",osUsername=utlab,srcHost=colabo6686.internal.invalid,dbName=uptass,schemaName=rspic,bindVar=itsedq,sqlError=success,respSize=4810,respTime=22.348000,affRows=iut,action=\"deny\",rawQuery=\"nemu\"", "tags": [ @@ -1190,10 +893,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:34:52.163155513Z" + "version": "8.2.0" }, "message": "%IMPERVA-Imperva,dstIP=10.248.177.182,dstPort=317,dbUsername=quei,srcIP=10.18.15.43,srcPort=2224,creatTime=2019-12-14 07:24:31,srvGroup=reetdol,service=umtotam,appName=itaedi,event#=ant,eventType=tiumt,usrGroup=taedicta,usrAuth=mveniamq,application=\"exerci\",osUsername=quaturve,srcHost=tsunti1164.www.example,dbName=equatur,schemaName=caecat,bindVar=oreetd,sqlError=unknown,respSize=983,respTime=113.318000,affRows=nderit,action=\"accept\",rawQuery=\"icer\"", "tags": [ diff --git a/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml b/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml index 39b7f8d60b1..1bfc9206f29 100644 --- a/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml +++ b/packages/imperva/data_stream/securesphere/elasticsearch/ingest_pipeline/default.yml @@ -2,13 +2,9 @@ description: Pipeline for Imperva SecureSphere processors: - # ECS event.ingested - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/imperva/data_stream/securesphere/sample_event.json b/packages/imperva/data_stream/securesphere/sample_event.json index ff5289b9b42..88292fd00a6 100644 --- a/packages/imperva/data_stream/securesphere/sample_event.json +++ b/packages/imperva/data_stream/securesphere/sample_event.json @@ -19,7 +19,7 @@ "port": 892 }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/imperva/manifest.yml b/packages/imperva/manifest.yml index a2368f9a06e..e3b683c8f8a 100644 --- a/packages/imperva/manifest.yml +++ b/packages/imperva/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: imperva title: Imperva SecureSphere Logs -version: 0.7.0 +version: 0.8.0 description: Collect SecureSphere logs from Imperva devices with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/infoblox/_dev/build/build.yml b/packages/infoblox/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/infoblox/_dev/build/build.yml +++ b/packages/infoblox/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/infoblox/changelog.yml b/packages/infoblox/changelog.yml index b1df714eaf4..6ab8c997bbc 100644 --- a/packages/infoblox/changelog.yml +++ b/packages/infoblox/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.8.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "0.7.0" changes: - description: Update to ECS 8.0.0 diff --git a/packages/infoblox/data_stream/nios/_dev/test/pipeline/test-generated.log-expected.json b/packages/infoblox/data_stream/nios/_dev/test/pipeline/test-generated.log-expected.json index 33138ba8d28..3209a0e8b3f 100644 --- a/packages/infoblox/data_stream/nios/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/infoblox/data_stream/nios/_dev/test/pipeline/test-generated.log-expected.json @@ -2,10 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584011461Z" + "version": "8.2.0" }, "message": "January 29 06:09:59 doeiu3942.localdomain -:rc executing eporr start", "tags": [ @@ -14,10 +11,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584014842Z" + "version": "8.2.0" }, "message": "February 12 13:12:33 tia7019.www.invalid :diskcheck quis", "tags": [ @@ -26,10 +20,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584015810Z" + "version": "8.2.0" }, "message": "February 26 20:15:08 dolo1720.api.example 10.250.162.122 logger: com", "tags": [ @@ -38,10 +29,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584016711Z" + "version": "8.2.0" }, "message": "March 12 03:17:42 ratio1111.localdomain -:diskcheck atio", "tags": [ @@ -50,10 +38,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584017674Z" + "version": "8.2.0" }, "message": "March 26 10:20:16 tconsec5932.mail.domain shutdown[uam]: shutting down for system reboot", "tags": [ @@ -62,10 +47,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584018520Z" + "version": "8.2.0" }, "message": "April 9 17:22:51 llu4762.mail.localdomain snmptrapd[scivel]: NET-SNMP version 1.5695 aperi", "tags": [ @@ -74,10 +56,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584019367Z" + "version": "8.2.0" }, "message": "April 24 00:25:25 estqui6557.www.localhost -:syslog-ng equuntu", "tags": [ @@ -86,10 +65,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584020271Z" + "version": "8.2.0" }, "message": "May 08 07:27:59 mcolabor1656.www5.corp netauto_discovery[giatq]: quid:fug(uatDuis)10.68.114.91/veri: SNMP Credentials: Failed to authenticate", "tags": [ @@ -98,10 +74,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584021123Z" + "version": "8.2.0" }, "message": "May 22 14:30:33 exercit4665.internal.domain -:scheduled_ftp_backups Scheduled backup to the eetd was successful - Backup file eip", "tags": [ @@ -110,10 +83,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584021964Z" + "version": "8.2.0" }, "message": "June 5 21:33:08 iutal13.api.localdomain python[eacomm]: Utenimad: nibusBon.ehend [ueipsaqu]: Populated uidolore niamqu222.localdomain DnsView=tevelit", "tags": [ @@ -122,10 +92,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584022805Z" + "version": "8.2.0" }, "message": "June 20 04:35:42 boree6686.www5.host ntpd[iinea]: ipit", "tags": [ @@ -134,10 +101,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584023842Z" + "version": "8.2.0" }, "message": "July 4 11:38:16 itlabori2344.mail.invalid -:openvpn-member OpenVPN 1.4105 [icmp] [aper] essequ", "tags": [ @@ -146,10 +110,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584024709Z" + "version": "8.2.0" }, "message": "July 18 18:40:50 tessec3539.home nsect: rc6 ntutl", "tags": [ @@ -158,10 +119,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584025560Z" + "version": "8.2.0" }, "message": "August 2 01:43:25 siuta2896.www.localhost -:ntpd ntpd exiting on signal 2946", "tags": [ @@ -170,10 +128,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584026402Z" + "version": "8.2.0" }, "message": "August 16 08:45:59 strude910.internal.local pidof[ittenbyC]: can't read sid from aperi", "tags": [ @@ -182,10 +137,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584027252Z" + "version": "8.2.0" }, "message": "August 30 15:48:33 lores1409.www.home :sSMTP etc", "tags": [ @@ -194,10 +146,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584028204Z" + "version": "8.2.0" }, "message": "September 13 22:51:07 nimadmin1493.www5.example rc3[lpa]: entsu", "tags": [ @@ -206,10 +155,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584029073Z" + "version": "8.2.0" }, "message": "September 28 05:53:42 mqui4683.www.localhost tasuntex: kernel sunt", "tags": [ @@ -218,10 +164,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584029922Z" + "version": "8.2.0" }, "message": "October 12 12:56:16 incidi2966.www.test controld[olupt]: Distribution Complete", "tags": [ @@ -230,10 +173,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584030796Z" + "version": "8.2.0" }, "message": "October 26 19:58:50 ugiatnu5252.internal.localdomain -:syslog erc", "tags": [ @@ -242,10 +182,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584031645Z" + "version": "8.2.0" }, "message": "November 10 03:01:24 aperia4409.www5.invalid :controld Distribution Started", "tags": [ @@ -254,10 +191,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584032506Z" + "version": "8.2.0" }, "message": "November 24 10:03:59 emagnama4259.example 10.206.136.206 dhcpd: Average suntinc dynamic DNS update latency: success micro seconds", "tags": [ @@ -266,10 +200,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584033357Z" + "version": "8.2.0" }, "message": "December 8 17:06:33 isno2228.home nnu: smart_check_io dolo", "tags": [ @@ -278,10 +209,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584034343Z" + "version": "8.2.0" }, "message": "December 23 00:09:07 amvolup7700.www5.corp 10.19.194.101 rsyncd: rsync on orinrepr from conse2991.internal.lan (10.116.104.101)", "tags": [ @@ -290,10 +218,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584035197Z" + "version": "8.2.0" }, "message": "January 6 07:11:41 tat7551.internal.local rc6[itinvo]: mdolore", "tags": [ @@ -302,10 +227,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584036046Z" + "version": "8.2.0" }, "message": "January 20 14:14:16 siarchi2289.mail.lan debug_mount[olupta]: mount mipsumd", "tags": [ @@ -314,10 +236,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584036895Z" + "version": "8.2.0" }, "message": "February 3 21:16:50 remi2114.local ionevo: ntpd ntpd exiting on signal 3219", "tags": [ @@ -326,10 +245,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584037752Z" + "version": "8.2.0" }, "message": "February 18 04:19:24 dolor2707.api.localhost httpd[commod]: 2017-2-18 4:19:24.adol [doloremi]: Login_Denied - - to=luptasn ip=10.153.111.103 info=itquiin", "tags": [ @@ -338,10 +254,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584038611Z" + "version": "8.2.0" }, "message": "March 4 11:21:59 que651.www5.host init[etconse]: tincu", "tags": [ @@ -350,10 +263,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584039462Z" + "version": "8.2.0" }, "message": "Mar 18 18:24:33 asun1250.api.localdomain DIS[oluptate]: onseq:serunt: Deviceaquaeabi/10.171.157.74login failurefailure", "tags": [ @@ -362,10 +272,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584040314Z" + "version": "8.2.0" }, "message": "April 2 01:27:07 ento4488.www5.localhost :rc6 eriamea", "tags": [ @@ -374,10 +281,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584041158Z" + "version": "8.2.0" }, "message": "April 16 08:29:41 pisciv7108.lan 10.140.136.44 named: client 10.31.14.36#2285/key dhcp_updater_default: signer \"vitaedi\" approved", "tags": [ @@ -386,10 +290,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584042034Z" + "version": "8.2.0" }, "message": "April 30 15:32:16 veniamq1608.www.localdomain colab: diskcheck ommodico", "tags": [ @@ -398,10 +299,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584042887Z" + "version": "8.2.0" }, "message": "May 14 22:34:50 tin183.api.corp netauto_discovery[sperna]: eabilloi:estia(tper)10.163.5.243/osqui: SNMP Credentials: Failed to authenticate", "tags": [ @@ -410,10 +308,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584043843Z" + "version": "8.2.0" }, "message": "May 29 05:37:24 fdeFi1123.api.domain INFOBLOX-Grid[etdol]: Started distribution on member with IP address 10.177.36.38", "tags": [ @@ -422,10 +317,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584044713Z" + "version": "8.2.0" }, "message": "June 12 12:39:58 aevit37.www5.test ati: kernel Linux version 1.6668 (gel) (lorsitam) mpo", "tags": [ @@ -434,10 +326,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584045556Z" + "version": "8.2.0" }, "message": "June 26 19:42:33 aliquam1364.api.corp -:syslog eratv", "tags": [ @@ -446,10 +335,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584046426Z" + "version": "8.2.0" }, "message": "July 11 02:45:07 uir1374.mail.domain -:smart_check_io quiratio", "tags": [ @@ -458,10 +344,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584047277Z" + "version": "8.2.0" }, "message": "July 25 09:47:41 nse2256.www.localdomain equat: db_jnld Resolved conflict for replicated delete of TXT \"derit\" in zone \"dexea\"", "tags": [ @@ -470,10 +353,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584048123Z" + "version": "8.2.0" }, "message": "August 8 16:50:15 lapar1024.www5.local intocc: sSMTP Unable to locate liqu2936.api.localdomain.", "tags": [ @@ -482,10 +362,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584048963Z" + "version": "8.2.0" }, "message": "August 22 23:52:50 tDuisaut3296.www.invalid scheduled_ftp_backups[imvenia]: Scheduled backup to the spi was successful - Backup file stquido", "tags": [ @@ -494,10 +371,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584049817Z" + "version": "8.2.0" }, "message": "September 6 06:55:24 upta3300.www.home 10.233.48.103 diskcheck: leumiur", "tags": [ @@ -506,10 +380,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584050671Z" + "version": "8.2.0" }, "message": "September 20 13:57:58 vita2681.www5.local tobea: controld Distribution Complete", "tags": [ @@ -518,10 +389,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584051517Z" + "version": "8.2.0" }, "message": "October 4 21:00:32 ersp3536.www5.lan 10.93.90.240 rsyncd: sent 1792 bytes received 7387 bytes total size tes", "tags": [ @@ -530,10 +398,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584052362Z" + "version": "8.2.0" }, "message": "Oct 19 04:03:07 tnulapa7592.www.local DIS[eriti]: litessec: itas: Attempting discover-now for 10.251.106.205 on mporin, using session ID", "tags": [ @@ -542,10 +407,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584053536Z" + "version": "8.2.0" }, "message": "November 2 11:05:41 roid6604.www.test -:syslog Nemoenim", "tags": [ @@ -554,10 +416,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584054402Z" + "version": "8.2.0" }, "message": "November 16 18:08:15 nihil657.domain validate_dhcpd[rsitv]: iciade", "tags": [ @@ -566,10 +425,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584055258Z" + "version": "8.2.0" }, "message": "December 1 01:10:49 ven660.api.lan amnih: watchdog cancel, pid = 3981", "tags": [ @@ -578,10 +434,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584056115Z" + "version": "8.2.0" }, "message": "December 15 08:13:24 atatn7364.internal.localdomain debug_mount[ofdeFin]: mount essequam", "tags": [ @@ -590,10 +443,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584056956Z" + "version": "8.2.0" }, "message": "December 29 15:15:58 umqu301.internal.home init[inesci]: isnisi", "tags": [ @@ -602,10 +452,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584062767Z" + "version": "8.2.0" }, "message": "January 12 22:18:32 riamea1540.www.host -:ntpd_initres ntpd exiting on signal 15", "tags": [ @@ -614,10 +461,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584065170Z" + "version": "8.2.0" }, "message": "January 27 05:21:06 siut5663.local piscinge: rcsysinit fsck from 1.271", "tags": [ @@ -626,10 +470,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584066344Z" + "version": "8.2.0" }, "message": "February 10 12:23:41 cinge7339.api.corp -:diskcheck vitaedi", "tags": [ @@ -638,10 +479,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584067412Z" + "version": "8.2.0" }, "message": "February 24 19:26:15 dolore7072.www5.localhost ect: logger modocons", "tags": [ @@ -650,10 +488,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584068435Z" + "version": "8.2.0" }, "message": "March 11 02:28:49 odoconse228.mail.localdomain -:syslog-ng veli", "tags": [ @@ -662,10 +497,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584069315Z" + "version": "8.2.0" }, "message": "March 25 09:31:24 labo267.internal.localhost httpd[etdo]: 2018-3-25 9:31:24.par [lorin]: Login_Denied - - to=pitl ip=10.204.128.215 info=ama", "tags": [ @@ -674,10 +506,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584070180Z" + "version": "8.2.0" }, "message": "Apr 8 16:33:58 roidents6540.internal.corp -:debug tametcon", "tags": [ @@ -686,10 +515,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584071064Z" + "version": "8.2.0" }, "message": "April 22 23:36:32 miurerep1152.internal.domain pidof[utlab]: can't read sid from emUteni", "tags": [ @@ -698,10 +524,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584071932Z" + "version": "8.2.0" }, "message": "May 07 06:39:06 inimve2352.lan :captured_dns_uploader mco", "tags": [ @@ -710,10 +533,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584072804Z" + "version": "8.2.0" }, "message": "May 21 13:41:41 amcorp1275.www5.host netauto_core[liqua]: netautoctl:olo", "tags": [ @@ -722,10 +542,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584073676Z" + "version": "8.2.0" }, "message": "Jun 04 20:44:15 fdeF593.internal.lan DIS[niamq]: lapariat: remagn: Attempting discover-now for 10.238.140.186 on tiaec, using session ID", "tags": [ @@ -734,10 +551,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584074540Z" + "version": "8.2.0" }, "message": "June 19 03:46:49 upt4986.mail.corp ntpdate[idunt]: luptat", "tags": [ @@ -746,10 +560,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584075416Z" + "version": "8.2.0" }, "message": "July 3 10:49:23 lillum7809.mail.local taedicta: logger ritt", "tags": [ @@ -758,10 +569,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584076275Z" + "version": "8.2.0" }, "message": "July 17 17:51:58 tetur2694.mail.local ipi: openvpn-member OpenVPN 1.7727 [ipv6-icmp] [uaeab] itinv", "tags": [ @@ -770,10 +578,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584077173Z" + "version": "8.2.0" }, "message": "August 1 00:54:32 utaliqu6138.mail.localhost nvolupt: pidof can't read sid from oremi", "tags": [ @@ -782,10 +587,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584078034Z" + "version": "8.2.0" }, "message": "August 15 07:57:06 atcupi2332.mail.localdomain -:INFOBLOX-Grid Upgrade to ore", "tags": [ @@ -794,10 +596,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584078908Z" + "version": "8.2.0" }, "message": "August 29 14:59:40 luptatem6874.mail.test purge_scheduled_tasks[dat]: Scheduled tasks have been purged", "tags": [ @@ -806,10 +605,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584079782Z" + "version": "8.2.0" }, "message": "September 12 22:02:15 tame4953.mail.localhost prehen: restarting ntutlabo", "tags": [ @@ -818,10 +614,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584080666Z" + "version": "8.2.0" }, "message": "September 27 05:04:49 sequa1715.www5.domain sshd[eirure]: Accepted password for root from 10.210.113.252 port 4184 udp", "tags": [ @@ -830,10 +623,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584081542Z" + "version": "8.2.0" }, "message": "October 11 12:07:23 tconsec5315.internal.example :kernel Linux version 1.341 (fugi) (labo) nostrud", "tags": [ @@ -842,10 +632,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584082408Z" + "version": "8.2.0" }, "message": "October 25 19:09:57 cupi1867.www5.test :rcsysinit orroq", "tags": [ @@ -854,10 +641,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584083272Z" + "version": "8.2.0" }, "message": "November 9 02:12:32 rcit2043.api.home 10.107.45.175 smart_check_io: ssecil", "tags": [ @@ -866,10 +650,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584084131Z" + "version": "8.2.0" }, "message": "November 23 09:15:06 mes4801.internal.test 10.243.121.97 python: cancel: FQDN='illu4875.api.host', View='tatevel'", "tags": [ @@ -878,10 +659,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584085003Z" + "version": "8.2.0" }, "message": "December 7 16:17:40 its7867.internal.invalid 10.44.115.94 debug_mount: mount isn", "tags": [ @@ -890,10 +668,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584086114Z" + "version": "8.2.0" }, "message": "Dec 21 23:20:14 equ4808.www.localhost DIS[siuta]: urmagn:dquia: Devicetemporin/10.46.166.75login failuresuccess", "tags": [ @@ -902,10 +677,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584086991Z" + "version": "8.2.0" }, "message": "Jan 05 06:22:49 idi7668.www5.test rum: captured_dns_uploader eataevi", "tags": [ @@ -914,10 +686,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584087860Z" + "version": "8.2.0" }, "message": "January 19 13:25:23 iqu4614.www5.example 10.60.211.199 init: modocon", "tags": [ @@ -926,10 +695,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584088759Z" + "version": "8.2.0" }, "message": "February 2 20:27:57 agnaaliq1829.mail.test :ntpd_initres ntpd exiting on signal 15", "tags": [ @@ -938,10 +704,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584089624Z" + "version": "8.2.0" }, "message": "February 17 03:30:32 col3570.www.invalid tinvolup: sSMTP Sent mail for tsed (inv) uid=rroq username=rcit outbytes=2807", "tags": [ @@ -950,10 +713,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584090492Z" + "version": "8.2.0" }, "message": "March 3 10:33:06 mipsamvo4282.api.home reetdo: init oreveri", "tags": [ @@ -962,10 +722,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584091352Z" + "version": "8.2.0" }, "message": "March 17 17:35:40 Except6889.www.corp -:rc3 umetMal", "tags": [ @@ -974,10 +731,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584092213Z" + "version": "8.2.0" }, "message": "Apr 1 00:38:14 umq1309.api.test uae: debug mve", "tags": [ @@ -986,10 +740,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584093068Z" + "version": "8.2.0" }, "message": "April 15 07:40:49 tatem4180.www.home 10.102.166.19 python: deny: FQDN='eritatis6343.api.local', View='mquisn'", "tags": [ @@ -998,10 +749,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584093923Z" + "version": "8.2.0" }, "message": "April 29 14:43:23 quir7168.api.localdomain labore: syslog uela", "tags": [ @@ -1010,10 +758,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584094808Z" + "version": "8.2.0" }, "message": "May 13 21:45:57 iuntNequ7202.api.domain -:controld Distribution Complete", "tags": [ @@ -1022,10 +767,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584095741Z" + "version": "8.2.0" }, "message": "May 28 04:48:31 veniamq1236.invalid emo: radiusd itq", "tags": [ @@ -1034,10 +776,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584096605Z" + "version": "8.2.0" }, "message": "June 11 11:51:06 nderiti409.api.domain -:syslog Cic", "tags": [ @@ -1046,10 +785,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584097458Z" + "version": "8.2.0" }, "message": "June 25 18:53:40 tatem6156.www.local :dhcpd received shutdown -/-/ success", "tags": [ @@ -1058,10 +794,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584098318Z" + "version": "8.2.0" }, "message": "July 10 01:56:14 uamnihil6127.api.domain 10.29.119.245 python: accept: 'olli3116.internal.example' in view 'rsp'.", "tags": [ @@ -1070,10 +803,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584099176Z" + "version": "8.2.0" }, "message": "Jul 24 08:58:48 roquisqu1205.api.domain netauto_core[nim]: utaliqu: Attempting CLI on devicersiwith interface not in table, ip10.118.155.14", "tags": [ @@ -1082,10 +812,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584100052Z" + "version": "8.2.0" }, "message": "August 7 16:01:23 suntex5169.www.example phonehome[esci]: uov", "tags": [ @@ -1094,10 +821,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584100914Z" + "version": "8.2.0" }, "message": "August 21 23:03:57 fici5161.www5.example olup: debug_mount mount aco", "tags": [ @@ -1106,10 +830,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584101785Z" + "version": "8.2.0" }, "message": "September 5 06:06:31 orsi7617.www5.corp lorsita: shutdown shutting down for system reboot", "tags": [ @@ -1118,10 +839,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584102660Z" + "version": "8.2.0" }, "message": "September 19 13:09:05 osamnis4912.mail.host npr: radiusd etconsec", "tags": [ @@ -1130,10 +848,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584103518Z" + "version": "8.2.0" }, "message": "Oct 03 20:11:40 urExcept6809.www5.corp captured_dns_uploader[atcupida]: tessequa", "tags": [ @@ -1142,10 +857,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584104392Z" + "version": "8.2.0" }, "message": "Oct 18 03:14:14 icab3519.localdomain dhcpdv6[plicaboN]: Encapsulated Renew message from 2001:db8::b1f51444:f88dd359 port 2496 from client DUID acommo, transaction ID isi", "tags": [ @@ -1154,10 +866,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584105257Z" + "version": "8.2.0" }, "message": "November 1 10:16:48 abor4353.www5.host ame: python tesseq", "tags": [ @@ -1166,10 +875,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584106116Z" + "version": "8.2.0" }, "message": "November 15 17:19:22 olorem290.api.lan sshd[culpaqui]: deny: logout() unknown", "tags": [ @@ -1178,10 +884,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584106980Z" + "version": "8.2.0" }, "message": "November 30 00:21:57 ventore3612.www.home purge_scheduled_tasks[emp]: Scheduled tasks have been purged", "tags": [ @@ -1190,10 +893,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:38:45.584107843Z" + "version": "8.2.0" }, "message": "Dec 14 07:24:31 uptatem4483.localhost tacacs_acct[inrepr]: mol: Server 10.111.52.69 port 6073: asperna", "tags": [ diff --git a/packages/infoblox/data_stream/nios/elasticsearch/ingest_pipeline/default.yml b/packages/infoblox/data_stream/nios/elasticsearch/ingest_pipeline/default.yml index 0fbd667ce7a..87ddd98690b 100644 --- a/packages/infoblox/data_stream/nios/elasticsearch/ingest_pipeline/default.yml +++ b/packages/infoblox/data_stream/nios/elasticsearch/ingest_pipeline/default.yml @@ -2,13 +2,9 @@ description: Pipeline for Infoblox NIOS processors: - # ECS event.ingested - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/infoblox/data_stream/nios/sample_event.json b/packages/infoblox/data_stream/nios/sample_event.json index 26629027a01..e76a61b2f2b 100644 --- a/packages/infoblox/data_stream/nios/sample_event.json +++ b/packages/infoblox/data_stream/nios/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/infoblox/manifest.yml b/packages/infoblox/manifest.yml index 266a4786265..35c3db4ab2c 100644 --- a/packages/infoblox/manifest.yml +++ b/packages/infoblox/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: infoblox title: Infoblox NIOS Logs -version: 0.7.0 +version: 0.8.0 description: Collect NIOS logs from Infoblox devices with Elastic Agent. categories: ["network"] release: experimental diff --git a/packages/iptables/_dev/build/build.yml b/packages/iptables/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/iptables/_dev/build/build.yml +++ b/packages/iptables/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/iptables/changelog.yml b/packages/iptables/changelog.yml index d3168aa5352..1d05835a009 100644 --- a/packages/iptables/changelog.yml +++ b/packages/iptables/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "0.8.1" changes: - description: Add documentation for multi-fields diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json index 5d9a023ab43..076724ac819 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-iptables-raw.log-expected.json @@ -8,7 +8,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop", @@ -108,7 +108,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop", @@ -208,7 +208,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop", @@ -302,7 +302,7 @@ "mac": "90-10-28-5F-62-24" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "deny", @@ -359,7 +359,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop_input", @@ -438,7 +438,7 @@ "port": 1433 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop_input", @@ -502,7 +502,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop_input", @@ -581,7 +581,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop_input", @@ -660,7 +660,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop_input", @@ -739,7 +739,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop_input", @@ -803,7 +803,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop_input", @@ -870,7 +870,7 @@ "port": 445 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop_input", @@ -937,7 +937,7 @@ "port": 139 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop_input", @@ -1001,7 +1001,7 @@ "port": 8088 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop_input", @@ -1072,7 +1072,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -1135,7 +1135,7 @@ "mac": "90-10-12-34-56-78" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -1204,7 +1204,7 @@ "port": 48689 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "accept", @@ -1272,7 +1272,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "accept", @@ -1348,7 +1348,7 @@ "port": 1443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop", @@ -1431,7 +1431,7 @@ "port": 1443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "accept", @@ -1506,7 +1506,7 @@ "port": 1443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "accept", diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json index df201e2b2c8..f93dc9f5be3 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-journald.json-expected.json @@ -20,7 +20,7 @@ "port": 40702 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json b/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json index db60ac7cd68..8dd960b2e8f 100644 --- a/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json +++ b/packages/iptables/data_stream/log/_dev/test/pipeline/test-ubiquiti.log-expected.json @@ -20,7 +20,7 @@ "port": 48689 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "accept", @@ -88,7 +88,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "accept", @@ -164,7 +164,7 @@ "port": 1443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "drop", @@ -247,7 +247,7 @@ "port": 1443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "accept", @@ -322,7 +322,7 @@ "port": 1443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "action": "accept", @@ -395,7 +395,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -437,7 +437,7 @@ "port": 7914 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -479,7 +479,7 @@ "port": 51179 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -520,7 +520,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -562,7 +562,7 @@ "port": 51182 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ @@ -603,7 +603,7 @@ "port": 49209 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "event": { "category": [ diff --git a/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 8e8c5bf5cf6..0e7a4fe0b51 100644 --- a/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/iptables/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for iptables logs. processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # These two fields are treated as immutable in the case reindexing. - set: diff --git a/packages/iptables/data_stream/log/sample_event.json b/packages/iptables/data_stream/log/sample_event.json index 4e93b1e7159..7a658e337ca 100644 --- a/packages/iptables/data_stream/log/sample_event.json +++ b/packages/iptables/data_stream/log/sample_event.json @@ -18,7 +18,7 @@ "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/iptables/docs/README.md b/packages/iptables/docs/README.md index 4cdd68fa9ff..7694001d72e 100644 --- a/packages/iptables/docs/README.md +++ b/packages/iptables/docs/README.md @@ -38,7 +38,7 @@ An example event for `log` looks as following: "port": 443 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/iptables/manifest.yml b/packages/iptables/manifest.yml index 615159e422f..ef458c9951f 100644 --- a/packages/iptables/manifest.yml +++ b/packages/iptables/manifest.yml @@ -1,6 +1,6 @@ name: iptables title: Iptables Logs -version: 0.8.1 +version: 0.9.0 release: beta description: Collect and parse logs from iptables and ip6tables with Elastic Agent. type: integration diff --git a/packages/juniper_junos/_dev/build/build.yml b/packages/juniper_junos/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/juniper_junos/_dev/build/build.yml +++ b/packages/juniper_junos/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/juniper_junos/changelog.yml b/packages/juniper_junos/changelog.yml index 7ae0f91315f..fd36fca681e 100644 --- a/packages/juniper_junos/changelog.yml +++ b/packages/juniper_junos/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "0.1.1" changes: - description: Add documentation for multi-fields diff --git a/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index cd07e1f82a0..09271e0daee 100644 --- a/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/juniper_junos/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,10 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001627321Z" + "version": "8.2.0" }, "message": "Jan 29 06:09:59 ceroinBC.exe[6713]: RPD_SCHED_TASK_LONGRUNTIME: : exe ran for 7309(5049)", "tags": [ @@ -14,10 +11,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001630611Z" + "version": "8.2.0" }, "message": "Feb 12 13:12:33 DCD_FILTER_LIB_ERROR message repeated [7608]: llu: Filter library initialization failed", "tags": [ @@ -26,10 +20,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001631781Z" + "version": "8.2.0" }, "message": "Feb 26 20:15:08 MIB2D_TRAP_SEND_FAILURE: restart [6747]: sum: uaerat: cancel: success", "tags": [ @@ -38,10 +29,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001632728Z" + "version": "8.2.0" }, "message": "Mar 12 03:17:42 seq olorema6148.www.localdomain: fug5500.www.domain IFP trace\u003e node: dqu", "tags": [ @@ -50,10 +38,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001633603Z" + "version": "8.2.0" }, "message": "Mar 26 10:20:16 ssb SNMPD_CONTEXT_ERROR: [7400]: emq: isiu: success in 6237 context 5367", "tags": [ @@ -62,10 +47,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001634443Z" + "version": "8.2.0" }, "message": "Apr 9 17:22:51 RPD_KRT_IFL_CELL_RELAY_MODE_UNSPECIFIED: restart [7618]: ionul: ifl : nibus, unknown", "tags": [ @@ -74,10 +56,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001635287Z" + "version": "8.2.0" }, "message": "Apr 24 00:25:25 CHASSISD_SNMP_TRAP10 message repeated [1284]: ume: SNMP trap: failure: ono", "tags": [ @@ -86,10 +65,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001636136Z" + "version": "8.2.0" }, "message": "May 8 07:27:59 sunt prehen6218.www.localhost: onse.exe[254]: RPD_KRT_IFL_CELL_RELAY_MODE_INVALID: : ifl : inibusBo, failure", "tags": [ @@ -98,10 +74,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001636982Z" + "version": "8.2.0" }, "message": "May 22 14:30:33 iamquis quirat6972.www5.lan: isc.exe[3237]: SNMPD_USER_ERROR: : conseq: unknown in 6404 user 'atiset' 4068", "tags": [ @@ -110,10 +83,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001637846Z" + "version": "8.2.0" }, "message": "Jun 5 21:33:08 fpc9 RPD_TASK_REINIT: [4621]: lita: Reinitializing", "tags": [ @@ -122,10 +92,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001638703Z" + "version": "8.2.0" }, "message": "Jun 20 04:35:42 fpc4 LOGIN_FAILED: [2227]: oinBC: Login failed for user quameius from host ipsumdol4488.api.localdomain", "tags": [ @@ -134,10 +101,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001639787Z" + "version": "8.2.0" }, "message": "Jul 4 11:38:16 NASD_PPP_SEND_PARTIAL: restart [3994]: aper: Unable to send all of message: santiumd", "tags": [ @@ -146,10 +110,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001640697Z" + "version": "8.2.0" }, "message": "Jul 18 18:40:50 UI_COMMIT_AT_FAILED message repeated [7440]: temqu: success, minimav", "tags": [ @@ -158,10 +119,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001641555Z" + "version": "8.2.0" }, "message": "Aug 2 01:43:25 rnatur ofdeFin7811.lan: emipsumd.exe[5020]: BOOTPD_NEW_CONF: : New configuration installed", "tags": [ @@ -170,10 +128,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001642397Z" + "version": "8.2.0" }, "message": "Aug 16 08:45:59 RPD_RIP_JOIN_MULTICAST message repeated [60]: onemulla: Unable to join multicast group enp0s4292: unknown", "tags": [ @@ -182,10 +137,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001643254Z" + "version": "8.2.0" }, "message": "Aug 30 15:48:33 FSAD_TERMINATED_CONNECTION: restart [6703]: xea: Open file ites` closed due to unknown", "tags": [ @@ -194,10 +146,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001644258Z" + "version": "8.2.0" }, "message": "Sep 13 22:51:07 RPD_KRT_IFL_GENERATION message repeated [5539]: eri: ifl lo2169 generation mismatch -- unknown", "tags": [ @@ -206,10 +155,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001645117Z" + "version": "8.2.0" }, "message": "Sep 28 05:53:42 cfeb UI_COMMIT_ROLLBACK_FAILED: [3453]: avolu: Automatic rollback failed", "tags": [ @@ -218,10 +164,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001645977Z" + "version": "8.2.0" }, "message": "Oct 12 12:56:16 mquisn.exe[3993]: RMOPD_usage : failure: midest", "tags": [ @@ -230,10 +173,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001646816Z" + "version": "8.2.0" }, "message": "Oct 26 19:58:50 undeomni.exe[4938]: RPD_ISIS_LSPCKSUM: : IS-IS 715 LSP checksum error, interface enp0s1965, LSP id tasun, sequence 3203, checksum eratv, lifetime ipsa", "tags": [ @@ -242,10 +182,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001647673Z" + "version": "8.2.0" }, "message": "Nov 10 03:01:24 kmd: restart ", "tags": [ @@ -254,10 +191,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001648522Z" + "version": "8.2.0" }, "message": "Nov 24 10:03:59 ever.exe[6463]: LOGIN_FAILED: : Login failed for user atq from host erspi4926.www5.test", "tags": [ @@ -266,10 +200,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001649370Z" + "version": "8.2.0" }, "message": "Dec 8 17:06:33 CHASSISD_MBUS_ERROR message repeated [72]: iadese: nisiu imad: management bus failed sanity test", "tags": [ @@ -278,10 +209,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001650351Z" + "version": "8.2.0" }, "message": "Dec 23 00:09:07 niamquis.exe[1471]: TFTPD_NAK_ERR : nak error ptatems, 357", "tags": [ @@ -290,10 +218,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001651188Z" + "version": "8.2.0" }, "message": "Jan 6 07:11:41 UI_DUPLICATE_UID: restart [3350]: atqu: Users naturau have the same UID olorsita", "tags": [ @@ -302,10 +227,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001652032Z" + "version": "8.2.0" }, "message": "Jan 20 14:14:16 piscivel.exe[4753]: TFTPD_CREATE_ERR: : check_space unknown", "tags": [ @@ -314,10 +236,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001652875Z" + "version": "8.2.0" }, "message": "Feb 3 21:16:50 fpc4 RPD_START: [1269]: riat: Start 181 version version built 7425", "tags": [ @@ -326,10 +245,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001653793Z" + "version": "8.2.0" }, "message": "Feb 18 04:19:24 fpc2 COSMAN: : uptasnul: delete class_to_ifl table 2069, ifl 3693", "tags": [ @@ -338,10 +254,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001654654Z" + "version": "8.2.0" }, "message": "Mar 4 11:21:59 orum oinBCSed3073.www.lan: ilm.exe[3193]: SNMPD_TRAP_QUEUE_MAX_ATTEMPTS: : fugiatqu: after 4003 attempts, deleting 4568 traps queued to exercita", "tags": [ @@ -350,10 +263,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001655502Z" + "version": "8.2.0" }, "message": "Mar 18 18:24:33 TFTPD_BIND_ERR: restart [1431]: ntut: bind: failure", "tags": [ @@ -362,10 +272,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001656352Z" + "version": "8.2.0" }, "message": "Apr 2 01:27:07 lite ugia517.api.host: doei.exe[7073]: RPD_LDP_SESSIONDOWN: : LDP session 10.88.126.165 is down, failure", "tags": [ @@ -374,10 +281,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001657198Z" + "version": "8.2.0" }, "message": "Apr 16 08:29:41 fpc6 SNMPD_CONTEXT_ERROR: [180]: eturadip: ent: unknown in 5848 context 316", "tags": [ @@ -386,10 +290,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001658075Z" + "version": "8.2.0" }, "message": "Apr 30 15:32:16 NASD_CHAP_INVALID_CHAP_IDENTIFIER message repeated [796]: iumdo: lo2721: received aturv expected CHAP ID: ectetura", "tags": [ @@ -398,10 +299,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001658935Z" + "version": "8.2.0" }, "message": "May 14 22:34:50 UI_LOAD_EVENT message repeated [6342]: seq: User 'moll' is performing a 'allow'", "tags": [ @@ -410,10 +308,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001659870Z" + "version": "8.2.0" }, "message": "May 29 05:37:24 fdeFin.exe[4053]: SNMP_TRAP_TRACE_ROUTE_TEST_FAILED : traceRouteCtlOwnerIndex = 1450, traceRouteCtlTestName = edic", "tags": [ @@ -422,10 +317,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001660725Z" + "version": "8.2.0" }, "message": "Jun 12 12:39:58 SNMPD_RTSLIB_ASYNC_EVENT: restart [508]: uae: oremip: sequence mismatch failure", "tags": [ @@ -434,10 +326,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001661567Z" + "version": "8.2.0" }, "message": "Jun 26 19:42:33 tesse olupta2743.internal.localdomain: ine.exe[3181]: BOOTPD_TIMEOUT: : Timeout success unreasonable", "tags": [ @@ -446,10 +335,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001662424Z" + "version": "8.2.0" }, "message": "Jul 11 02:45:07 NASD_RADIUS_MESSAGE_UNEXPECTED message repeated [33]: abore: Unknown response from RADIUS server: unknown", "tags": [ @@ -458,10 +344,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001663270Z" + "version": "8.2.0" }, "message": "Jul 25 09:47:41 PWC_LOCKFILE_BAD_FORMAT: restart [3426]: illum: PID lock file has bad format: eprehe", "tags": [ @@ -470,10 +353,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001664138Z" + "version": "8.2.0" }, "message": "Aug 8 16:50:15 snostr.exe[1613]: RPD_KRT_AFUNSUPRT : tec: received itaspe message with unsupported address family 4176", "tags": [ @@ -482,10 +362,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001664980Z" + "version": "8.2.0" }, "message": "Aug 22 23:52:50 oreeufug.exe[6086]: PWC_PROCESS_FORCED_HOLD : Process plicaboN forcing hold down of child 619 until signal", "tags": [ @@ -494,10 +371,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001665818Z" + "version": "8.2.0" }, "message": "Sep 6 06:55:24 MIB2D_IFL_IFINDEX_FAILURE message repeated [4115]: tiu: SNMP index assigned to wri changed from 3902 to unknown", "tags": [ @@ -506,10 +380,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001666692Z" + "version": "8.2.0" }, "message": "Sep 20 13:57:58 mwr cia5990.api.localdomain: pitlabo.exe[3498]: UI_DBASE_MISMATCH_MAJOR: : Database header major version number mismatch for file 'ende': expecting 6053, got 4884", "tags": [ @@ -518,10 +389,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001667561Z" + "version": "8.2.0" }, "message": "Oct 4 21:00:32 iuntN utfugi851.www5.invalid: nul.exe[1005]: SNMPD_VIEW_INSTALL_DEFAULT: : eetdo: success installing default 1243 view 5146", "tags": [ @@ -530,10 +398,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001668406Z" + "version": "8.2.0" }, "message": "Oct 19 04:03:07 DCD_PARSE_STATE_EMERGENCY message repeated [2498]: uptatem: An unhandled state was encountered during interface parsing", "tags": [ @@ -542,10 +407,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001669260Z" + "version": "8.2.0" }, "message": "Nov 2 11:05:41 loremagn acons3820.internal.home: ain.exe[7192]: LOGIN_PAM_MAX_RETRIES: : Too many retries while authenticating user iquipex", "tags": [ @@ -554,10 +416,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001670110Z" + "version": "8.2.0" }, "message": "Nov 16 18:08:15 onorume.exe[3290]: BOOTPD_NO_BOOTSTRING : No boot string found for type veleu", "tags": [ @@ -566,10 +425,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001670978Z" + "version": "8.2.0" }, "message": "Dec 1 01:10:49 eirured sequamn5243.mail.home: sshd: sshd: SSHD_LOGIN_FAILED: Login failed for user 'ciatisun' from host '10.252.209.246'.", "tags": [ @@ -578,10 +434,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001671832Z" + "version": "8.2.0" }, "message": "Dec 15 08:13:24 COS: restart : Received FC-\u003eQ map, caecat", "tags": [ @@ -590,10 +443,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001672686Z" + "version": "8.2.0" }, "message": "Dec 29 15:15:58 cgatool message repeated : nvolupta: generated address is success", "tags": [ @@ -602,10 +452,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001673642Z" + "version": "8.2.0" }, "message": "Jan 12 22:18:32 CHASSISD_SNMP_TRAP6 message repeated [4667]: idolor: SNMP trap generated: success (les)", "tags": [ @@ -614,10 +461,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001674493Z" + "version": "8.2.0" }, "message": "Jan 27 05:21:06 ssb FLOW_REASSEMBLE_SUCCEED: : Packet merged source 10.102.228.136 destination 10.151.136.250 ipid upt succeed", "tags": [ @@ -626,10 +470,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001675356Z" + "version": "8.2.0" }, "message": "Feb 10 12:23:41 DFWD_PARSE_FILTER_EMERGENCY message repeated [2037]: serrorsi: tsedquia encountered errors while parsing filter index file", "tags": [ @@ -638,10 +479,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001676203Z" + "version": "8.2.0" }, "message": "Feb 24 19:26:15 remips laboreet5949.mail.test: tesse.exe[4358]: RPD_LDP_SESSIONDOWN: : LDP session 10.148.255.126 is down, unknown", "tags": [ @@ -650,10 +488,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001677039Z" + "version": "8.2.0" }, "message": "Mar 11 02:28:49 fpc2 NASD_CHAP_REPLAY_ATTACK_DETECTED: [mipsumqu]: turad: eth680.6195: received doloremi unknown.iciatis", "tags": [ @@ -662,10 +497,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001677889Z" + "version": "8.2.0" }, "message": "Mar 25 09:31:24 rema mcol7795.domain: mquis lsys_ssam_handler: : processing lsys root-logical-system tur", "tags": [ @@ -674,10 +506,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001678727Z" + "version": "8.2.0" }, "message": "Apr 8 16:33:58 UI_LOST_CONN message repeated [7847]: loreeuf: Lost connection to daemon orainci", "tags": [ @@ -686,10 +515,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001679588Z" + "version": "8.2.0" }, "message": "Apr 22 23:36:32 PWC_PROCESS_HOLD: restart [1791]: itse: Process lapari holding down child 2702 until signal", "tags": [ @@ -698,10 +524,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001680433Z" + "version": "8.2.0" }, "message": "May 7 06:39:06 undeo ficiade4365.mail.domain: norum.exe[4443]: LIBSERVICED_SOCKET_BIND: : dantium: unable to bind socket ors: failure", "tags": [ @@ -710,10 +533,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001681276Z" + "version": "8.2.0" }, "message": "May 21 13:41:41 liq eleumiu2852.lan: mfugiat.exe[3946]: LOGIN_FAILED: : Login failed for user olu from host mSect5899.domain", "tags": [ @@ -722,10 +542,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001682116Z" + "version": "8.2.0" }, "message": "Jun 4 20:44:15 idolo.exe[6535]: MIB2D_IFL_IFINDEX_FAILURE: : SNMP index assigned to deseru changed from 6460 to unknown", "tags": [ @@ -734,10 +551,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001682968Z" + "version": "8.2.0" }, "message": "Jun 19 03:46:49 modtempo.exe[5276]: CHASSISD_RELEASE_MASTERSHIP: : Release mastership notification", "tags": [ @@ -746,10 +560,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001683815Z" + "version": "8.2.0" }, "message": "Jul 3 10:49:23 fpc4 PWC_PROCESS_HOLD: [3450]: dexea: Process aturExc holding down child 7343 until signal", "tags": [ @@ -758,10 +569,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001684664Z" + "version": "8.2.0" }, "message": "Jul 17 17:51:58 ame.exe[226]: SERVICED_RTSOCK_SEQUENCE : boreet: routing socket sequence error, unknown", "tags": [ @@ -770,10 +578,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001685528Z" + "version": "8.2.0" }, "message": "Aug 1 00:54:32 consect6919.mail.localdomain iset.exe[940]: idpinfo: urere", "tags": [ @@ -782,10 +587,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001686388Z" + "version": "8.2.0" }, "message": "Aug 15 07:57:06 RPD_KRT_NOIFD: restart [4822]: oreeufug: No device 5020 for interface lo4593", "tags": [ @@ -794,10 +596,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001687258Z" + "version": "8.2.0" }, "message": "Aug 29 14:59:40 eprehen oinB3432.api.invalid: citatio.exe[5029]: craftd: , unknown", "tags": [ @@ -806,10 +605,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001688117Z" + "version": "8.2.0" }, "message": "Sep 12 22:02:15 ACCT_CU_RTSLIB_error message repeated [7583]: eetd: liquide getting class usage statistics for interface enp0s2674: success", "tags": [ @@ -818,10 +614,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001689322Z" + "version": "8.2.0" }, "message": "Sep 27 05:04:49 userro oree nimadmi7341.www.home RT_FLOW - kmd [", "tags": [ @@ -830,10 +623,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001690168Z" + "version": "8.2.0" }, "message": "Oct 11 12:07:23 LOGIN_PAM_NONLOCAL_USER: restart [686]: rauto: User rese authenticated but has no local login ID", "tags": [ @@ -842,10 +632,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001691008Z" + "version": "8.2.0" }, "message": "Oct 25 19:09:57 doconse.exe[6184]: RPD_KRT_NOIFD : No device 5991 for interface enp0s7694", "tags": [ @@ -854,10 +641,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001691854Z" + "version": "8.2.0" }, "message": "Nov 9 02:12:32 quidolor1064.www.domain: uspinfo: : flow_print_session_summary_output received rcita", "tags": [ @@ -866,10 +650,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001692707Z" + "version": "8.2.0" }, "message": "Nov 23 09:15:06 RPD_TASK_REINIT: restart [1810]: mfugi: Reinitializing", "tags": [ @@ -878,10 +659,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001693579Z" + "version": "8.2.0" }, "message": "Dec 7 16:17:40 inibusBo.exe[2509]: ECCD_TRACE_FILE_OPEN_FAILED : allow: failure", "tags": [ @@ -890,10 +668,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001694581Z" + "version": "8.2.0" }, "message": "Dec 21 23:20:14 ECCD_TRACE_FILE_OPEN_FAILED message repeated [2815]: rudexer: accept: unknown", "tags": [ @@ -902,10 +677,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001695435Z" + "version": "8.2.0" }, "message": "Jan 5 06:22:49 eseosqu oeius641.api.home: laud.exe[913]: LOGIN_FAILED: : Login failed for user turQ from host tod6376.mail.host", "tags": [ @@ -914,10 +686,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001696324Z" + "version": "8.2.0" }, "message": "Jan 19 13:25:23 ine.exe[1578]: FSAD_CONNTIMEDOUT : Connection timed out to the client (oreve2538.www.localdomain, 10.44.24.103) having request type reprehen", "tags": [ @@ -926,10 +695,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001697177Z" + "version": "8.2.0" }, "message": "Feb 2 20:27:57 UI_SCHEMA_SEQUENCE_ERROR: restart [734]: rinre: Schema sequence number mismatch", "tags": [ @@ -938,10 +704,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001698027Z" + "version": "8.2.0" }, "message": "Feb 17 03:30:32 LIBJNX_EXEC_PIPE: restart [946]: olors: Unable to create pipes for command 'deny': unknown", "tags": [ @@ -950,10 +713,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001698885Z" + "version": "8.2.0" }, "message": "Mar 3 10:33:06 UI_DBASE_MISMATCH_EXTENT: restart [4686]: isnost: Database header extent mismatch for file 'lumdolor': expecting 559, got 7339", "tags": [ @@ -962,10 +722,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001699734Z" + "version": "8.2.0" }, "message": "Mar 17 17:35:40 NASD_usage message repeated [7744]: eumfu: unknown: quidex", "tags": [ @@ -974,10 +731,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001700578Z" + "version": "8.2.0" }, "message": "Apr 1 00:38:14 /kmd: ", "tags": [ @@ -986,10 +740,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001701449Z" + "version": "8.2.0" }, "message": "Apr 15 07:40:49 sshd message repeated : very-high: can't get client address: unknown", "tags": [ @@ -998,10 +749,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001702312Z" + "version": "8.2.0" }, "message": "Apr 29 14:43:23 fpc4 RPD_LDP_NBRUP: [4279]: stlaboru: LDP neighbor 10.248.68.242 (eth1282) is success", "tags": [ @@ -1010,10 +758,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001703156Z" + "version": "8.2.0" }, "message": "May 13 21:45:57 uun iduntutl4723.example: uel.exe[5770]: SNMPD_TRAP_QUEUE_DRAINED: : metco: traps queued to vel sent successfully", "tags": [ @@ -1022,10 +767,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001704017Z" + "version": "8.2.0" }, "message": "May 28 04:48:31 fpc8 ECCD_PCI_WRITE_FAILED: [4837]: radip: cancel: success", "tags": [ @@ -1034,10 +776,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001704867Z" + "version": "8.2.0" }, "message": "Jun 11 11:51:06 TFTPD_RECVCOMPLETE_INFO message repeated [7501]: piciatis: Received 3501 blocks of 5877 size for file 'tatisetq'", "tags": [ @@ -1046,10 +785,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001705723Z" + "version": "8.2.0" }, "message": "Jun 25 18:53:40 usp_trace_ipc_reconnect message repeated illum.exe:USP trace client cannot reconnect to server", "tags": [ @@ -1058,10 +794,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001706567Z" + "version": "8.2.0" }, "message": "Jul 10 01:56:14 amnis atevelit2799.internal.host: tatiset.exe IFP trace\u003e BCHIP: : cannot write ucode mask reg", "tags": [ @@ -1070,10 +803,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001707418Z" + "version": "8.2.0" }, "message": "Jul 24 08:58:48 RPD_MPLS_LSP_DOWN message repeated [5094]: moditemp: MPLS LSP eth2042 unknown", "tags": [ @@ -1082,10 +812,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001708271Z" + "version": "8.2.0" }, "message": "Aug 7 16:01:23 CHASSISD_PARSE_INIT: restart [4153]: uatDuisa: Parsing configuration file 'usB'", "tags": [ @@ -1094,10 +821,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001709141Z" + "version": "8.2.0" }, "message": "Aug 21 23:03:57 RMOPD_ROUTING_INSTANCE_NO_INFO: restart [6922]: upidatat: No information for routing instance non: failure", "tags": [ @@ -1106,10 +830,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001709993Z" + "version": "8.2.0" }, "message": "Sep 5 06:06:31 Utenimad.exe[4305]: CHASSISD_TERM_SIGNAL: : Received SIGTERM request, success", "tags": [ @@ -1118,10 +839,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001710871Z" + "version": "8.2.0" }, "message": "Sep 19 13:09:05 tseddo.exe[484]: RPD_OSPF_NBRUP : OSPF neighbor 10.49.190.163 (lo50) aUteni due to failure", "tags": [ @@ -1130,10 +848,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001711715Z" + "version": "8.2.0" }, "message": "Oct 3 20:11:40 cfeb NASD_usage: [6968]: litseddo: failure: metconse", "tags": [ @@ -1142,10 +857,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001712563Z" + "version": "8.2.0" }, "message": "Oct 18 03:14:14 RPD_LDP_NBRDOWN message repeated [4598]: emu: LDP neighbor 10.101.99.109 (eth4282) is success", "tags": [ @@ -1154,10 +866,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001713418Z" + "version": "8.2.0" }, "message": "Nov 1 10:16:48 RPD_RDISC_NOMULTI message repeated [4764]: con: Ignoring interface 594 on lo7449 -- unknown", "tags": [ @@ -1166,10 +875,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001714270Z" + "version": "8.2.0" }, "message": "Nov 15 17:19:22 BOOTPD_NEW_CONF: restart [1768]: isquames: New configuration installed", "tags": [ @@ -1178,10 +884,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001715124Z" + "version": "8.2.0" }, "message": "Nov 30 00:21:57 SNMP_TRAP_LINK_DOWN message repeated [7368]: ngelit: ifIndex 4197, ifAdminStatus ons, ifOperStatus unknown, ifName lo3193", "tags": [ @@ -1190,10 +893,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:42:05.001715965Z" + "version": "8.2.0" }, "message": "Dec 14 07:24:31 MIB2D_ATM_ERROR message repeated [4927]: udexerci: voluptat: failure", "tags": [ diff --git a/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 57565b4f7e4..ada8fd74ece 100644 --- a/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_junos/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -2,13 +2,9 @@ description: Pipeline for Juniper JUNOS processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/juniper_junos/data_stream/log/sample_event.json b/packages/juniper_junos/data_stream/log/sample_event.json index 93405c91256..571e780ab8e 100644 --- a/packages/juniper_junos/data_stream/log/sample_event.json +++ b/packages/juniper_junos/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/juniper_junos/docs/README.md b/packages/juniper_junos/docs/README.md index 0f2e936d7da..4f6bbcc9c54 100644 --- a/packages/juniper_junos/docs/README.md +++ b/packages/juniper_junos/docs/README.md @@ -24,7 +24,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/juniper_junos/manifest.yml b/packages/juniper_junos/manifest.yml index 2e5a7292ad0..3f4ba534485 100644 --- a/packages/juniper_junos/manifest.yml +++ b/packages/juniper_junos/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_junos title: Juniper JunOS -version: 0.1.1 +version: 0.2.0 description: Collect logs from Juniper JunOS with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/juniper_netscreen/_dev/build/build.yml b/packages/juniper_netscreen/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/juniper_netscreen/_dev/build/build.yml +++ b/packages/juniper_netscreen/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/juniper_netscreen/changelog.yml b/packages/juniper_netscreen/changelog.yml index d24fd43baa2..722ca318d5b 100644 --- a/packages/juniper_netscreen/changelog.yml +++ b/packages/juniper_netscreen/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.2.0" + changes: + - description: Update to ECS 8.2.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "0.1.1" changes: - description: Add documentation for multi-fields diff --git a/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index b90b992045d..d5cb80af30f 100644 --- a/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,10 +2,7 @@ "expected": [ { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352030818Z" + "version": "8.2.0" }, "message": "modtempo: NetScreen device_id=olab system-low-00628(rci): audit log queue Event Alarm Log is overwritten (2016-1-29 06:09:59)", "tags": [ @@ -14,10 +11,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352034011Z" + "version": "8.2.0" }, "message": "luptat: NetScreen device_id=isiutal [moenimi]system-low-00620(gnaali): RTSYNC: Timer to purge the DRP backup routes is stopped. (2016-2-12 13:12:33)", "tags": [ @@ -26,10 +20,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352035076Z" + "version": "8.2.0" }, "message": "deomni: NetScreen device_id=tquovol [ntsuntin]system-medium-00062(tatno): Track IP IP address 10.159.227.210 succeeded. (ofdeF)", "tags": [ @@ -38,10 +29,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352035978Z" + "version": "8.2.0" }, "message": "untutlab: NetScreen device_id=tem [ons]system-medium-00004: DNS lookup time has been changed to start at ationu:ali with an interval of nsect", "tags": [ @@ -50,10 +38,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352036846Z" + "version": "8.2.0" }, "message": "eve: NetScreen device_id=tatiset [eprehen]system-medium-00034(piscing): Ethernet driver ran out of rx bd (port 1044)", "tags": [ @@ -62,10 +47,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352037716Z" + "version": "8.2.0" }, "message": "eomnisis: NetScreen device_id=mqui [civeli]system-high-00026: SCS: SCS has been tasuntex for enp0s5377 .", "tags": [ @@ -74,10 +56,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352038584Z" + "version": "8.2.0" }, "message": "rehender: NetScreen device_id=eporroqu [uat]system-high-00026(atquovo): SSH: Maximum number of PKA keys (suntinc) has been bound to user 'xeac' Key not bound. (Key ID nidolo)", "tags": [ @@ -86,10 +65,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352039460Z" + "version": "8.2.0" }, "message": "intoccae: NetScreen device_id=ents [pida]system-low-00535(idolor): PKCS #7 data cannot be decapsulated", "tags": [ @@ -98,10 +74,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352040331Z" + "version": "8.2.0" }, "message": "numqu: NetScreen device_id=qui [No Name]system-medium-00520: Active Server Switchover: New requests for equi server will try agnaali from now on. (2016-5-22 14:30:33)", "tags": [ @@ -110,10 +83,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352041195Z" + "version": "8.2.0" }, "message": "ipitla: NetScreen device_id=quae [maccusa]system-high-00072(rQuisau): NSRP: Unit idex of VSD group xerci aqu", "tags": [ @@ -122,10 +92,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352042081Z" + "version": "8.2.0" }, "message": "atu: NetScreen device_id=umexerci [ern]system-low-00084(iadese): RTSYNC: NSRP route synchronization is nsectet", "tags": [ @@ -134,10 +101,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352043182Z" + "version": "8.2.0" }, "message": "dol: NetScreen device_id=leumiu [namali]system-medium-00527(atevel): MAC address 01:00:5e:11:0a:26 has detected an IP conflict and has declined address 10.90.127.74", "tags": [ @@ -146,10 +110,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352044068Z" + "version": "8.2.0" }, "message": "acc: NetScreen device_id=amc [atur]system-low-00050(corp): Track IP enabled (2016-7-18 18:40:50)", "tags": [ @@ -158,10 +119,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352044938Z" + "version": "8.2.0" }, "message": "tper: NetScreen device_id=olor [Neque]system-medium-00524(xerc): SNMP request from an unknown SNMP community public at 10.61.30.190:2509 has been received. (2016-8-2 01:43:25)", "tags": [ @@ -170,10 +128,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352045812Z" + "version": "8.2.0" }, "message": "etdol: NetScreen device_id=uela [boN]system-medium-00521: Can't connect to E-mail server 10.210.240.175", "tags": [ @@ -182,10 +137,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352046679Z" + "version": "8.2.0" }, "message": "ati: NetScreen device_id=tlabo [uames]system-medium-00553(mpo): SCAN-MGR: Set maximum content size to offi.", "tags": [ @@ -194,10 +146,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352047736Z" + "version": "8.2.0" }, "message": "umwr: NetScreen device_id=oluptate [issus]system-high-00005(uaUteni): SYN flood udantium has been changed to pre", "tags": [ @@ -206,10 +155,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352048647Z" + "version": "8.2.0" }, "message": "tate: NetScreen device_id=imvenia [spi]system-high-00038(etdo): OSPF routing instance in vrouter urerepr is ese", "tags": [ @@ -218,10 +164,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352049506Z" + "version": "8.2.0" }, "message": "smo: NetScreen device_id=etcons [iusmodi]system-medium-00012: ate Service group uiac has epte member idolo from host 10.170.139.87", "tags": [ @@ -230,10 +173,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352050405Z" + "version": "8.2.0" }, "message": "ersp: NetScreen device_id=tquov [diconseq]system-high-00551(mod): Rapid Deployment cannot start because gateway has undergone configuration changes. (2016-10-26 19:58:50)", "tags": [ @@ -242,10 +182,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352051267Z" + "version": "8.2.0" }, "message": "mquame: NetScreen device_id=nihilmol [xercita]system-medium-00071(tiumt): The local device reetdolo in the Virtual Security Device group norum changed state", "tags": [ @@ -254,10 +191,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352052127Z" + "version": "8.2.0" }, "message": "isnisi: NetScreen device_id=ritatise [uamei]system-medium-00057(quatur): uisa: static multicast route src=10.198.41.214, grp=cusant input ifp = lo2786 output ifp = eth3657 added", "tags": [ @@ -266,10 +200,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352053001Z" + "version": "8.2.0" }, "message": "isis: NetScreen device_id=uasiar [utlab]system-high-00075(loremqu): The local device dantium in the Virtual Security Device group lor velillu", "tags": [ @@ -278,10 +209,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352054018Z" + "version": "8.2.0" }, "message": "bor: NetScreen device_id=rauto [ationev]system-low-00039(mdol): BGP instance name created for vr itation", "tags": [ @@ -290,10 +218,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352054906Z" + "version": "8.2.0" }, "message": "iaeco: NetScreen device_id=equaturv [siu]system-high-00262(veniamqu): Admin user rum has been rejected via the quaea server at 10.11.251.51", "tags": [ @@ -302,10 +227,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352055778Z" + "version": "8.2.0" }, "message": "orroq: NetScreen device_id=vitaedic [orin]system-high-00038(ons): OSPF routing instance in vrouter remagn ecillu", "tags": [ @@ -314,10 +236,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352059652Z" + "version": "8.2.0" }, "message": "enderit: NetScreen device_id=taut [tanimi]system-medium-00515(commodi): emporain Admin User \"ntiumto\" logged in for umetMalo(https) management (port 2206) from 10.80.237.27:2883", "tags": [ @@ -326,10 +245,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352060640Z" + "version": "8.2.0" }, "message": "ori: NetScreen device_id=tconsect [rum]system-high-00073(eporroq): NSRP: Unit ulla of VSD group iqu oin", "tags": [ @@ -338,10 +254,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352061544Z" + "version": "8.2.0" }, "message": "mipsum: NetScreen device_id=lmo [aliquamq]system-medium-00030: X509 certificate for ScreenOS image authentication is invalid", "tags": [ @@ -350,10 +263,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352062417Z" + "version": "8.2.0" }, "message": "orroqu: NetScreen device_id=elitsed [labore]system-medium-00034(erc): PPPoE Settings changed", "tags": [ @@ -362,10 +272,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352063318Z" + "version": "8.2.0" }, "message": "ntNe: NetScreen device_id=itanim [nesciun]system-medium-00612: Switch event: the status of ethernet port mollita changed to link down , duplex full , speed 10 M. (2017-4-2 01:27:07)", "tags": [ @@ -374,10 +281,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352064183Z" + "version": "8.2.0" }, "message": "quide: NetScreen device_id=quaU [undeomni]system-medium-00077(acomm): NSRP: local unit= iutali of VSD group itat stlaboru", "tags": [ @@ -386,10 +290,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352065197Z" + "version": "8.2.0" }, "message": "emq: NetScreen device_id=plicaboN [amc]system-high-00536(acommo): IKE 10.10.77.119: Dropped packet because remote gateway OK is not used in any VPN tunnel configurations", "tags": [ @@ -398,10 +299,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352066087Z" + "version": "8.2.0" }, "message": "scivel: NetScreen device_id=henderi [iusmodt]system-medium-00536(tquas): IKE 10.200.22.41: Received incorrect ID payload: IP address lorinr instead of IP address ercita", "tags": [ @@ -410,10 +308,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352067111Z" + "version": "8.2.0" }, "message": "equu: NetScreen device_id=sintoc [atae]system-medium-00203(tem): mestq lsa flood on interface eth82 has dropped a packet.", "tags": [ @@ -422,10 +317,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352068030Z" + "version": "8.2.0" }, "message": "iqui: NetScreen device_id=tesseci [tat]system-high-00011(cive): The virtual router nse has been made unsharable", "tags": [ @@ -434,10 +326,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352068915Z" + "version": "8.2.0" }, "message": "rroqui: NetScreen device_id=ursin [utemvel]system-medium-00002: ADMIN AUTH: Privilege requested for unknown user atu. Possible HA syncronization problem.", "tags": [ @@ -446,10 +335,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352069803Z" + "version": "8.2.0" }, "message": "orumSe: NetScreen device_id=dolor [isiut]system-high-00206(emagn): OSPF instance with router-id emulla received a Hello packet flood from neighbor (IP address 10.219.1.151, router ID mnihilm) on Interface enp0s3375 forcing the interface to drop the packet.", "tags": [ @@ -458,10 +344,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352070680Z" + "version": "8.2.0" }, "message": "eque: NetScreen device_id=eufug [est]system-medium-00075: The local device ntincul in the Virtual Security Device group reet tquo", "tags": [ @@ -470,10 +353,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352071557Z" + "version": "8.2.0" }, "message": "imadmini: NetScreen device_id=ide [edq]system-medium-00026(tise): SSH: Attempt to unbind PKA key from admin user 'ntut' (Key ID emullam)", "tags": [ @@ -482,10 +362,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352072424Z" + "version": "8.2.0" }, "message": "ihilmole: NetScreen device_id=saquaea [ons]system-high-00048(quas): Route map entry with sequence number gia in route map binck-ospf in virtual router itatio was porinc (2017-8-22 23:52:50)", "tags": [ @@ -494,10 +371,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352073294Z" + "version": "8.2.0" }, "message": "orum: NetScreen device_id=oinBCSed [orem]system-medium-00050(ilm): Track IP enabled (2017-9-6 06:55:24)", "tags": [ @@ -506,10 +380,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352074159Z" + "version": "8.2.0" }, "message": "ncididun: NetScreen device_id=hen [periamea]system-medium-00555: Vrouter ali PIMSM cannot process non-multicast address 10.158.18.51", "tags": [ @@ -518,10 +389,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352075013Z" + "version": "8.2.0" }, "message": "umwri: NetScreen device_id=odoc [atura]system-high-00030: SYSTEM CPU utilization is high (oreeu \u003e nvo ) iamqui times in tassita minute (2017-10-4 21:00:32)\u003c\u003ccolabori\u003e", "tags": [ @@ -530,10 +398,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352075974Z" + "version": "8.2.0" }, "message": "inc: NetScreen device_id=tect [uiad]system-low-00003: The console debug buffer has been roinBCSe", "tags": [ @@ -542,10 +407,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352076846Z" + "version": "8.2.0" }, "message": "nseq: NetScreen device_id=borumSec [tatemseq]system-medium-00026(dmi): SCS has been tam for eth7686 .", "tags": [ @@ -554,10 +416,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352077716Z" + "version": "8.2.0" }, "message": "uiineavo: NetScreen device_id=sistena [uidexeac]system-high-00620(amquisno): RTSYNC: Event posted to send all the DRP routes to backup device. (2017-11-16 18:08:15)", "tags": [ @@ -566,10 +425,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352078580Z" + "version": "8.2.0" }, "message": "sunt: NetScreen device_id=dquianon [urExc]system-high-00025(iamqui): PKI: The current device quide to save the certificate authority configuration.", "tags": [ @@ -578,10 +434,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352079458Z" + "version": "8.2.0" }, "message": "etdol: NetScreen device_id=Sed [oremeumf]system-high-00076: The local device etur in the Virtual Security Device group fugiatn enima", "tags": [ @@ -590,10 +443,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352080324Z" + "version": "8.2.0" }, "message": "giatquo: NetScreen device_id=lors [its]system-low-00524: SNMP request from an unknown SNMP community public at 10.46.217.155:76 has been received. (2017-12-29 15:15:58)", "tags": [ @@ -602,10 +452,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352081296Z" + "version": "8.2.0" }, "message": "magnaa: NetScreen device_id=sumquiad [No Name]system-high-00628: audit log queue Event Log is overwritten (2018-1-12 22:18:32)", "tags": [ @@ -614,10 +461,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352082162Z" + "version": "8.2.0" }, "message": "tnulapa: NetScreen device_id=madmi [No Name]system-high-00628(adeser): audit log queue Event Log is overwritten (2018-1-27 05:21:06)", "tags": [ @@ -626,10 +470,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352083025Z" + "version": "8.2.0" }, "message": "laboree: NetScreen device_id=udantiu [itametco]system-high-00556(stiaecon): UF-MGR: usBono CPA server port changed to rumexe.", "tags": [ @@ -638,10 +479,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352083882Z" + "version": "8.2.0" }, "message": "nturmag: NetScreen device_id=uredol [maliqua]system-medium-00058(mquia): PIMSM protocol configured on interface eth2266", "tags": [ @@ -650,10 +488,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352084767Z" + "version": "8.2.0" }, "message": "ueporroq: NetScreen device_id=ute [No Name]system-low-00625: Session (id tationu src-ip 10.142.21.251 dst-ip 10.154.16.147 dst port 6881) route is valid. (2018-3-11 02:28:49)", "tags": [ @@ -662,10 +497,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352085641Z" + "version": "8.2.0" }, "message": "adipi: NetScreen device_id=mquis [ratvo]system-low-00042(isno): Replay packet detected on IPSec tunnel on enp0s1170 with tunnel ID nderiti! From 10.105.212.51 to 10.119.53.68/1783, giatqu (2018-3-25 09:31:24)", "tags": [ @@ -674,10 +506,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352086515Z" + "version": "8.2.0" }, "message": "emvel: NetScreen device_id=pta [dolo]system-medium-00057(eacommod): uamqu: static multicast route src=10.174.2.175, grp=aparia input ifp = lo6813 output ifp = enp0s90 added", "tags": [ @@ -686,10 +515,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352087468Z" + "version": "8.2.0" }, "message": "giat: NetScreen device_id=ttenb [eirure]system-high-00549(rem): add-route-\u003e untrust-vr: exer", "tags": [ @@ -698,10 +524,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352088338Z" + "version": "8.2.0" }, "message": "lapari: NetScreen device_id=rcitat [cinge]system-high-00536(luptate): IKE gateway eritqu has been elites. pariat", "tags": [ @@ -710,10 +533,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352089206Z" + "version": "8.2.0" }, "message": "accus: NetScreen device_id=CSed [tiu]system-low-00049(upta): The router-id of virtual router \"asper\" used by OSPF, BGP routing instances id has been uninitialized. (dictasun)", "tags": [ @@ -722,10 +542,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352090074Z" + "version": "8.2.0" }, "message": "itanimi: NetScreen device_id=onoru [data]system-high-00064(eosqui): Can not create track-ip list", "tags": [ @@ -734,10 +551,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352090934Z" + "version": "8.2.0" }, "message": "int: NetScreen device_id=ionevo [llitani]system-high-00541(itametco): The system killed OSPF neighbor because the current router could not see itself in the hello packet. Neighbor changed state from etcons to etco state, (neighbor router-id 1iuntN, ip-address 10.89.179.48). (2018-6-19 03:46:49)", "tags": [ @@ -746,10 +560,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352091797Z" + "version": "8.2.0" }, "message": "mmodicon: NetScreen device_id=eetdo [mquisno]system-low-00017(lup): mipsamv From 10.57.108.5:5523 using protocol icmp on interface enp0s4987. The attack occurred 2282 times", "tags": [ @@ -758,10 +569,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352092669Z" + "version": "8.2.0" }, "message": "inimve: NetScreen device_id=aea [emipsumd]system-low-00263(ptat): Admin user saq has been accepted via the asiarch server at 10.197.10.110", "tags": [ @@ -770,10 +578,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352093543Z" + "version": "8.2.0" }, "message": "tlab: NetScreen device_id=vel [ionevo]system-high-00622: NHRP : NHRP instance in virtual router ptate is created. (2018-8-1 00:54:32)", "tags": [ @@ -782,10 +587,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352094422Z" + "version": "8.2.0" }, "message": "qui: NetScreen device_id=caboN [imipsam]system-high-00528(catcupid): SSH: Admin user 'ritquiin' at host 10.59.51.171 requested unsupported authentication method texplica", "tags": [ @@ -794,10 +596,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352095304Z" + "version": "8.2.0" }, "message": "udexerci: NetScreen device_id=uae [imveni]system-medium-00071(ptatemse): NSRP: Unit itationu of VSD group setquas nbyCi", "tags": [ @@ -806,10 +605,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352096189Z" + "version": "8.2.0" }, "message": "isno: NetScreen device_id=luptatev [occaeca]system-high-00018(urau): aeca Policy (oNem, itaedict ) was eroi from host 10.80.103.229 by admin fugitsed (2018-9-12 22:02:15)", "tags": [ @@ -818,10 +614,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352097091Z" + "version": "8.2.0" }, "message": "utlabore: NetScreen device_id=edquiano [mSecti]system-high-00207(tDuisaut): RIP database size limit exceeded for uel, RIP route dropped.", "tags": [ @@ -830,10 +623,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352097973Z" + "version": "8.2.0" }, "message": "agn: NetScreen device_id=iqu [quamqua]system-high-00075: NSRP: Unit equeporr of VSD group amremap oremagna", "tags": [ @@ -842,10 +632,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352098856Z" + "version": "8.2.0" }, "message": "ntium: NetScreen device_id=ide [quunturm]system-low-00040(isautem): High watermark for early aging has been changed to the default usan", "tags": [ @@ -854,10 +641,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352099730Z" + "version": "8.2.0" }, "message": "catcu: NetScreen device_id=quame [tionemu]system-low-00524(eursi): SNMP host 10.163.9.35 cannot be removed from community uatDu because failure", "tags": [ @@ -866,10 +650,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352100615Z" + "version": "8.2.0" }, "message": "cteturad: NetScreen device_id=modi [No Name]system-low-00625(ecatcu): Session (id ntoccae src-ip 10.51.161.245 dst-ip 10.193.80.21 dst port 5657) route is valid. (2018-11-23 09:15:06)", "tags": [ @@ -878,10 +659,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352101479Z" + "version": "8.2.0" }, "message": "chit: NetScreen device_id=iusmodit [lor]system-high-00524(adeserun): SNMP request has been received, but success", "tags": [ @@ -890,10 +668,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352102508Z" + "version": "8.2.0" }, "message": "vento: NetScreen device_id=litsed [ciun]system-medium-00072: The local device inrepr in the Virtual Security Device group lla changed state", "tags": [ @@ -902,10 +677,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352103382Z" + "version": "8.2.0" }, "message": "rissusci: NetScreen device_id=uaturQ [iusmod]system-medium-00533(mips): VIP server 10.41.222.7 is now responding", "tags": [ @@ -914,10 +686,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352104280Z" + "version": "8.2.0" }, "message": "upta: NetScreen device_id=ivel [tmollita]system-low-00070(deFinib): NSRP: nsrp control channel change to lo4065", "tags": [ @@ -926,10 +695,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352105142Z" + "version": "8.2.0" }, "message": "ommodic: NetScreen device_id=mmodic [essequam]system-low-00040(nihi): VPN 'xeaco' from 10.134.20.213 is eavolupt (2019-2-2 20:27:57)", "tags": [ @@ -938,10 +704,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352106006Z" + "version": "8.2.0" }, "message": "ptasnul: NetScreen device_id=utaliqui [mcorpor]system-medium-00023(ostru): VIP/load balance server 10.110.144.189 cannot be contacted", "tags": [ @@ -950,10 +713,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352106878Z" + "version": "8.2.0" }, "message": "luptatem: NetScreen device_id=ing [hen]system-medium-00034(umquid): SCS: SCS has been olabo for tasnu with conse existing PKA keys already bound to ruredolo SSH users.", "tags": [ @@ -962,10 +722,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352107791Z" + "version": "8.2.0" }, "message": "iat: NetScreen device_id=orain [equaturQ]system-low-00554: SCAN-MGR: Attempted to load AV pattern file created quia after the AV subscription expired. (Exp: Exce)", "tags": [ @@ -974,10 +731,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352108722Z" + "version": "8.2.0" }, "message": "dese: NetScreen device_id=ptasn [liqui]system-low-00541: ScreenOS invol serial # Loremips: Asset recovery has been cidun", "tags": [ @@ -986,10 +740,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352109649Z" + "version": "8.2.0" }, "message": "ole: NetScreen device_id=odi [tper]system-medium-00628(ectetur): audit log queue Event Log is overwritten (2019-4-15 07:40:49)", "tags": [ @@ -998,10 +749,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352110556Z" + "version": "8.2.0" }, "message": "iadolo: NetScreen device_id=ecatcup [No Name]system-high-00628: audit log queue Traffic Log is overwritten (2019-4-29 14:43:23)", "tags": [ @@ -1010,10 +758,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352111475Z" + "version": "8.2.0" }, "message": "qui: NetScreen device_id=iaecon [dminima]system-high-00538(psaquaea): NACN failed to register to Policy Manager eabillo because of success", "tags": [ @@ -1022,10 +767,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352112356Z" + "version": "8.2.0" }, "message": "eosqu: NetScreen device_id=reetdolo [umquam]system-low-00075(enderi): The local device labore in the Virtual Security Device group uasiarch changed state from iamquisn to inoperable. (2019-5-28 04:48:31)", "tags": [ @@ -1034,10 +776,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352113223Z" + "version": "8.2.0" }, "message": "veleumi: NetScreen device_id=volupt [equ]system-high-00535(ure): SCEP_FAILURE message has been received from the CA", "tags": [ @@ -1046,10 +785,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352114084Z" + "version": "8.2.0" }, "message": "reseo: NetScreen device_id=entoreve [rudexer]system-medium-00026(iruredol): IKE iad: Missing heartbeats have exceeded the threshold. All Phase 1 and 2 SAs have been removed", "tags": [ @@ -1058,10 +794,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352114944Z" + "version": "8.2.0" }, "message": "ptate: NetScreen device_id=oloreeu [imipsa]system-high-00038: OSPF routing instance in vrouter uame taevitae", "tags": [ @@ -1070,10 +803,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352115809Z" + "version": "8.2.0" }, "message": "archi: NetScreen device_id=caboNe [ptate]system-high-00003(ius): Multiple authentication failures have been detected!", "tags": [ @@ -1082,10 +812,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352116680Z" + "version": "8.2.0" }, "message": "remap: NetScreen device_id=ntium [veniamqu]system-high-00529: DNS entries have been refreshed by HA", "tags": [ @@ -1094,10 +821,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352117546Z" + "version": "8.2.0" }, "message": "llumdo: NetScreen device_id=tot [itquii]system-high-00625(erspici): Session (id oreeu src-ip 10.126.150.15 dst-ip 10.185.50.112 dst port 7180) route is invalid. (2019-8-21 23:03:57)", "tags": [ @@ -1106,10 +830,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352118421Z" + "version": "8.2.0" }, "message": "quepo: NetScreen device_id=tDuisa [iscive]system-medium-00521: Can't connect to E-mail server 10.152.90.59", "tags": [ @@ -1118,10 +839,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352119297Z" + "version": "8.2.0" }, "message": "lorem: NetScreen device_id=icons [hende]system-low-00077(usBonor): HA link disconnect. Begin to use second path of HA", "tags": [ @@ -1130,10 +848,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352120167Z" + "version": "8.2.0" }, "message": "preh: NetScreen device_id=dol [No Name]system-low-00625: Session (id gnamal src-ip 10.119.181.171 dst-ip 10.166.144.66 dst port 3051) route is invalid. (2019-10-3 20:11:40)", "tags": [ @@ -1142,10 +857,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352123021Z" + "version": "8.2.0" }, "message": "avolup: NetScreen device_id=litse [archit]system-high-00041(untutlab): A route-map name in virtual router estqu has been removed", "tags": [ @@ -1154,10 +866,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352123905Z" + "version": "8.2.0" }, "message": "eddoeiu: NetScreen device_id=consect [eetdolo]system-medium-00038(remipsum): OSPF routing instance in vrouter ons emporin", "tags": [ @@ -1166,10 +875,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352124837Z" + "version": "8.2.0" }, "message": "texpl: NetScreen device_id=isquames [No Name]system-low-00021: DIP port-translation stickiness was atio by utla via ntm from host 10.96.165.147 to 10.96.218.99:277 (2019-11-15 17:19:22)", "tags": [ @@ -1178,10 +884,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352125706Z" + "version": "8.2.0" }, "message": "elaudant: NetScreen device_id=ratvolu [odte]system-medium-00021(eum): DIP port-translation stickiness was uidol by repr via idu from host 10.201.72.59 to 10.230.29.67:7478 (2019-11-30 00:21:57)", "tags": [ @@ -1190,10 +893,7 @@ }, { "ecs": { - "version": "8.0.0" - }, - "event": { - "ingested": "2022-01-25T12:45:22.352126581Z" + "version": "8.2.0" }, "message": "toc: NetScreen device_id=rau [sciuntN]system-low-00602: PIMSM Error in initializing interface state change", "tags": [ diff --git a/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml index c21920bdeeb..95cb59ce15d 100644 --- a/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -2,13 +2,9 @@ description: Pipeline for Netscreen processors: - # ECS event.ingested - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/juniper_netscreen/data_stream/log/sample_event.json b/packages/juniper_netscreen/data_stream/log/sample_event.json index 22433ca0951..fe4297f7bb0 100644 --- a/packages/juniper_netscreen/data_stream/log/sample_event.json +++ b/packages/juniper_netscreen/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/juniper_netscreen/docs/README.md b/packages/juniper_netscreen/docs/README.md index a692149d161..1918d22d5c6 100644 --- a/packages/juniper_netscreen/docs/README.md +++ b/packages/juniper_netscreen/docs/README.md @@ -24,7 +24,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "1.12.0" + "version": "8.2.0" }, "elastic_agent": { "id": "4e3f135a-d5f9-40b6-ae01-2c834ecbead0", diff --git a/packages/juniper_netscreen/manifest.yml b/packages/juniper_netscreen/manifest.yml index ec2650127ae..c446eabb620 100644 --- a/packages/juniper_netscreen/manifest.yml +++ b/packages/juniper_netscreen/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_netscreen title: Juniper NetScreen -version: 0.1.1 +version: 0.2.0 description: Collect logs from Juniper NetScreen with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/juniper_srx/_dev/build/build.yml b/packages/juniper_srx/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/juniper_srx/_dev/build/build.yml +++ b/packages/juniper_srx/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/juniper_srx/changelog.yml b/packages/juniper_srx/changelog.yml index 9646c299288..641ad372432 100644 --- a/packages/juniper_srx/changelog.yml +++ b/packages/juniper_srx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "1.1.2" changes: - description: Add documentation for multi-fields diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json index 660370cf50c..15bfedfcd29 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json @@ -1,181 +1,212 @@ { "expected": [ { - "server": { - "port": 80, - "ip": "67.43.156.15" - }, - "log": { - "level": "informational" + "@timestamp": "2013-12-14T16:06:59.134Z", + "client": { + "ip": "10.10.10.1", + "port": 57116 }, "destination": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 80, - "ip": "67.43.156.15" + "ip": "67.43.156.15", + "port": 80 }, - "source": { - "port": 57116, - "user": { - "name": "user1" - }, - "ip": "10.10.10.1" + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "malware_detected", + "category": [ + "network", + "malware" + ], + "kind": "alert", + "original": "\u003c14\u003e1 2013-12-14T16:06:59.134Z pinarello RT_AAMW - SRX_AAMW_ACTION_LOG [junos@xxx.x.x.x.x.28 http-host=\"www.mytest.com\" file-category=\"executable\" action=\"BLOCK\" verdict-number=\"8\" verdict-source=”cloud/blacklist/whitelist” source-address=\"10.10.10.1\" source-port=\"57116\" destination-address=\"67.43.156.15\" destination-port=\"80\" protocol-id=\"6\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" policy-name=\"argon_policy\" username=\"user1\" session-id-32=\"50000002\" source-zone-name=\"untrust\" destination-zone-name=\"trust\"]", + "outcome": "success", + "severity": 14, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { - "process": "RT_AAMW", - "policy_name": "argon_policy", "action": "BLOCK", - "verdict_number": "8", + "file_category": "executable", + "policy_name": "argon_policy", + "process": "RT_AAMW", "session_id_32": "50000002", "tag": "SRX_AAMW_ACTION_LOG", - "verdict_source": "”cloud/blacklist/whitelist”", - "file_category": "executable" + "verdict_number": "8", + "verdict_source": "”cloud/blacklist/whitelist”" } }, - "url": { - "domain": "www.mytest.com" + "log": { + "level": "informational" }, - "tags": [ - "preserve_original_event" - ], "network": { "iana_number": "6", "transport": "tcp" }, "observer": { - "name": "pinarello", + "egress": { + "zone": "trust" + }, "ingress": { "zone": "untrust" }, + "name": "pinarello", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "trust" - } - }, - "@timestamp": "2013-12-14T16:06:59.134Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { - "user": [ - "user1" - ], "hosts": [ "www.mytest.com" ], "ip": [ "10.10.10.1", "67.43.156.15" + ], + "user": [ + "user1" ] }, - "client": { + "server": { + "ip": "67.43.156.15", + "port": 80 + }, + "source": { + "ip": "10.10.10.1", "port": 57116, - "ip": "10.10.10.1" + "user": { + "name": "user1" + } + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "www.mytest.com" + } + }, + { + "@timestamp": "2016-09-20T17:43:30.330Z", + "ecs": { + "version": "8.2.0" }, "event": { - "severity": 14, - "original": "\u003c14\u003e1 2013-12-14T16:06:59.134Z pinarello RT_AAMW - SRX_AAMW_ACTION_LOG [junos@xxx.x.x.x.x.28 http-host=\"www.mytest.com\" file-category=\"executable\" action=\"BLOCK\" verdict-number=\"8\" verdict-source=”cloud/blacklist/whitelist” source-address=\"10.10.10.1\" source-port=\"57116\" destination-address=\"67.43.156.15\" destination-port=\"80\" protocol-id=\"6\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" policy-name=\"argon_policy\" username=\"user1\" session-id-32=\"50000002\" source-zone-name=\"untrust\" destination-zone-name=\"trust\"]", - "kind": "alert", "action": "malware_detected", "category": [ "network", "malware" ], + "kind": "alert", + "original": "\u003c14\u003e1 2016-09-20T10:43:30.330-07:00 host-example RT_AAMW - AAMW_MALWARE_EVENT_LOG [junos@xxxx.1.1.x.x.xxx timestamp=\"Thu Jun 23 09:55:38 2016\" tenant-id=\"ABC123456\" sample-sha256=\"ABC123\" client-ip=\"192.168.2.0\" verdict-number=\"9\" malware-info=\"Eicar:TestVirus\" username=\"admin\" hostname=\"host.example.com\"]", + "outcome": "success", + "severity": 14, "type": [ "info", "denied", "connection" - ], - "outcome": "success" - } - }, - { + ] + }, + "juniper": { + "srx": { + "malware_info": "Eicar:TestVirus", + "process": "RT_AAMW", + "sample_sha256": "ABC123", + "tag": "AAMW_MALWARE_EVENT_LOG", + "tenant_id": "ABC123456", + "timestamp": "2016-06-23T09:55:38.000Z", + "verdict_number": "9" + } + }, + "log": { + "level": "informational" + }, "observer": { "name": "host-example", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2016-09-20T17:43:30.330Z", - "ecs": { - "version": "8.0.0" - }, "related": { - "user": [ - "admin" - ], "hosts": [ "host.example.com" ], "ip": [ "192.168.2.0" + ], + "user": [ + "admin" ] }, - "log": { - "level": "informational" - }, "source": { + "domain": "host.example.com", + "ip": "192.168.2.0", "user": { "name": "admin" - }, - "domain": "host.example.com", - "ip": "192.168.2.0" - }, - "juniper": { - "srx": { - "tenant_id": "ABC123456", - "process": "RT_AAMW", - "verdict_number": "9", - "sample_sha256": "ABC123", - "tag": "AAMW_MALWARE_EVENT_LOG", - "malware_info": "Eicar:TestVirus", - "timestamp": "2016-06-23T09:55:38.000Z" } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2016-09-20T17:40:30.050Z", + "ecs": { + "version": "8.2.0" + }, "event": { - "severity": 14, - "original": "\u003c14\u003e1 2016-09-20T10:43:30.330-07:00 host-example RT_AAMW - AAMW_MALWARE_EVENT_LOG [junos@xxxx.1.1.x.x.xxx timestamp=\"Thu Jun 23 09:55:38 2016\" tenant-id=\"ABC123456\" sample-sha256=\"ABC123\" client-ip=\"192.168.2.0\" verdict-number=\"9\" malware-info=\"Eicar:TestVirus\" username=\"admin\" hostname=\"host.example.com\"]", - "kind": "alert", - "action": "malware_detected", "category": [ "network", "malware" ], + "kind": "alert", + "original": "\u003c11\u003e1 2016-09-20T10:40:30.050-07:00 host-example RT_AAMW - AAMW_HOST_INFECTED_EVENT_LOG [junos@xxxx.1.1.x.x.xxx timestamp=\"Thu Jun 23 09:55:38 2016\" tenant-id=\"ABC123456\" client-ip=\"192.168.2.0\" hostname=\"host.example.com\" status=\"in_progress\" policy-name=\"default\" th=\"7\" state=\"added\" reason=\"malware\" message=\"malware analysis detected host downloaded a malicious_file with score 9, sha256 ABC123\"]", + "outcome": "success", + "severity": 11, "type": [ - "info", - "denied", + "allowed", "connection" - ], - "outcome": "success" + ] + }, + "juniper": { + "srx": { + "message": "malware analysis detected host downloaded a malicious_file with score 9, sha256 ABC123", + "policy_name": "default", + "process": "RT_AAMW", + "reason": "malware", + "state": "added", + "status": "in_progress", + "tag": "AAMW_HOST_INFECTED_EVENT_LOG", + "tenant_id": "ABC123456", + "th": "7", + "timestamp": "2016-06-23T09:55:38.000Z" + } + }, + "log": { + "level": "error" }, - "tags": [ - "preserve_original_event" - ] - }, - { "observer": { "name": "host-example", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2016-09-20T17:40:30.050Z", - "ecs": { - "version": "8.0.0" - }, "related": { "hosts": [ "host.example.com" @@ -184,125 +215,87 @@ "192.168.2.0" ] }, - "log": { - "level": "error" - }, "source": { "domain": "host.example.com", "ip": "192.168.2.0" }, - "juniper": { - "srx": { - "tenant_id": "ABC123456", - "reason": "malware", - "process": "RT_AAMW", - "th": "7", - "policy_name": "default", - "state": "added", - "tag": "AAMW_HOST_INFECTED_EVENT_LOG", - "message": "malware analysis detected host downloaded a malicious_file with score 9, sha256 ABC123", - "timestamp": "2016-06-23T09:55:38.000Z", - "status": "in_progress" - } - }, - "event": { - "severity": 11, - "original": "\u003c11\u003e1 2016-09-20T10:40:30.050-07:00 host-example RT_AAMW - AAMW_HOST_INFECTED_EVENT_LOG [junos@xxxx.1.1.x.x.xxx timestamp=\"Thu Jun 23 09:55:38 2016\" tenant-id=\"ABC123456\" client-ip=\"192.168.2.0\" hostname=\"host.example.com\" status=\"in_progress\" policy-name=\"default\" th=\"7\" state=\"added\" reason=\"malware\" message=\"malware analysis detected host downloaded a malicious_file with score 9, sha256 ABC123\"]", - "category": [ - "network", - "malware" - ], - "type": [ - "allowed", - "connection" - ], - "kind": "alert", - "outcome": "success" - }, "tags": [ "preserve_original_event" ] }, { - "server": { - "port": 80, - "ip": "67.43.156.15" - }, - "log": { - "level": "notification" + "@timestamp": "2007-02-15T09:17:15.719Z", + "client": { + "ip": "67.43.156.15", + "port": 60148 }, "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, "as": { "number": 35908 }, - "port": 80, - "ip": "67.43.156.15" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 60148, "ip": "67.43.156.15", - "domain": "dummy_host" + "port": 80 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c165\u003e1 2007-02-15T09:17:15.719Z aamw1 RT_AAMW - AAMW_ACTION_LOG [junos@67.43.156.15 hostname=\"dummy_host\" file-category=\"executable\" verdict-number=\"10\" malware-info=\"Testfile\" action=\"PERMIT\" list-hit=\"N/A\" file-hash-lookup=\"FALSE\" source-address=\"67.43.156.15\" source-port=\"60148\" destination-address=\"67.43.156.15\" destination-port=\"80\" protocol-id=\"6\" application=\"HTTP\" nested-application=\"N/A\" policy-name=\"test-policy\" username=\"N/A\" roles=\"N/A\" session-id-32=\"502156\" source-zone-name=\"Inside\" destination-zone-name=\"Outside\" sample-sha256=\"e038b5168d9209267058112d845341cae83d92b1d1af0a10b66830acb7529494\" file-name=\"dummy_file\" url=\"dummy_url\"]", + "outcome": "success", + "severity": 165, + "type": [ + "allowed", + "connection" + ] }, "juniper": { "srx": { - "process": "RT_AAMW", + "action": "PERMIT", + "application": "HTTP", + "file_category": "executable", "file_hash_lookup": "FALSE", "file_name": "dummy_file", + "malware_info": "Testfile", "policy_name": "test-policy", - "verdict_number": "10", + "process": "RT_AAMW", "sample_sha256": "e038b5168d9209267058112d845341cae83d92b1d1af0a10b66830acb7529494", - "malware_info": "Testfile", - "url": "dummy_url", - "file_category": "executable", - "application": "HTTP", - "action": "PERMIT", "session_id_32": "502156", - "tag": "AAMW_ACTION_LOG" + "tag": "AAMW_ACTION_LOG", + "url": "dummy_url", + "verdict_number": "10" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "notification" + }, "network": { "iana_number": "6", "transport": "tcp" }, "observer": { - "name": "aamw1", + "egress": { + "zone": "Outside" + }, "ingress": { "zone": "Inside" }, + "name": "aamw1", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "Outside" - } - }, - "@timestamp": "2007-02-15T09:17:15.719Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "hosts": [ @@ -312,23 +305,30 @@ "67.43.156.15" ] }, - "client": { - "port": 60148, - "ip": "67.43.156.15" + "server": { + "ip": "67.43.156.15", + "port": 80 }, - "event": { - "severity": 165, - "original": "\u003c165\u003e1 2007-02-15T09:17:15.719Z aamw1 RT_AAMW - AAMW_ACTION_LOG [junos@67.43.156.15 hostname=\"dummy_host\" file-category=\"executable\" verdict-number=\"10\" malware-info=\"Testfile\" action=\"PERMIT\" list-hit=\"N/A\" file-hash-lookup=\"FALSE\" source-address=\"67.43.156.15\" source-port=\"60148\" destination-address=\"67.43.156.15\" destination-port=\"80\" protocol-id=\"6\" application=\"HTTP\" nested-application=\"N/A\" policy-name=\"test-policy\" username=\"N/A\" roles=\"N/A\" session-id-32=\"502156\" source-zone-name=\"Inside\" destination-zone-name=\"Outside\" sample-sha256=\"e038b5168d9209267058112d845341cae83d92b1d1af0a10b66830acb7529494\" file-name=\"dummy_file\" url=\"dummy_url\"]", - "category": [ - "network" - ], - "type": [ - "allowed", - "connection" - ], - "kind": "event", - "outcome": "success" - } + "source": { + "as": { + "number": 35908 + }, + "domain": "dummy_host", + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.15", + "port": 60148 + }, + "tags": [ + "preserve_original_event" + ] } ] } \ No newline at end of file diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json index abe56a532df..59d7120a187 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json @@ -1,82 +1,84 @@ { "expected": [ { - "server": { + "@timestamp": "2019-11-14T08:37:51.184Z", + "client": { + "ip": "10.0.0.1", "nat": { - "port": 10400 + "port": 594 }, - "port": 10400, - "ip": "67.43.156.13" - }, - "log": { - "level": "informational" + "port": 594 }, "destination": { - "nat": { - "port": 10400, - "ip": "67.43.156.13" + "as": { + "number": 35908 }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "67.43.156.13", + "nat": { + "ip": "67.43.156.13", + "port": 10400 }, - "port": 10400, - "ip": "67.43.156.13" + "port": 10400 }, - "rule": { - "name": "vpn_trust_permit-all" + "ecs": { + "version": "8.2.0" }, - "source": { - "nat": { - "port": 594, - "ip": "10.0.0.1" - }, - "port": 594, - "ip": "10.0.0.1" + "event": { + "action": "flow_started", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c14\u003e1 2019-11-14T09:37:51.184+01:00 SRX-GW1 RT_FLOW - RT_FLOW_SESSION_CREATE [junos@67.43.156.15 source-address=\"10.0.0.1\" source-port=\"594\" destination-address=\"67.43.156.13\" destination-port=\"10400\" connection-tag=\"0\" service-name=\"icmp\" nat-source-address=\"10.0.0.1\" nat-source-port=\"594\" nat-destination-address=\"67.43.156.13\" nat-destination-port=\"10400\" nat-connection-tag=\"0\" src-nat-rule-type=\"N/A\" src-nat-rule-name=\"N/A\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"1\" policy-name=\"vpn_trust_permit-all\" source-zone-name=\"vpn\" destination-zone-name=\"trust\" session-id-32=\"6093\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"st0.0\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" encrypted=\"UNKNOWN\" application-category=\"N/A\" application-sub-category=\"N/A\" application-risk=\"1\" application-characteristics=\"N/A\"]", + "outcome": "success", + "risk_score": 1.0, + "severity": 14, + "type": [ + "start", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "process": "RT_FLOW", - "session_id_32": "6093", "connection_tag": "0", "nat_connection_tag": "0", - "tag": "RT_FLOW_SESSION_CREATE", - "service_name": "icmp" + "process": "RT_FLOW", + "service_name": "icmp", + "session_id_32": "6093", + "tag": "RT_FLOW_SESSION_CREATE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "iana_number": "1", "transport": "icmp" }, "observer": { - "name": "SRX-GW1", + "egress": { + "zone": "trust" + }, "ingress": { "interface": { "name": "st0.0" }, "zone": "vpn" }, + "name": "SRX-GW1", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "trust" - } - }, - "@timestamp": "2019-11-14T08:37:51.184Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -84,97 +86,100 @@ "67.43.156.13" ] }, - "client": { + "rule": { + "name": "vpn_trust_permit-all" + }, + "server": { + "ip": "67.43.156.13", + "nat": { + "port": 10400 + }, + "port": 10400 + }, + "source": { + "ip": "10.0.0.1", "nat": { + "ip": "10.0.0.1", "port": 594 }, - "port": 594, - "ip": "10.0.0.1" + "port": 594 }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2019-11-14T09:37:51.184+01:00 SRX-GW1 RT_FLOW - RT_FLOW_SESSION_CREATE [junos@67.43.156.15 source-address=\"10.0.0.1\" source-port=\"594\" destination-address=\"67.43.156.13\" destination-port=\"10400\" connection-tag=\"0\" service-name=\"icmp\" nat-source-address=\"10.0.0.1\" nat-source-port=\"594\" nat-destination-address=\"67.43.156.13\" nat-destination-port=\"10400\" nat-connection-tag=\"0\" src-nat-rule-type=\"N/A\" src-nat-rule-name=\"N/A\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"1\" policy-name=\"vpn_trust_permit-all\" source-zone-name=\"vpn\" destination-zone-name=\"trust\" session-id-32=\"6093\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"st0.0\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" encrypted=\"UNKNOWN\" application-category=\"N/A\" application-sub-category=\"N/A\" application-risk=\"1\" application-characteristics=\"N/A\"]", - "risk_score": 1.0, - "kind": "event", - "action": "flow_started", - "category": [ - "network" - ], - "type": [ - "start", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { - "port": 161, - "ip": "67.43.156.13" - }, - "log": { - "level": "informational" + "@timestamp": "2019-11-14T10:12:46.573Z", + "client": { + "ip": "10.0.0.26", + "port": 37233 }, "destination": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 161, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 161 }, - "rule": { - "name": "MgmtAccess-trust-cleanup" + "ecs": { + "version": "8.2.0" }, - "source": { - "port": 37233, - "ip": "10.0.0.26" + "event": { + "action": "flow_deny", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c14\u003e1 2019-11-14T11:12:46.573+01:00 SRX-GW1 RT_FLOW - RT_FLOW_SESSION_DENY [junos@67.43.156.15 source-address=\"10.0.0.26\" source-port=\"37233\" destination-address=\"67.43.156.13\" destination-port=\"161\" connection-tag=\"0\" service-name=\"None\" protocol-id=\"17\" icmp-type=\"0\" policy-name=\"MgmtAccess-trust-cleanup\" source-zone-name=\"trust\" destination-zone-name=\"junos-host\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\".local..0\" encrypted=\"No\" reason=\"Denied by policy\" session-id-32=\"7087\" application-category=\"N/A\" application-sub-category=\"N/A\" application-risk=\"1\" application-characteristics=\"N/A\"]", + "outcome": "success", + "risk_score": 1.0, + "severity": 14, + "type": [ + "denied", + "connection" + ] }, "juniper": { "srx": { - "reason": "Denied by policy", - "icmp_type": "0", - "process": "RT_FLOW", "connection_tag": "0", "encrypted": "No", + "icmp_type": "0", + "process": "RT_FLOW", + "reason": "Denied by policy", "session_id_32": "7087", "tag": "RT_FLOW_SESSION_DENY" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "iana_number": "17", "transport": "udp" }, "observer": { - "name": "SRX-GW1", + "egress": { + "zone": "junos-host" + }, "ingress": { "interface": { "name": ".local..0" }, "zone": "trust" }, + "name": "SRX-GW1", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "junos-host" - } - }, - "@timestamp": "2019-11-14T10:12:46.573Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -182,448 +187,444 @@ "67.43.156.13" ] }, - "client": { - "port": 37233, - "ip": "10.0.0.26" + "rule": { + "name": "MgmtAccess-trust-cleanup" }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2019-11-14T11:12:46.573+01:00 SRX-GW1 RT_FLOW - RT_FLOW_SESSION_DENY [junos@67.43.156.15 source-address=\"10.0.0.26\" source-port=\"37233\" destination-address=\"67.43.156.13\" destination-port=\"161\" connection-tag=\"0\" service-name=\"None\" protocol-id=\"17\" icmp-type=\"0\" policy-name=\"MgmtAccess-trust-cleanup\" source-zone-name=\"trust\" destination-zone-name=\"junos-host\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\".local..0\" encrypted=\"No\" reason=\"Denied by policy\" session-id-32=\"7087\" application-category=\"N/A\" application-sub-category=\"N/A\" application-risk=\"1\" application-characteristics=\"N/A\"]", - "risk_score": 1.0, - "kind": "event", - "action": "flow_deny", - "category": [ - "network" - ], - "type": [ - "denied", - "connection" - ], - "outcome": "success" - } - }, - { "server": { - "port": 2003, - "ip": "67.43.156.15" + "ip": "67.43.156.13", + "port": 161 }, - "log": { - "level": "informational" + "source": { + "ip": "10.0.0.26", + "port": 37233 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2014-05-01T08:26:51.179Z", + "client": { + "ip": "67.43.156.15", + "port": 56639 }, "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, "as": { "number": 35908 }, - "port": 2003, - "ip": "67.43.156.15" - }, - "rule": { - "name": "log-all-else" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 56639, - "ip": "67.43.156.15" + "ip": "67.43.156.15", + "port": 2003 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_deny", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c14\u003e1 2014-05-01T08:26:51.179Z fw01 RT_FLOW - RT_FLOW_SESSION_DENY [junos@67.43.156.15 source-address=\"67.43.156.15\" source-port=\"56639\" destination-address=\"67.43.156.15\" destination-port=\"2003\" service-name=\"None\" protocol-id=\"6\" icmp-type=\"0\" policy-name=\"log-all-else\" source-zone-name=\"campus\" destination-zone-name=\"mngmt\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth6.0\" encrypted=\"No \"]", + "outcome": "success", + "severity": 14, + "type": [ + "denied", + "connection" + ] }, "juniper": { "srx": { + "encrypted": "No ", "icmp_type": "0", "process": "RT_FLOW", - "tag": "RT_FLOW_SESSION_DENY", - "encrypted": "No " + "tag": "RT_FLOW_SESSION_DENY" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "iana_number": "6", "transport": "tcp" }, "observer": { - "name": "fw01", + "egress": { + "zone": "mngmt" + }, "ingress": { "interface": { "name": "reth6.0" }, "zone": "campus" }, + "name": "fw01", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "mngmt" - } - }, - "@timestamp": "2014-05-01T08:26:51.179Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ "67.43.156.15" ] }, - "client": { - "port": 56639, - "ip": "67.43.156.15" + "rule": { + "name": "log-all-else" }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2014-05-01T08:26:51.179Z fw01 RT_FLOW - RT_FLOW_SESSION_DENY [junos@67.43.156.15 source-address=\"67.43.156.15\" source-port=\"56639\" destination-address=\"67.43.156.15\" destination-port=\"2003\" service-name=\"None\" protocol-id=\"6\" icmp-type=\"0\" policy-name=\"log-all-else\" source-zone-name=\"campus\" destination-zone-name=\"mngmt\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth6.0\" encrypted=\"No \"]", - "kind": "event", - "action": "flow_deny", - "category": [ - "network" - ], - "type": [ - "denied", - "connection" - ], - "outcome": "success" - } - }, - { "server": { - "nat": { - "port": 902 - }, - "port": 902, - "bytes": 0, - "packets": 0, - "ip": "67.43.156.15" - }, - "log": { - "level": "informational" + "ip": "67.43.156.15", + "port": 2003 }, - "destination": { - "nat": { - "port": 902, - "ip": "67.43.156.15" + "source": { + "as": { + "number": 35908 }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 902, - "bytes": 0, "ip": "67.43.156.15", - "packets": 0 + "port": 56639 }, - "rule": { - "name": "mngmt-to-vcenter" - }, - "source": { - "nat": { - "port": 63456, - "ip": "67.43.156.15" - }, - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2014-05-01T08:28:10.933Z", + "client": { + "bytes": 94, + "ip": "67.43.156.15", + "nat": { + "port": 63456 }, + "packets": 1, + "port": 63456 + }, + "destination": { "as": { "number": 35908 }, - "port": 63456, - "bytes": 94, + "bytes": 0, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.15", - "packets": 1 + "nat": { + "ip": "67.43.156.15", + "port": 902 + }, + "packets": 0, + "port": 902 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 60000000000, + "end": "2014-05-01T08:29:10.933Z", + "kind": "event", + "original": "\u003c14\u003e1 2014-05-01T08:28:10.933Z fw01 RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"unset\" source-address=\"67.43.156.15\" source-port=\"63456\" destination-address=\"67.43.156.15\" destination-port=\"902\" service-name=\"None\" nat-source-address=\"67.43.156.15\" nat-source-port=\"63456\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"902\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"17\" policy-name=\"mngmt-to-vcenter\" source-zone-name=\"mngmt\" destination-zone-name=\"intra\" session-id-32=\"15353\" packets-from-client=\"1\" bytes-from-client=\"94\" packets-from-server=\"0\" bytes-from-server=\"0\" elapsed-time=\"60\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth3.5\" encrypted=\"No \"]", + "outcome": "success", + "severity": 14, + "start": "2014-05-01T08:28:10.933Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "reason": "unset", + "encrypted": "No ", "process": "RT_FLOW", + "reason": "unset", "session_id_32": "15353", - "tag": "RT_FLOW_SESSION_CLOSE", - "encrypted": "No " + "tag": "RT_FLOW_SESSION_CLOSE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "udp", "bytes": 94, "iana_number": "17", - "packets": 1 + "packets": 1, + "transport": "udp" }, "observer": { - "name": "fw01", + "egress": { + "zone": "intra" + }, "ingress": { "interface": { "name": "reth3.5" }, "zone": "mngmt" }, + "name": "fw01", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "intra" - } - }, - "@timestamp": "2014-05-01T08:28:10.933Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ "67.43.156.15" ] }, - "client": { - "nat": { - "port": 63456 - }, - "port": 63456, - "bytes": 94, - "packets": 1, - "ip": "67.43.156.15" + "rule": { + "name": "mngmt-to-vcenter" }, - "event": { - "duration": 60000000000, - "severity": 14, - "original": "\u003c14\u003e1 2014-05-01T08:28:10.933Z fw01 RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"unset\" source-address=\"67.43.156.15\" source-port=\"63456\" destination-address=\"67.43.156.15\" destination-port=\"902\" service-name=\"None\" nat-source-address=\"67.43.156.15\" nat-source-port=\"63456\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"902\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"17\" policy-name=\"mngmt-to-vcenter\" source-zone-name=\"mngmt\" destination-zone-name=\"intra\" session-id-32=\"15353\" packets-from-client=\"1\" bytes-from-client=\"94\" packets-from-server=\"0\" bytes-from-server=\"0\" elapsed-time=\"60\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth3.5\" encrypted=\"No \"]", - "kind": "event", - "start": "2014-05-01T08:28:10.933Z", - "action": "flow_close", - "end": "2014-05-01T08:29:10.933Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" - ], - "outcome": "success" - } - }, - { "server": { + "bytes": 0, + "ip": "67.43.156.15", "nat": { - "port": 768 + "port": 902 }, - "port": 768, - "ip": "67.43.156.14" - }, - "log": { - "level": "informational" + "packets": 0, + "port": 902 }, - "destination": { - "nat": { - "port": 768, - "ip": "67.43.156.14" + "source": { + "as": { + "number": 35908 }, + "bytes": 94, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "67.43.156.15", + "nat": { + "ip": "67.43.156.15", + "port": 63456 }, - "port": 768, - "ip": "67.43.156.14" - }, - "rule": { - "name": "alg-policy" + "packets": 1, + "port": 63456 }, - "source": { + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2013-11-04T16:23:09.264Z", + "client": { + "ip": "67.43.156.14", "nat": { - "port": 24065, - "ip": "67.43.156.14" + "port": 24065 + }, + "port": 24065 + }, + "destination": { + "as": { + "number": 35908 }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "67.43.156.14", + "nat": { + "ip": "67.43.156.14", + "port": 768 }, - "port": 24065, - "ip": "67.43.156.14" + "port": 768 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_started", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c14\u003e1 2013-11-04T16:23:09.264Z cixi RT_FLOW - RT_FLOW_SESSION_CREATE [junos@67.43.156.15 source-address=\"67.43.156.14\" source-port=\"24065\" destination-address=\"67.43.156.14\" destination-port=\"768\" service-name=\"icmp\" nat-source-address=\"67.43.156.14\" nat-source-port=\"24065\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"768\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"1\" policy-name=\"alg-policy\" source-zone-name=\"untrust\" destination-zone-name=\"trust\" session-id-32=\"100000165\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth2.0\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" encrypted=\"UNKNOWN\"]", + "outcome": "success", + "severity": 14, + "type": [ + "start", + "allowed", + "connection" + ] }, "juniper": { "srx": { "process": "RT_FLOW", + "service_name": "icmp", "session_id_32": "100000165", - "tag": "RT_FLOW_SESSION_CREATE", - "service_name": "icmp" + "tag": "RT_FLOW_SESSION_CREATE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "iana_number": "1", "transport": "icmp" }, "observer": { - "name": "cixi", + "egress": { + "zone": "trust" + }, "ingress": { "interface": { "name": "reth2.0" }, "zone": "untrust" }, + "name": "cixi", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "trust" - } - }, - "@timestamp": "2013-11-04T16:23:09.264Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ "67.43.156.14" ] }, - "client": { + "rule": { + "name": "alg-policy" + }, + "server": { + "ip": "67.43.156.14", "nat": { + "port": 768 + }, + "port": 768 + }, + "source": { + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "nat": { + "ip": "67.43.156.14", "port": 24065 }, - "port": 24065, - "ip": "67.43.156.14" + "port": 24065 }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2013-11-04T16:23:09.264Z cixi RT_FLOW - RT_FLOW_SESSION_CREATE [junos@67.43.156.15 source-address=\"67.43.156.14\" source-port=\"24065\" destination-address=\"67.43.156.14\" destination-port=\"768\" service-name=\"icmp\" nat-source-address=\"67.43.156.14\" nat-source-port=\"24065\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"768\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"1\" policy-name=\"alg-policy\" source-zone-name=\"untrust\" destination-zone-name=\"trust\" session-id-32=\"100000165\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth2.0\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" encrypted=\"UNKNOWN\"]", - "kind": "event", - "action": "flow_started", - "category": [ - "network" - ], - "type": [ - "start", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2010-09-30T06:55:04.323Z", + "client": { + "ip": "192.168.2.1", "nat": { - "port": 46384 + "port": 1 }, - "port": 46384, - "ip": "192.168.100.12" - }, - "log": { - "level": "informational" + "port": 1 }, "destination": { - "nat": { - "port": 46384, - "ip": "67.43.156.14" + "as": { + "number": 35908 }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "192.168.100.12", + "nat": { + "ip": "67.43.156.14", + "port": 46384 }, - "port": 46384, - "ip": "192.168.100.12" + "port": 46384 }, - "rule": { - "name": "policy1" + "ecs": { + "version": "8.2.0" }, - "source": { - "nat": { - "port": 1, - "ip": "192.168.2.1" - }, - "port": 1, - "ip": "192.168.2.1" + "event": { + "action": "flow_started", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c14\u003e1 2010-09-30T14:55:04.323+08:00 mrpp-srx550-dut01 RT_FLOW - RT_FLOW_SESSION_CREATE [junos@67.43.156.15 source-address=\"192.168.2.1\" source-port=\"1\" destination-address=\"192.168.100.12\" destination-port=\"46384\" service-name=\"icmp\" nat-source-address=\"192.168.2.1\" nat-source-port=\"1\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"46384\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"1\" policy-name=\"policy1\" source-zone-name=\"trustZone\" destination-zone-name=\"untrustZone\" session-id-32=\"41\" packet-incoming-interface=\"ge-0/0/1.0\"]", + "outcome": "success", + "severity": 14, + "type": [ + "start", + "allowed", + "connection" + ] }, "juniper": { "srx": { "process": "RT_FLOW", + "service_name": "icmp", "session_id_32": "41", - "tag": "RT_FLOW_SESSION_CREATE", - "service_name": "icmp" + "tag": "RT_FLOW_SESSION_CREATE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "iana_number": "1", "transport": "icmp" }, "observer": { - "name": "mrpp-srx550-dut01", + "egress": { + "zone": "untrustZone" + }, "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trustZone" }, + "name": "mrpp-srx550-dut01", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "untrustZone" - } - }, - "@timestamp": "2010-09-30T06:55:04.323Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -632,113 +633,114 @@ "67.43.156.14" ] }, - "client": { + "rule": { + "name": "policy1" + }, + "server": { + "ip": "192.168.100.12", + "nat": { + "port": 46384 + }, + "port": 46384 + }, + "source": { + "ip": "192.168.2.1", "nat": { + "ip": "192.168.2.1", "port": 1 }, - "port": 1, - "ip": "192.168.2.1" + "port": 1 }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2010-09-30T14:55:04.323+08:00 mrpp-srx550-dut01 RT_FLOW - RT_FLOW_SESSION_CREATE [junos@67.43.156.15 source-address=\"192.168.2.1\" source-port=\"1\" destination-address=\"192.168.100.12\" destination-port=\"46384\" service-name=\"icmp\" nat-source-address=\"192.168.2.1\" nat-source-port=\"1\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"46384\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"1\" policy-name=\"policy1\" source-zone-name=\"trustZone\" destination-zone-name=\"untrustZone\" session-id-32=\"41\" packet-incoming-interface=\"ge-0/0/1.0\"]", - "kind": "event", - "action": "flow_started", - "category": [ - "network" - ], - "type": [ - "start", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2010-09-30T06:55:07.188Z", + "client": { + "bytes": 84, + "ip": "192.168.2.1", "nat": { - "port": 46384 + "port": 1 }, - "port": 46384, - "bytes": 84, "packets": 1, - "ip": "192.168.100.12" - }, - "log": { - "level": "informational" + "port": 1 }, "destination": { - "nat": { - "port": 46384, - "ip": "67.43.156.14" + "as": { + "number": 35908 }, + "bytes": 84, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 46384, - "bytes": 84, "ip": "192.168.100.12", - "packets": 1 - }, - "rule": { - "name": "policy1" - }, - "source": { "nat": { - "port": 1, - "ip": "192.168.2.1" + "ip": "67.43.156.14", + "port": 46384 }, - "port": 1, - "bytes": 84, "packets": 1, - "ip": "192.168.2.1" + "port": 46384 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 0, + "end": "2010-09-30T06:55:07.188Z", + "kind": "event", + "original": "\u003c14\u003e1 2010-09-30T14:55:07.188+08:00 mrpp-srx550-dut01 RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"response received\" source-address=\"192.168.2.1\" source-port=\"1\" destination-address=\"192.168.100.12\" destination-port=\"46384\" service-name=\"icmp\" nat-source-address=\"192.168.2.1\" nat-source-port=\"1\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"46384\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"1\" policy-name=\"policy1\" source-zone-name=\"trustZone\" destination-zone-name=\"untrustZone\" session-id-32=\"41\" packets-from-client=\"1\" bytes-from-client=\"84\" packets-from-server=\"1\" bytes-from-server=\"84\" elapsed-time=\"0\" packet-incoming-interface=\"ge-0/0/1.0\"]", + "outcome": "success", + "severity": 14, + "start": "2010-09-30T06:55:07.188Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "reason": "response received", "process": "RT_FLOW", + "reason": "response received", + "service_name": "icmp", "session_id_32": "41", - "tag": "RT_FLOW_SESSION_CLOSE", - "service_name": "icmp" + "tag": "RT_FLOW_SESSION_CLOSE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "icmp", "bytes": 168, "iana_number": "1", - "packets": 2 + "packets": 2, + "transport": "icmp" }, "observer": { - "name": "mrpp-srx550-dut01", + "egress": { + "zone": "untrustZone" + }, "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trustZone" }, + "name": "mrpp-srx550-dut01", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "untrustZone" - } - }, - "@timestamp": "2010-09-30T06:55:07.188Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -747,126 +749,127 @@ "67.43.156.14" ] }, - "client": { + "rule": { + "name": "policy1" + }, + "server": { + "bytes": 84, + "ip": "192.168.100.12", "nat": { - "port": 1 + "port": 46384 }, - "port": 1, + "packets": 1, + "port": 46384 + }, + "source": { "bytes": 84, + "ip": "192.168.2.1", + "nat": { + "ip": "192.168.2.1", + "port": 1 + }, "packets": 1, - "ip": "192.168.2.1" + "port": 1 }, - "event": { - "duration": 0, - "severity": 14, - "original": "\u003c14\u003e1 2010-09-30T14:55:07.188+08:00 mrpp-srx550-dut01 RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"response received\" source-address=\"192.168.2.1\" source-port=\"1\" destination-address=\"192.168.100.12\" destination-port=\"46384\" service-name=\"icmp\" nat-source-address=\"192.168.2.1\" nat-source-port=\"1\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"46384\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"1\" policy-name=\"policy1\" source-zone-name=\"trustZone\" destination-zone-name=\"untrustZone\" session-id-32=\"41\" packets-from-client=\"1\" bytes-from-client=\"84\" packets-from-server=\"1\" bytes-from-server=\"84\" elapsed-time=\"0\" packet-incoming-interface=\"ge-0/0/1.0\"]", - "kind": "event", - "start": "2010-09-30T06:55:07.188Z", - "action": "flow_close", - "end": "2010-09-30T06:55:07.188Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2019-04-12T14:29:06.576Z", + "client": { + "bytes": 337, + "ip": "10.3.255.203", "nat": { - "port": 80 + "port": 19162 }, - "port": 80, - "bytes": 535, - "packets": 4, - "ip": "67.43.156.15" - }, - "log": { - "level": "informational" + "packets": 6, + "port": 47776 }, "destination": { - "nat": { - "port": 80, - "ip": "67.43.156.15" + "as": { + "number": 35908 }, + "bytes": 535, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 80, - "bytes": 535, "ip": "67.43.156.15", - "packets": 4 - }, - "rule": { - "name": "permit_all" - }, - "source": { "nat": { - "port": 19162, - "ip": "10.3.136.49" + "ip": "67.43.156.15", + "port": 80 }, - "port": 47776, - "bytes": 337, - "packets": 6, - "ip": "10.3.255.203" + "packets": 4, + "port": 80 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 1000000000, + "end": "2019-04-12T14:29:07.576Z", + "kind": "event", + "original": "\u003c14\u003e1 2019-04-12T14:29:06.576Z cixi RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"TCP FIN\" source-address=\"10.3.255.203\" source-port=\"47776\" destination-address=\"67.43.156.15\" destination-port=\"80\" connection-tag=\"0\" service-name=\"junos-http\" nat-source-address=\"10.3.136.49\" nat-source-port=\"19162\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"80\" nat-connection-tag=\"0\" src-nat-rule-type=\"source rule\" src-nat-rule-name=\"nat1\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"permit_all\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"5\" packets-from-client=\"6\" bytes-from-client=\"337\" packets-from-server=\"4\" bytes-from-server=\"535\" elapsed-time=\"1\" application=\"HTTP\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"ge-0/0/0.0\" encrypted=\"No\" application-category=\"Web\" application-sub-category=\"N/A\" application-risk=\"4\" application-characteristics=\"Can Leak Information;Supports File Transfer;Prone to Misuse;Known Vulnerabilities;Carrier of Malware;Capable of Tunneling;\"]", + "outcome": "success", + "risk_score": 4.0, + "severity": 14, + "start": "2019-04-12T14:29:06.576Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "src_nat_rule_name": "nat1", - "reason": "TCP FIN", + "application": "HTTP", "application_category": "Web", "application_characteristics": "Can Leak Information;Supports File Transfer;Prone to Misuse;Known Vulnerabilities;Carrier of Malware;Capable of Tunneling;", - "process": "RT_FLOW", "connection_tag": "0", - "service_name": "junos-http", - "application": "HTTP", "encrypted": "No", - "session_id_32": "5", "nat_connection_tag": "0", - "tag": "RT_FLOW_SESSION_CLOSE", - "src_nat_rule_type": "source rule" + "process": "RT_FLOW", + "reason": "TCP FIN", + "service_name": "junos-http", + "session_id_32": "5", + "src_nat_rule_name": "nat1", + "src_nat_rule_type": "source rule", + "tag": "RT_FLOW_SESSION_CLOSE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "tcp", "bytes": 872, "iana_number": "6", - "packets": 10 + "packets": 10, + "transport": "tcp" }, "observer": { - "name": "cixi", + "egress": { + "zone": "untrust" + }, "ingress": { "interface": { "name": "ge-0/0/0.0" }, "zone": "trust" }, + "name": "cixi", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "untrust" - } - }, - "@timestamp": "2019-04-12T14:29:06.576Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -875,107 +878,106 @@ "10.3.136.49" ] }, - "client": { + "rule": { + "name": "permit_all" + }, + "server": { + "bytes": 535, + "ip": "67.43.156.15", "nat": { - "port": 19162 + "port": 80 }, - "port": 47776, + "packets": 4, + "port": 80 + }, + "source": { "bytes": 337, + "ip": "10.3.255.203", + "nat": { + "ip": "10.3.136.49", + "port": 19162 + }, "packets": 6, - "ip": "10.3.255.203" + "port": 47776 }, - "event": { - "duration": 1000000000, - "severity": 14, - "original": "\u003c14\u003e1 2019-04-12T14:29:06.576Z cixi RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"TCP FIN\" source-address=\"10.3.255.203\" source-port=\"47776\" destination-address=\"67.43.156.15\" destination-port=\"80\" connection-tag=\"0\" service-name=\"junos-http\" nat-source-address=\"10.3.136.49\" nat-source-port=\"19162\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"80\" nat-connection-tag=\"0\" src-nat-rule-type=\"source rule\" src-nat-rule-name=\"nat1\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"permit_all\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"5\" packets-from-client=\"6\" bytes-from-client=\"337\" packets-from-server=\"4\" bytes-from-server=\"535\" elapsed-time=\"1\" application=\"HTTP\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"ge-0/0/0.0\" encrypted=\"No\" application-category=\"Web\" application-sub-category=\"N/A\" application-risk=\"4\" application-characteristics=\"Can Leak Information;Supports File Transfer;Prone to Misuse;Known Vulnerabilities;Carrier of Malware;Capable of Tunneling;\"]", - "risk_score": 4.0, - "kind": "event", - "start": "2019-04-12T14:29:06.576Z", - "action": "flow_close", - "end": "2019-04-12T14:29:07.576Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2019-04-13T14:33:06.576Z", + "client": { + "bytes": 4274, + "ip": "192.168.2.164", "nat": { - "port": 445 + "port": 53232 }, - "port": 445, - "bytes": 1575, - "packets": 9, - "ip": "172.16.1.19" - }, - "log": { - "level": "informational" + "packets": 13, + "port": 53232 }, "destination": { + "bytes": 1575, + "ip": "172.16.1.19", "nat": { - "port": 445, - "ip": "172.16.1.19" + "ip": "172.16.1.19", + "port": 445 }, - "port": 445, - "bytes": 1575, "packets": 9, - "ip": "172.16.1.19" + "port": 445 }, - "rule": { - "name": "35" + "ecs": { + "version": "8.2.0" }, - "source": { - "nat": { - "port": 53232, - "ip": "192.168.2.164" - }, - "port": 53232, - "bytes": 4274, - "packets": 13, - "ip": "192.168.2.164" + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 16000000000, + "end": "2019-04-13T14:33:22.576Z", + "kind": "event", + "original": "\u003c14\u003e1 2019-04-13T14:33:06.576Z cixi RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"TCP RST\" source-address=\"192.168.2.164\" source-port=\"53232\" destination-address=\"172.16.1.19\" destination-port=\"445\" service-name=\"junos-smb\" nat-source-address=\"192.168.2.164\" nat-source-port=\"53232\" nat-destination-address=\"172.16.1.19\" nat-destination-port=\"445\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"6\" policy-name=\"35\" source-zone-name=\"Trust\" destination-zone-name=\"Trust\" session-id-32=\"206\" packets-from-client=\"13\" bytes-from-client=\"4274\" packets-from-server=\"9\" bytes-from-server=\"1575\" elapsed-time=\"16\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"ge-0/0/2.0\"]", + "outcome": "success", + "severity": 14, + "start": "2019-04-13T14:33:06.576Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "reason": "TCP RST", "process": "RT_FLOW", + "reason": "TCP RST", + "service_name": "junos-smb", "session_id_32": "206", - "tag": "RT_FLOW_SESSION_CLOSE", - "service_name": "junos-smb" + "tag": "RT_FLOW_SESSION_CLOSE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "tcp", "bytes": 5849, "iana_number": "6", - "packets": 22 + "packets": 22, + "transport": "tcp" }, "observer": { - "name": "cixi", + "egress": { + "zone": "Trust" + }, "ingress": { "interface": { "name": "ge-0/0/2.0" }, "zone": "Trust" }, + "name": "cixi", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "Trust" - } - }, - "@timestamp": "2019-04-13T14:33:06.576Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -983,252 +985,252 @@ "172.16.1.19" ] }, - "client": { + "rule": { + "name": "35" + }, + "server": { + "bytes": 1575, + "ip": "172.16.1.19", "nat": { - "port": 53232 + "port": 445 }, - "port": 53232, + "packets": 9, + "port": 445 + }, + "source": { "bytes": 4274, + "ip": "192.168.2.164", + "nat": { + "ip": "192.168.2.164", + "port": 53232 + }, "packets": 13, - "ip": "192.168.2.164" + "port": 53232 }, - "event": { - "duration": 16000000000, - "severity": 14, - "original": "\u003c14\u003e1 2019-04-13T14:33:06.576Z cixi RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"TCP RST\" source-address=\"192.168.2.164\" source-port=\"53232\" destination-address=\"172.16.1.19\" destination-port=\"445\" service-name=\"junos-smb\" nat-source-address=\"192.168.2.164\" nat-source-port=\"53232\" nat-destination-address=\"172.16.1.19\" nat-destination-port=\"445\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"6\" policy-name=\"35\" source-zone-name=\"Trust\" destination-zone-name=\"Trust\" session-id-32=\"206\" packets-from-client=\"13\" bytes-from-client=\"4274\" packets-from-server=\"9\" bytes-from-server=\"1575\" elapsed-time=\"16\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"ge-0/0/2.0\"]", - "kind": "event", - "start": "2019-04-13T14:33:06.576Z", - "action": "flow_close", - "end": "2019-04-13T14:33:22.576Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2018-10-07T01:32:20.898Z", + "client": { + "bytes": 72, + "ip": "67.43.156.14", "nat": { - "port": 53 + "port": 11152 }, - "port": 53, - "bytes": 136, "packets": 1, - "ip": "67.43.156.14" - }, - "log": { - "level": "informational" + "port": 52890 }, "destination": { - "nat": { - "port": 53, - "ip": "67.43.156.14" - }, - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, "as": { "number": 35908 }, - "port": 53, "bytes": 136, - "ip": "67.43.156.14", - "packets": 1 - }, - "rule": { - "name": "NAT" - }, - "source": { - "nat": { - "port": 11152, - "ip": "67.43.156.14" - }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 52890, - "bytes": 72, "ip": "67.43.156.14", - "packets": 1 + "nat": { + "ip": "67.43.156.14", + "port": 53 + }, + "packets": 1, + "port": 53 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 8000000000, + "end": "2018-10-07T01:32:28.898Z", + "kind": "event", + "original": "\u003c14\u003e1 2018-10-07T01:32:20.898Z TestFW2 RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"idle Timeout\" source-address=\"67.43.156.14\" source-port=\"52890\" destination-address=\"67.43.156.14\" destination-port=\"53\" service-name=\"junos-dns-udp\" nat-source-address=\"67.43.156.14\" nat-source-port=\"11152\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"53\" src-nat-rule-type=\"source rule\" src-nat-rule-name=\"NAT_S\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"17\" policy-name=\"NAT\" source-zone-name=\"Gi_nat\" destination-zone-name=\"Internet\" session-id-32=\"220368889\" packets-from-client=\"1\" bytes-from-client=\"72\" packets-from-server=\"1\" bytes-from-server=\"136\" elapsed-time=\"8\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth0.108\" encrypted=\"UNKNOWN\"]", + "outcome": "success", + "severity": 14, + "start": "2018-10-07T01:32:20.898Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "src_nat_rule_name": "NAT_S", - "reason": "idle Timeout", "process": "RT_FLOW", + "reason": "idle Timeout", "service_name": "junos-dns-udp", "session_id_32": "220368889", - "tag": "RT_FLOW_SESSION_CLOSE", - "src_nat_rule_type": "source rule" + "src_nat_rule_name": "NAT_S", + "src_nat_rule_type": "source rule", + "tag": "RT_FLOW_SESSION_CLOSE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "udp", "bytes": 208, "iana_number": "17", - "packets": 2 + "packets": 2, + "transport": "udp" }, "observer": { - "name": "TestFW2", + "egress": { + "zone": "Internet" + }, "ingress": { "interface": { "name": "reth0.108" }, "zone": "Gi_nat" }, + "name": "TestFW2", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "Internet" - } - }, - "@timestamp": "2018-10-07T01:32:20.898Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ "67.43.156.14" ] }, - "client": { + "rule": { + "name": "NAT" + }, + "server": { + "bytes": 136, + "ip": "67.43.156.14", "nat": { - "port": 11152 + "port": 53 + }, + "packets": 1, + "port": 53 + }, + "source": { + "as": { + "number": 35908 }, - "port": 52890, "bytes": 72, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "nat": { + "ip": "67.43.156.14", + "port": 11152 + }, "packets": 1, - "ip": "67.43.156.14" + "port": 52890 }, - "event": { - "duration": 8000000000, - "severity": 14, - "original": "\u003c14\u003e1 2018-10-07T01:32:20.898Z TestFW2 RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"idle Timeout\" source-address=\"67.43.156.14\" source-port=\"52890\" destination-address=\"67.43.156.14\" destination-port=\"53\" service-name=\"junos-dns-udp\" nat-source-address=\"67.43.156.14\" nat-source-port=\"11152\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"53\" src-nat-rule-type=\"source rule\" src-nat-rule-name=\"NAT_S\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"17\" policy-name=\"NAT\" source-zone-name=\"Gi_nat\" destination-zone-name=\"Internet\" session-id-32=\"220368889\" packets-from-client=\"1\" bytes-from-client=\"72\" packets-from-server=\"1\" bytes-from-server=\"136\" elapsed-time=\"8\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth0.108\" encrypted=\"UNKNOWN\"]", - "kind": "event", - "start": "2018-10-07T01:32:20.898Z", - "action": "flow_close", - "end": "2018-10-07T01:32:28.898Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2018-06-30T02:17:22.753Z", + "client": { + "bytes": 67, + "ip": "192.168.255.2", "nat": { - "port": 53 + "port": 20215 }, - "port": 53, - "bytes": 116, "packets": 1, - "ip": "67.43.156.15" - }, - "log": { - "level": "informational" + "port": 62047 }, "destination": { - "nat": { - "port": 53, - "ip": "67.43.156.15" + "as": { + "number": 35908 }, + "bytes": 116, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 53, - "bytes": 116, "ip": "67.43.156.15", - "packets": 1 - }, - "rule": { - "name": "trust-to-untrust-001" - }, - "source": { "nat": { - "port": 20215, - "ip": "192.168.0.47" + "ip": "67.43.156.15", + "port": 53 }, - "port": 62047, - "bytes": 67, "packets": 1, - "ip": "192.168.255.2" + "port": 53 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 3000000000, + "end": "2018-06-30T02:17:25.753Z", + "kind": "event", + "original": "\u003c14\u003e1 2018-06-30T02:17:22.753Z fw0001 RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"idle Timeout\" source-address=\"192.168.255.2\" source-port=\"62047\" destination-address=\"67.43.156.15\" destination-port=\"53\" service-name=\"junos-dns-udp\" nat-source-address=\"192.168.0.47\" nat-source-port=\"20215\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"53\" src-nat-rule-type=\"source rule\" src-nat-rule-name=\"rule001\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"17\" policy-name=\"trust-to-untrust-001\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"9621\" packets-from-client=\"1\" bytes-from-client=\"67\" packets-from-server=\"1\" bytes-from-server=\"116\" elapsed-time=\"3\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"fe-0/0/1.0\" encrypted=\"UNKNOWN\"]", + "outcome": "success", + "severity": 14, + "start": "2018-06-30T02:17:22.753Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "src_nat_rule_name": "rule001", - "reason": "idle Timeout", "process": "RT_FLOW", + "reason": "idle Timeout", "service_name": "junos-dns-udp", "session_id_32": "9621", - "tag": "RT_FLOW_SESSION_CLOSE", - "src_nat_rule_type": "source rule" + "src_nat_rule_name": "rule001", + "src_nat_rule_type": "source rule", + "tag": "RT_FLOW_SESSION_CLOSE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "udp", "bytes": 183, "iana_number": "17", - "packets": 2 + "packets": 2, + "transport": "udp" }, "observer": { - "name": "fw0001", + "egress": { + "zone": "untrust" + }, "ingress": { "interface": { "name": "fe-0/0/1.0" }, "zone": "trust" }, + "name": "fw0001", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "untrust" - } - }, - "@timestamp": "2018-06-30T02:17:22.753Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -1237,109 +1239,109 @@ "192.168.0.47" ] }, - "client": { + "rule": { + "name": "trust-to-untrust-001" + }, + "server": { + "bytes": 116, + "ip": "67.43.156.15", "nat": { - "port": 20215 + "port": 53 }, - "port": 62047, + "packets": 1, + "port": 53 + }, + "source": { "bytes": 67, + "ip": "192.168.255.2", + "nat": { + "ip": "192.168.0.47", + "port": 20215 + }, "packets": 1, - "ip": "192.168.255.2" + "port": 62047 }, - "event": { - "duration": 3000000000, - "severity": 14, - "original": "\u003c14\u003e1 2018-06-30T02:17:22.753Z fw0001 RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"idle Timeout\" source-address=\"192.168.255.2\" source-port=\"62047\" destination-address=\"67.43.156.15\" destination-port=\"53\" service-name=\"junos-dns-udp\" nat-source-address=\"192.168.0.47\" nat-source-port=\"20215\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"53\" src-nat-rule-type=\"source rule\" src-nat-rule-name=\"rule001\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"17\" policy-name=\"trust-to-untrust-001\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"9621\" packets-from-client=\"1\" bytes-from-client=\"67\" packets-from-server=\"1\" bytes-from-server=\"116\" elapsed-time=\"3\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"fe-0/0/1.0\" encrypted=\"UNKNOWN\"]", - "kind": "event", - "start": "2018-06-30T02:17:22.753Z", - "action": "flow_close", - "end": "2018-06-30T02:17:25.753Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2015-09-25T14:19:53.846Z", + "client": { + "bytes": 0, + "ip": "10.164.110.223", "nat": { - "port": 21 + "port": 58020 }, - "port": 21, - "bytes": 0, "packets": 0, - "ip": "10.104.12.161" - }, - "log": { - "level": "informational" + "port": 9057 }, "destination": { + "bytes": 0, + "ip": "10.104.12.161", "nat": { - "port": 21, - "ip": "10.12.70.1" + "ip": "10.12.70.1", + "port": 21 }, - "port": 21, - "bytes": 0, "packets": 0, - "ip": "10.104.12.161" + "port": 21 }, - "rule": { - "name": "FW-FTP" + "ecs": { + "version": "8.2.0" }, - "source": { - "nat": { - "port": 58020, - "ip": "10.9.1.150" - }, - "port": 9057, - "bytes": 0, - "packets": 0, - "ip": "10.164.110.223" + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 1000000000, + "end": "2015-09-25T14:19:54.846Z", + "kind": "event", + "original": "\u003c14\u003e1 2015-09-25T14:19:53.846Z VPNBox-A RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"application failure or action\" source-address=\"10.164.110.223\" source-port=\"9057\" destination-address=\"10.104.12.161\" destination-port=\"21\" service-name=\"junos-ftp\" nat-source-address=\"10.9.1.150\" nat-source-port=\"58020\" nat-destination-address=\"10.12.70.1\" nat-destination-port=\"21\" src-nat-rule-name=\"SNAT-Policy5\" dst-nat-rule-name=\"NAT-Policy10\" protocol-id=\"6\" policy-name=\"FW-FTP\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"24311\" packets-from-client=\"0\" bytes-from-client=\"0\" packets-from-server=\"0\" bytes-from-server=\"0\" elapsed-time=\"1\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth0.0\" encrypted=\"No \"]", + "outcome": "success", + "severity": 14, + "start": "2015-09-25T14:19:53.846Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "src_nat_rule_name": "SNAT-Policy5", - "reason": "application failure or action", - "process": "RT_FLOW", "dst_nat_rule_name": "NAT-Policy10", "encrypted": "No ", + "process": "RT_FLOW", + "reason": "application failure or action", "service_name": "junos-ftp", "session_id_32": "24311", + "src_nat_rule_name": "SNAT-Policy5", "tag": "RT_FLOW_SESSION_CLOSE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "tcp", "bytes": 0, "iana_number": "6", - "packets": 0 + "packets": 0, + "transport": "tcp" }, "observer": { - "name": "VPNBox-A", + "egress": { + "zone": "untrust" + }, "ingress": { "interface": { "name": "reth0.0" }, "zone": "trust" }, + "name": "VPNBox-A", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "untrust" - } - }, - "@timestamp": "2015-09-25T14:19:53.846Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -1349,119 +1351,106 @@ "10.12.70.1" ] }, - "client": { + "rule": { + "name": "FW-FTP" + }, + "server": { + "bytes": 0, + "ip": "10.104.12.161", "nat": { - "port": 58020 + "port": 21 }, - "port": 9057, + "packets": 0, + "port": 21 + }, + "source": { "bytes": 0, + "ip": "10.164.110.223", + "nat": { + "ip": "10.9.1.150", + "port": 58020 + }, "packets": 0, - "ip": "10.164.110.223" + "port": 9057 }, - "event": { - "duration": 1000000000, - "severity": 14, - "original": "\u003c14\u003e1 2015-09-25T14:19:53.846Z VPNBox-A RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"application failure or action\" source-address=\"10.164.110.223\" source-port=\"9057\" destination-address=\"10.104.12.161\" destination-port=\"21\" service-name=\"junos-ftp\" nat-source-address=\"10.9.1.150\" nat-source-port=\"58020\" nat-destination-address=\"10.12.70.1\" nat-destination-port=\"21\" src-nat-rule-name=\"SNAT-Policy5\" dst-nat-rule-name=\"NAT-Policy10\" protocol-id=\"6\" policy-name=\"FW-FTP\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"24311\" packets-from-client=\"0\" bytes-from-client=\"0\" packets-from-server=\"0\" bytes-from-server=\"0\" elapsed-time=\"1\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth0.0\" encrypted=\"No \"]", - "kind": "event", - "start": "2015-09-25T14:19:53.846Z", - "action": "flow_close", - "end": "2015-09-25T14:19:54.846Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2013-01-19T15:18:17.040Z", + "client": { + "ip": "192.168.224.30", "nat": { - "port": 21 + "port": 14406 }, - "port": 21, - "ip": "67.43.156.14" - }, - "log": { - "level": "informational" + "port": 3129 }, "destination": { - "nat": { - "port": 21, - "ip": "67.43.156.14" - }, - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, "as": { "number": 35908 }, - "port": 21, - "ip": "67.43.156.14" - }, - "rule": { - "name": "General-Outbound" - }, - "source": { - "nat": { - "port": 14406, - "ip": "67.43.156.14" - }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "67.43.156.14", + "nat": { + "ip": "67.43.156.14", + "port": 21 }, - "port": 3129, - "ip": "192.168.224.30" + "port": 21 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_started", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c14\u003e1 2013-01-19T15:18:17.040 SRX100HM RT_FLOW - APPTRACK_SESSION_CREATE [junos@67.43.156.15 source-address=\"192.168.224.30\" source-port=\"3129\" destination-address=\"67.43.156.14\" destination-port=\"21\" service-name=\"junos-ftp\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"67.43.156.14\" nat-source-port=\"14406\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"21\" src-nat-rule-name=\"1\" dst-nat-rule-name=\"None\" protocol-id=\"6\" policy-name=\"General-Outbound\" source-zone-name=\"LAN\" destination-zone-name=\"Danger\" session-id-32=\"5058\" username=\"N/A\" roles=\"N/A\" encrypted=\"N/A\"]", + "outcome": "success", + "severity": 14, + "type": [ + "start", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "src_nat_rule_name": "1", "process": "RT_FLOW", + "service_name": "junos-ftp", "session_id_32": "5058", - "tag": "APPTRACK_SESSION_CREATE", - "service_name": "junos-ftp" + "src_nat_rule_name": "1", + "tag": "APPTRACK_SESSION_CREATE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "iana_number": "6", "transport": "tcp" }, "observer": { - "name": "SRX100HM", + "egress": { + "zone": "Danger" + }, "ingress": { "zone": "LAN" }, + "name": "SRX100HM", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "Danger" - } - }, - "@timestamp": "2013-01-19T15:18:17.040Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -1469,122 +1458,123 @@ "67.43.156.14" ] }, - "client": { - "nat": { - "port": 14406 - }, - "port": 3129, - "ip": "192.168.224.30" + "rule": { + "name": "General-Outbound" }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2013-01-19T15:18:17.040 SRX100HM RT_FLOW - APPTRACK_SESSION_CREATE [junos@67.43.156.15 source-address=\"192.168.224.30\" source-port=\"3129\" destination-address=\"67.43.156.14\" destination-port=\"21\" service-name=\"junos-ftp\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"67.43.156.14\" nat-source-port=\"14406\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"21\" src-nat-rule-name=\"1\" dst-nat-rule-name=\"None\" protocol-id=\"6\" policy-name=\"General-Outbound\" source-zone-name=\"LAN\" destination-zone-name=\"Danger\" session-id-32=\"5058\" username=\"N/A\" roles=\"N/A\" encrypted=\"N/A\"]", - "kind": "event", - "action": "flow_started", - "category": [ - "network" - ], - "type": [ - "start", - "allowed", - "connection" - ], - "outcome": "success" - } - }, - { "server": { + "ip": "67.43.156.14", "nat": { "port": 21 }, - "port": 21, - "bytes": 0, - "packets": 0, - "ip": "67.43.156.14" - }, - "log": { - "level": "informational" + "port": 21 }, - "destination": { - "nat": { - "port": 21, - "ip": "67.43.156.14" + "source": { + "as": { + "number": 35908 }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "192.168.224.30", + "nat": { + "ip": "67.43.156.14", + "port": 14406 + }, + "port": 3129 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2013-01-19T15:18:17.040Z", + "client": { + "bytes": 48, + "ip": "192.168.224.30", + "nat": { + "port": 14406 }, + "packets": 1, + "port": 3129 + }, + "destination": { "as": { "number": 35908 }, - "port": 21, "bytes": 0, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.14", - "packets": 0 - }, - "rule": { - "name": "General-Outbound" - }, - "source": { "nat": { - "port": 14406, - "ip": "67.43.156.14" - }, - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "ip": "67.43.156.14", + "port": 21 }, - "port": 3129, - "bytes": 48, - "ip": "192.168.224.30", - "packets": 1 + "packets": 0, + "port": 21 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_started", + "category": [ + "network" + ], + "duration": 0, + "end": "2013-01-19T15:18:17.040Z", + "kind": "event", + "original": "\u003c14\u003e1 2013-01-19T15:18:17.040 SRX100HM RT_FLOW - APPTRACK_SESSION_VOL_UPDATE [junos@67.43.156.15 source-address=\"192.168.224.30\" source-port=\"3129\" destination-address=\"67.43.156.14\" destination-port=\"21\" service-name=\"junos-ftp\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"67.43.156.14\" nat-source-port=\"14406\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"21\" src-nat-rule-name=\"1\" dst-nat-rule-name=\"None\" protocol-id=\"6\" policy-name=\"General-Outbound\" source-zone-name=\"LAN\" destination-zone-name=\"Danger\" session-id-32=\"5058\" packets-from-client=\"1\" bytes-from-client=\"48\" packets-from-server=\"0\" bytes-from-server=\"0\" elapsed-time=\"0\" username=\"N/A\" roles=\"N/A\" encrypted=\"N/A\"]", + "outcome": "success", + "severity": 14, + "start": "2013-01-19T15:18:17.040Z", + "type": [ + "start", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "src_nat_rule_name": "1", "process": "RT_FLOW", + "service_name": "junos-ftp", "session_id_32": "5058", - "tag": "APPTRACK_SESSION_VOL_UPDATE", - "service_name": "junos-ftp" + "src_nat_rule_name": "1", + "tag": "APPTRACK_SESSION_VOL_UPDATE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "tcp", "bytes": 48, "iana_number": "6", - "packets": 1 + "packets": 1, + "transport": "tcp" }, "observer": { - "name": "SRX100HM", + "egress": { + "zone": "Danger" + }, "ingress": { "zone": "LAN" }, + "name": "SRX100HM", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "Danger" - } - }, - "@timestamp": "2013-01-19T15:18:17.040Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -1592,129 +1582,129 @@ "67.43.156.14" ] }, - "client": { - "nat": { - "port": 14406 - }, - "port": 3129, - "bytes": 48, - "packets": 1, - "ip": "192.168.224.30" + "rule": { + "name": "General-Outbound" }, - "event": { - "duration": 0, - "severity": 14, - "original": "\u003c14\u003e1 2013-01-19T15:18:17.040 SRX100HM RT_FLOW - APPTRACK_SESSION_VOL_UPDATE [junos@67.43.156.15 source-address=\"192.168.224.30\" source-port=\"3129\" destination-address=\"67.43.156.14\" destination-port=\"21\" service-name=\"junos-ftp\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"67.43.156.14\" nat-source-port=\"14406\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"21\" src-nat-rule-name=\"1\" dst-nat-rule-name=\"None\" protocol-id=\"6\" policy-name=\"General-Outbound\" source-zone-name=\"LAN\" destination-zone-name=\"Danger\" session-id-32=\"5058\" packets-from-client=\"1\" bytes-from-client=\"48\" packets-from-server=\"0\" bytes-from-server=\"0\" elapsed-time=\"0\" username=\"N/A\" roles=\"N/A\" encrypted=\"N/A\"]", - "kind": "event", - "start": "2013-01-19T15:18:17.040Z", - "action": "flow_started", - "end": "2013-01-19T15:18:17.040Z", - "category": [ - "network" - ], - "type": [ - "start", - "allowed", - "connection" - ], - "outcome": "success" - } - }, - { "server": { + "bytes": 0, + "ip": "67.43.156.14", "nat": { "port": 21 }, - "port": 21, - "bytes": 104, - "packets": 2, - "ip": "67.43.156.14" - }, - "log": { - "level": "informational" + "packets": 0, + "port": 21 }, - "destination": { - "nat": { - "port": 21, - "ip": "67.43.156.14" + "source": { + "as": { + "number": 35908 }, + "bytes": 48, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "192.168.224.30", + "nat": { + "ip": "67.43.156.14", + "port": 14406 }, - "port": 21, - "bytes": 104, - "ip": "67.43.156.14", - "packets": 2 - }, - "rule": { - "name": "General-Outbound" + "packets": 1, + "port": 3129 }, - "source": { + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2013-01-19T15:18:17.040Z", + "client": { + "bytes": 144, + "ip": "192.168.224.30", "nat": { - "port": 14406, - "ip": "67.43.156.14" + "port": 14406 + }, + "packets": 3, + "port": 3129 + }, + "destination": { + "as": { + "number": 35908 }, + "bytes": 104, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "67.43.156.14", + "nat": { + "ip": "67.43.156.14", + "port": 21 }, - "port": 3129, - "bytes": 144, - "ip": "192.168.224.30", - "packets": 3 + "packets": 2, + "port": 21 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 1000000000, + "end": "2013-01-19T15:18:18.040Z", + "kind": "event", + "original": "\u003c14\u003e1 2013-01-19T15:18:17.040 SRX100HM RT_FLOW - APPTRACK_SESSION_CLOSE [junos@67.43.156.15 reason=\"application failure or action\" source-address=\"192.168.224.30\" source-port=\"3129\" destination-address=\"67.43.156.14\" destination-port=\"21\" service-name=\"junos-ftp\" application=\"FTP\" nested-application=\"UNKNOWN\" nat-source-address=\"67.43.156.14\" nat-source-port=\"14406\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"21\" src-nat-rule-name=\"1\" dst-nat-rule-name=\"None\" protocol-id=\"6\" policy-name=\"General-Outbound\" source-zone-name=\"LAN\" destination-zone-name=\"Danger\" session-id-32=\"5058\" packets-from-client=\"3\" bytes-from-client=\"144\" packets-from-server=\"2\" bytes-from-server=\"104\" elapsed-time=\"1\" username=\"N/A\" roles=\"N/A\" encrypted=\"N/A\"]", + "outcome": "success", + "severity": 14, + "start": "2013-01-19T15:18:17.040Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "src_nat_rule_name": "1", - "reason": "application failure or action", - "process": "RT_FLOW", "application": "FTP", + "process": "RT_FLOW", + "reason": "application failure or action", "service_name": "junos-ftp", "session_id_32": "5058", + "src_nat_rule_name": "1", "tag": "APPTRACK_SESSION_CLOSE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "tcp", "bytes": 248, "iana_number": "6", - "packets": 5 + "packets": 5, + "transport": "tcp" }, "observer": { - "name": "SRX100HM", + "egress": { + "zone": "Danger" + }, "ingress": { "zone": "LAN" }, + "name": "SRX100HM", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "Danger" - } - }, - "@timestamp": "2013-01-19T15:18:17.040Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -1722,629 +1712,644 @@ "67.43.156.14" ] }, - "client": { - "nat": { - "port": 14406 - }, - "port": 3129, - "bytes": 144, - "packets": 3, - "ip": "192.168.224.30" + "rule": { + "name": "General-Outbound" }, - "event": { - "duration": 1000000000, - "severity": 14, - "original": "\u003c14\u003e1 2013-01-19T15:18:17.040 SRX100HM RT_FLOW - APPTRACK_SESSION_CLOSE [junos@67.43.156.15 reason=\"application failure or action\" source-address=\"192.168.224.30\" source-port=\"3129\" destination-address=\"67.43.156.14\" destination-port=\"21\" service-name=\"junos-ftp\" application=\"FTP\" nested-application=\"UNKNOWN\" nat-source-address=\"67.43.156.14\" nat-source-port=\"14406\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"21\" src-nat-rule-name=\"1\" dst-nat-rule-name=\"None\" protocol-id=\"6\" policy-name=\"General-Outbound\" source-zone-name=\"LAN\" destination-zone-name=\"Danger\" session-id-32=\"5058\" packets-from-client=\"3\" bytes-from-client=\"144\" packets-from-server=\"2\" bytes-from-server=\"104\" elapsed-time=\"1\" username=\"N/A\" roles=\"N/A\" encrypted=\"N/A\"]", - "kind": "event", - "start": "2013-01-19T15:18:17.040Z", - "action": "flow_close", - "end": "2013-01-19T15:18:18.040Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" - ], - "outcome": "success" - } - }, - { "server": { + "bytes": 104, + "ip": "67.43.156.14", "nat": { - "port": 80 + "port": 21 }, - "port": 80, - "bytes": 686432, - "packets": 584, - "ip": "67.43.156.15" - }, - "log": { - "level": "informational" + "packets": 2, + "port": 21 }, - "destination": { - "nat": { - "port": 80, - "ip": "67.43.156.15" + "source": { + "as": { + "number": 35908 }, + "bytes": 144, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "192.168.224.30", + "nat": { + "ip": "67.43.156.14", + "port": 14406 }, - "port": 80, - "bytes": 686432, - "ip": "67.43.156.15", - "packets": 584 - }, - "rule": { - "name": "permit-all" + "packets": 3, + "port": 3129 }, - "source": { + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2013-01-19T15:18:18.040Z", + "client": { + "bytes": 19592, + "ip": "67.43.156.14", "nat": { - "port": 33040, - "ip": "67.43.156.14" + "port": 33040 + }, + "packets": 371, + "port": 33040 + }, + "destination": { + "as": { + "number": 35908 }, + "bytes": 686432, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "67.43.156.15", + "nat": { + "ip": "67.43.156.15", + "port": 80 }, - "port": 33040, - "bytes": 19592, - "ip": "67.43.156.14", - "user": { - "name": "user1" - }, - "packets": 371 + "packets": 584, + "port": 80 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_started", + "category": [ + "network" + ], + "duration": 60000000000, + "end": "2013-01-19T15:19:18.040Z", + "kind": "event", + "original": "\u003c14\u003e1 2013-01-19T15:18:18.040 SRX100HM RT_FLOW - APPTRACK_SESSION_VOL_UPDATE [junos@67.43.156.15 source-address=\"67.43.156.14\" source-port=\"33040\" destination-address=\"67.43.156.15\" destination-port=\"80\" service-name=\"junos-http\" application=\"HTTP\" nested-application=\"FACEBOOK-SOCIALRSS\" nat-source-address=\"67.43.156.14\" nat-source-port=\"33040\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"80\" src-nat-rule-name=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"permit-all\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"28\" packets-from-client=\"371\" bytes-from-client=\"19592\" packets-from-server=\"584\" bytes-from-server=\"686432\" elapsed-time=\"60\" username=\"user1\" roles=\"DEPT1\" encrypted=\"No\" destination-interface-name=”st0.0” apbr-rule-type=”default”]", + "outcome": "success", + "severity": 14, + "start": "2013-01-19T15:18:18.040Z", + "type": [ + "start", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "process": "RT_FLOW", + "apbr_rule_type": "”default”", "application": "HTTP", "encrypted": "No", - "service_name": "junos-http", + "nested_application": "FACEBOOK-SOCIALRSS", + "process": "RT_FLOW", "roles": "DEPT1", - "apbr_rule_type": "”default”", + "service_name": "junos-http", "session_id_32": "28", - "tag": "APPTRACK_SESSION_VOL_UPDATE", - "nested_application": "FACEBOOK-SOCIALRSS" + "tag": "APPTRACK_SESSION_VOL_UPDATE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "tcp", "bytes": 706024, "iana_number": "6", - "packets": 955 + "packets": 955, + "transport": "tcp" }, "observer": { - "name": "SRX100HM", - "ingress": { - "zone": "trust" - }, - "product": "SRX", - "type": "firewall", - "vendor": "Juniper", "egress": { "interface": { "name": "”st0.0”" }, "zone": "untrust" - } - }, - "@timestamp": "2013-01-19T15:18:18.040Z", - "ecs": { - "version": "8.0.0" + }, + "ingress": { + "zone": "trust" + }, + "name": "SRX100HM", + "product": "SRX", + "type": "firewall", + "vendor": "Juniper" }, "related": { - "user": [ - "user1" - ], "ip": [ "67.43.156.14", "67.43.156.15" + ], + "user": [ + "user1" ] }, - "client": { - "nat": { - "port": 33040 - }, - "port": 33040, - "bytes": 19592, - "packets": 371, - "ip": "67.43.156.14" + "rule": { + "name": "permit-all" }, - "event": { - "duration": 60000000000, - "severity": 14, - "original": "\u003c14\u003e1 2013-01-19T15:18:18.040 SRX100HM RT_FLOW - APPTRACK_SESSION_VOL_UPDATE [junos@67.43.156.15 source-address=\"67.43.156.14\" source-port=\"33040\" destination-address=\"67.43.156.15\" destination-port=\"80\" service-name=\"junos-http\" application=\"HTTP\" nested-application=\"FACEBOOK-SOCIALRSS\" nat-source-address=\"67.43.156.14\" nat-source-port=\"33040\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"80\" src-nat-rule-name=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"permit-all\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"28\" packets-from-client=\"371\" bytes-from-client=\"19592\" packets-from-server=\"584\" bytes-from-server=\"686432\" elapsed-time=\"60\" username=\"user1\" roles=\"DEPT1\" encrypted=\"No\" destination-interface-name=”st0.0” apbr-rule-type=”default”]", - "kind": "event", - "start": "2013-01-19T15:18:18.040Z", - "action": "flow_started", - "end": "2013-01-19T15:19:18.040Z", - "category": [ - "network" - ], - "type": [ - "start", - "allowed", - "connection" - ], - "outcome": "success" - } - }, - { "server": { + "bytes": 686432, + "ip": "67.43.156.15", "nat": { "port": 80 }, - "port": 80, - "ip": "67.43.156.15" - }, - "log": { - "level": "informational" + "packets": 584, + "port": 80 }, - "destination": { - "nat": { - "port": 80, - "ip": "67.43.156.15" + "source": { + "as": { + "number": 35908 }, + "bytes": 19592, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "67.43.156.14", + "nat": { + "ip": "67.43.156.14", + "port": 33040 }, - "port": 80, - "ip": "67.43.156.15" - }, - "rule": { - "name": "permit-all" + "packets": 371, + "port": 33040, + "user": { + "name": "user1" + } }, - "source": { + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2013-01-19T15:18:19.040Z", + "client": { + "ip": "67.43.156.14", "nat": { - "port": 33040, - "ip": "67.43.156.14" + "port": 33040 + }, + "port": 33040 + }, + "destination": { + "as": { + "number": 35908 }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 33040, - "user": { - "name": "user1" + "ip": "67.43.156.15", + "nat": { + "ip": "67.43.156.15", + "port": 80 }, - "ip": "67.43.156.14" + "port": 80 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_started", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c14\u003e1 2013-01-19T15:18:19.040 SRX100HM RT_FLOW - APPTRACK_SESSION_ROUTE_UPDATE [junos@67.43.156.15 source-address=\"67.43.156.14\" source-port=\"33040\" destination-address=\"67.43.156.15\" destination-port=\"80\" service-name=\"junos-http\" application=\"HTTP\" nested-application=\"FACEBOOK-SOCIALRSS\" nat-source-address=\"67.43.156.14\" nat-source-port=\"33040\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"80\" src-nat-rule-name=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"permit-all\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"28\" username=\"user1\" roles=\"DEPT1\" encrypted=\"No\" profile-name=”pf1” rule-name=”facebook1” routing-instance=”instance1” destination-interface-name=”st0.0” apbr-rule-type=”default”]", + "outcome": "success", + "severity": 14, + "type": [ + "start", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "profile_name": "”pf1”", - "process": "RT_FLOW", - "routing_instance": "”instance1”", + "apbr_rule_type": "”default”", "application": "HTTP", "encrypted": "No", + "nested_application": "FACEBOOK-SOCIALRSS", + "process": "RT_FLOW", + "profile_name": "”pf1”", + "roles": "DEPT1", + "routing_instance": "”instance1”", "rule_name": "”facebook1”", "service_name": "junos-http", - "roles": "DEPT1", - "apbr_rule_type": "”default”", "session_id_32": "28", - "tag": "APPTRACK_SESSION_ROUTE_UPDATE", - "nested_application": "FACEBOOK-SOCIALRSS" + "tag": "APPTRACK_SESSION_ROUTE_UPDATE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "iana_number": "6", "transport": "tcp" }, "observer": { - "name": "SRX100HM", - "ingress": { - "zone": "trust" - }, - "product": "SRX", - "type": "firewall", - "vendor": "Juniper", "egress": { "interface": { "name": "”st0.0”" }, "zone": "untrust" - } - }, - "@timestamp": "2013-01-19T15:18:19.040Z", - "ecs": { - "version": "8.0.0" + }, + "ingress": { + "zone": "trust" + }, + "name": "SRX100HM", + "product": "SRX", + "type": "firewall", + "vendor": "Juniper" }, "related": { - "user": [ - "user1" - ], "ip": [ "67.43.156.14", "67.43.156.15" + ], + "user": [ + "user1" ] }, - "client": { - "nat": { - "port": 33040 - }, - "port": 33040, - "ip": "67.43.156.14" + "rule": { + "name": "permit-all" }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2013-01-19T15:18:19.040 SRX100HM RT_FLOW - APPTRACK_SESSION_ROUTE_UPDATE [junos@67.43.156.15 source-address=\"67.43.156.14\" source-port=\"33040\" destination-address=\"67.43.156.15\" destination-port=\"80\" service-name=\"junos-http\" application=\"HTTP\" nested-application=\"FACEBOOK-SOCIALRSS\" nat-source-address=\"67.43.156.14\" nat-source-port=\"33040\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"80\" src-nat-rule-name=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"permit-all\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"28\" username=\"user1\" roles=\"DEPT1\" encrypted=\"No\" profile-name=”pf1” rule-name=”facebook1” routing-instance=”instance1” destination-interface-name=”st0.0” apbr-rule-type=”default”]", - "kind": "event", - "action": "flow_started", - "category": [ - "network" - ], - "type": [ - "start", - "allowed", - "connection" - ], - "outcome": "success" - } - }, - { "server": { + "ip": "67.43.156.15", "nat": { "port": 80 }, - "port": 80, - "bytes": 646, - "packets": 3, - "ip": "67.43.156.15" + "port": 80 }, - "log": { - "level": "informational" - }, - "destination": { - "nat": { - "port": 80, - "ip": "67.43.156.15" + "source": { + "as": { + "number": 35908 }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "67.43.156.14", + "nat": { + "ip": "67.43.156.14", + "port": 33040 }, - "port": 80, - "bytes": 646, - "ip": "67.43.156.15", - "packets": 3 - }, - "rule": { - "name": "permit-all" + "port": 33040, + "user": { + "name": "user1" + } }, - "source": { + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2013-01-19T15:18:20.040Z", + "client": { + "bytes": 392, + "ip": "67.43.156.14", "nat": { - "port": 48873, - "ip": "67.43.156.14" + "port": 48873 }, + "packets": 5, + "port": 48873 + }, + "destination": { + "as": { + "number": 35908 + }, + "bytes": 646, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 48873, - "bytes": 392, - "ip": "67.43.156.14", - "user": { - "name": "user1" + "ip": "67.43.156.15", + "nat": { + "ip": "67.43.156.15", + "port": 80 }, - "packets": 5 + "packets": 3, + "port": 80 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 3000000000, + "end": "2013-01-19T15:18:23.040Z", + "kind": "event", + "original": "\u003c14\u003e1 2013-01-19T15:18:20.040 SRX100HM RT_FLOW - APPTRACK_SESSION_CLOSE [junos@67.43.156.15 reason=\"TCP CLIENT RST\" source-address=\"67.43.156.14\" source-port=\"48873\" destination-address=\"67.43.156.15\" destination-port=\"80\" service-name=\"junos-http\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"67.43.156.14\" nat-source-port=\"48873\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"80\" src-nat-rule-name=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"permit-all\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"32\" packets-from-client=\"5\" bytes-from-client=\"392\" packets-from-server=\"3\" bytes-from-server=\"646\" elapsed-time=\"3\" username=\"user1\" roles=\"DEPT1\" encrypted=\"No\" destination-interface-name=”st0.0” apbr-rule-type=”default”]", + "outcome": "success", + "severity": 14, + "start": "2013-01-19T15:18:20.040Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "reason": "TCP CLIENT RST", - "process": "RT_FLOW", + "apbr_rule_type": "”default”", "encrypted": "No", - "service_name": "junos-http", + "process": "RT_FLOW", + "reason": "TCP CLIENT RST", "roles": "DEPT1", - "apbr_rule_type": "”default”", + "service_name": "junos-http", "session_id_32": "32", "tag": "APPTRACK_SESSION_CLOSE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "tcp", "bytes": 1038, "iana_number": "6", - "packets": 8 + "packets": 8, + "transport": "tcp" }, "observer": { - "name": "SRX100HM", - "ingress": { - "zone": "trust" - }, - "product": "SRX", - "type": "firewall", - "vendor": "Juniper", "egress": { "interface": { "name": "”st0.0”" }, "zone": "untrust" - } - }, - "@timestamp": "2013-01-19T15:18:20.040Z", - "ecs": { - "version": "8.0.0" + }, + "ingress": { + "zone": "trust" + }, + "name": "SRX100HM", + "product": "SRX", + "type": "firewall", + "vendor": "Juniper" }, "related": { - "user": [ - "user1" - ], "ip": [ "67.43.156.14", "67.43.156.15" - ] - }, - "client": { - "nat": { - "port": 48873 - }, - "port": 48873, - "bytes": 392, - "packets": 5, - "ip": "67.43.156.14" - }, - "event": { - "duration": 3000000000, - "severity": 14, - "original": "\u003c14\u003e1 2013-01-19T15:18:20.040 SRX100HM RT_FLOW - APPTRACK_SESSION_CLOSE [junos@67.43.156.15 reason=\"TCP CLIENT RST\" source-address=\"67.43.156.14\" source-port=\"48873\" destination-address=\"67.43.156.15\" destination-port=\"80\" service-name=\"junos-http\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"67.43.156.14\" nat-source-port=\"48873\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"80\" src-nat-rule-name=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"permit-all\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"32\" packets-from-client=\"5\" bytes-from-client=\"392\" packets-from-server=\"3\" bytes-from-server=\"646\" elapsed-time=\"3\" username=\"user1\" roles=\"DEPT1\" encrypted=\"No\" destination-interface-name=”st0.0” apbr-rule-type=”default”]", - "kind": "event", - "start": "2013-01-19T15:18:20.040Z", - "action": "flow_close", - "end": "2013-01-19T15:18:23.040Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" ], - "outcome": "success" - } - }, - { + "user": [ + "user1" + ] + }, + "rule": { + "name": "permit-all" + }, "server": { + "bytes": 646, + "ip": "67.43.156.15", "nat": { - "port": 768 + "port": 80 }, - "port": 768, - "ip": "67.43.156.14" - }, - "log": { - "level": "informational" + "packets": 3, + "port": 80 }, - "destination": { - "nat": { - "port": 768, - "ip": "67.43.156.14" + "source": { + "as": { + "number": 35908 }, + "bytes": 392, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "67.43.156.14", + "nat": { + "ip": "67.43.156.14", + "port": 48873 }, - "port": 768, - "ip": "67.43.156.14" - }, - "rule": { - "name": "alg-policy" + "packets": 5, + "port": 48873, + "user": { + "name": "user1" + } }, - "source": { + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2020-11-04T16:23:09.264Z", + "client": { + "ip": "67.43.156.14", "nat": { - "port": 24065, - "ip": "67.43.156.14" + "port": 24065 + }, + "port": 24065 + }, + "destination": { + "as": { + "number": 35908 }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "67.43.156.14", + "nat": { + "ip": "67.43.156.14", + "port": 768 }, - "port": 24065, - "ip": "67.43.156.14" + "port": 768 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_started", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c14\u003e1 2020-11-04T16:23:09.264Z cixi RT_FLOW - RT_FLOW_SESSION_CREATE_LS [junos@67.43.156.15 source-address=\"67.43.156.14\" source-port=\"24065\" destination-address=\"67.43.156.14\" destination-port=\"768\" service-name=\"icmp\" nat-source-address=\"67.43.156.14\" nat-source-port=\"24065\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"768\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"1\" policy-name=\"alg-policy\" source-zone-name=\"untrust\" destination-zone-name=\"trust\" session-id-32=\"100000165\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth2.0\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" encrypted=\"UNKNOWN\"]", + "outcome": "success", + "severity": 14, + "type": [ + "start", + "allowed", + "connection" + ] }, "juniper": { "srx": { "process": "RT_FLOW", + "service_name": "icmp", "session_id_32": "100000165", - "tag": "RT_FLOW_SESSION_CREATE_LS", - "service_name": "icmp" + "tag": "RT_FLOW_SESSION_CREATE_LS" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "iana_number": "1", "transport": "icmp" }, "observer": { - "name": "cixi", + "egress": { + "zone": "trust" + }, "ingress": { "interface": { "name": "reth2.0" }, "zone": "untrust" }, + "name": "cixi", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "trust" - } - }, - "@timestamp": "2020-11-04T16:23:09.264Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ "67.43.156.14" ] }, - "client": { + "rule": { + "name": "alg-policy" + }, + "server": { + "ip": "67.43.156.14", + "nat": { + "port": 768 + }, + "port": 768 + }, + "source": { + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", "nat": { + "ip": "67.43.156.14", "port": 24065 }, - "port": 24065, - "ip": "67.43.156.14" + "port": 24065 }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2020-11-04T16:23:09.264Z cixi RT_FLOW - RT_FLOW_SESSION_CREATE_LS [junos@67.43.156.15 source-address=\"67.43.156.14\" source-port=\"24065\" destination-address=\"67.43.156.14\" destination-port=\"768\" service-name=\"icmp\" nat-source-address=\"67.43.156.14\" nat-source-port=\"24065\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"768\" src-nat-rule-name=\"None\" dst-nat-rule-name=\"None\" protocol-id=\"1\" policy-name=\"alg-policy\" source-zone-name=\"untrust\" destination-zone-name=\"trust\" session-id-32=\"100000165\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"reth2.0\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" encrypted=\"UNKNOWN\"]", - "kind": "event", - "action": "flow_started", - "category": [ - "network" - ], - "type": [ - "start", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { - "port": 161, - "ip": "67.43.156.13" - }, - "log": { - "level": "informational" + "@timestamp": "2020-11-14T10:12:46.573Z", + "client": { + "ip": "10.0.0.26", + "port": 37233 }, "destination": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 161, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 161 }, - "rule": { - "name": "MgmtAccess-trust-cleanup" + "ecs": { + "version": "8.2.0" }, - "source": { - "port": 37233, - "ip": "10.0.0.26" + "event": { + "action": "flow_deny", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c14\u003e1 2020-11-14T11:12:46.573+01:00 SRX-GW1 RT_FLOW - RT_FLOW_SESSION_DENY_LS [junos@67.43.156.15 source-address=\"10.0.0.26\" source-port=\"37233\" destination-address=\"67.43.156.13\" destination-port=\"161\" connection-tag=\"0\" service-name=\"None\" protocol-id=\"17\" icmp-type=\"0\" policy-name=\"MgmtAccess-trust-cleanup\" source-zone-name=\"trust\" destination-zone-name=\"junos-host\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\".local..0\" encrypted=\"No\" reason=\"Denied by policy\" session-id-32=\"7087\" application-category=\"N/A\" application-sub-category=\"N/A\" application-risk=\"1\" application-characteristics=\"N/A\"]", + "outcome": "success", + "risk_score": 1.0, + "severity": 14, + "type": [ + "denied", + "connection" + ] }, "juniper": { "srx": { - "reason": "Denied by policy", - "icmp_type": "0", - "process": "RT_FLOW", "connection_tag": "0", "encrypted": "No", + "icmp_type": "0", + "process": "RT_FLOW", + "reason": "Denied by policy", "session_id_32": "7087", "tag": "RT_FLOW_SESSION_DENY_LS" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "iana_number": "17", "transport": "udp" }, "observer": { - "name": "SRX-GW1", + "egress": { + "zone": "junos-host" + }, "ingress": { "interface": { "name": ".local..0" }, "zone": "trust" }, + "name": "SRX-GW1", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "junos-host" - } - }, - "@timestamp": "2020-11-14T10:12:46.573Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -2352,251 +2357,248 @@ "67.43.156.13" ] }, - "client": { - "port": 37233, - "ip": "10.0.0.26" + "rule": { + "name": "MgmtAccess-trust-cleanup" }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2020-11-14T11:12:46.573+01:00 SRX-GW1 RT_FLOW - RT_FLOW_SESSION_DENY_LS [junos@67.43.156.15 source-address=\"10.0.0.26\" source-port=\"37233\" destination-address=\"67.43.156.13\" destination-port=\"161\" connection-tag=\"0\" service-name=\"None\" protocol-id=\"17\" icmp-type=\"0\" policy-name=\"MgmtAccess-trust-cleanup\" source-zone-name=\"trust\" destination-zone-name=\"junos-host\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\".local..0\" encrypted=\"No\" reason=\"Denied by policy\" session-id-32=\"7087\" application-category=\"N/A\" application-sub-category=\"N/A\" application-risk=\"1\" application-characteristics=\"N/A\"]", - "risk_score": 1.0, - "kind": "event", - "action": "flow_deny", - "category": [ - "network" - ], - "type": [ - "denied", - "connection" - ], - "outcome": "success" - } + "server": { + "ip": "67.43.156.13", + "port": 161 + }, + "source": { + "ip": "10.0.0.26", + "port": 37233 + }, + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2020-01-19T15:18:20.040Z", + "client": { + "bytes": 392, + "ip": "67.43.156.14", "nat": { - "port": 80 + "port": 48873 }, - "port": 80, - "bytes": 646, - "packets": 3, - "ip": "67.43.156.15" - }, - "log": { - "level": "informational" + "packets": 5, + "port": 48873 }, "destination": { - "nat": { - "port": 80, - "ip": "67.43.156.15" - }, - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, "as": { "number": 35908 }, - "port": 80, "bytes": 646, - "ip": "67.43.156.15", - "packets": 3 - }, - "rule": { - "name": "permit-all" - }, - "source": { - "nat": { - "port": 48873, - "ip": "67.43.156.14" - }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 48873, - "bytes": 392, - "ip": "67.43.156.14", - "user": { - "name": "user1" + "ip": "67.43.156.15", + "nat": { + "ip": "67.43.156.15", + "port": 80 }, - "packets": 5 + "packets": 3, + "port": 80 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 3000000000, + "end": "2020-01-19T15:18:23.040Z", + "kind": "event", + "original": "\u003c14\u003e1 2020-01-19T15:18:20.040 SRX100HM RT_FLOW - APPTRACK_SESSION_CLOSE_LS [junos@67.43.156.15 reason=\"TCP CLIENT RST\" source-address=\"67.43.156.14\" source-port=\"48873\" destination-address=\"67.43.156.15\" destination-port=\"80\" service-name=\"junos-http\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"67.43.156.14\" nat-source-port=\"48873\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"80\" src-nat-rule-name=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"permit-all\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"32\" packets-from-client=\"5\" bytes-from-client=\"392\" packets-from-server=\"3\" bytes-from-server=\"646\" elapsed-time=\"3\" username=\"user1\" roles=\"DEPT1\" encrypted=\"No\" destination-interface-name=”st0.0” apbr-rule-type=”default”]", + "outcome": "success", + "severity": 14, + "start": "2020-01-19T15:18:20.040Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "reason": "TCP CLIENT RST", - "process": "RT_FLOW", + "apbr_rule_type": "”default”", "encrypted": "No", - "service_name": "junos-http", + "process": "RT_FLOW", + "reason": "TCP CLIENT RST", "roles": "DEPT1", - "apbr_rule_type": "”default”", + "service_name": "junos-http", "session_id_32": "32", "tag": "APPTRACK_SESSION_CLOSE_LS" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "tcp", "bytes": 1038, "iana_number": "6", - "packets": 8 + "packets": 8, + "transport": "tcp" }, "observer": { - "name": "SRX100HM", - "ingress": { - "zone": "trust" - }, - "product": "SRX", - "type": "firewall", - "vendor": "Juniper", "egress": { "interface": { "name": "”st0.0”" }, "zone": "untrust" - } - }, - "@timestamp": "2020-01-19T15:18:20.040Z", - "ecs": { - "version": "8.0.0" + }, + "ingress": { + "zone": "trust" + }, + "name": "SRX100HM", + "product": "SRX", + "type": "firewall", + "vendor": "Juniper" }, "related": { - "user": [ - "user1" - ], "ip": [ "67.43.156.14", "67.43.156.15" + ], + "user": [ + "user1" ] }, - "client": { + "rule": { + "name": "permit-all" + }, + "server": { + "bytes": 646, + "ip": "67.43.156.15", "nat": { - "port": 48873 + "port": 80 + }, + "packets": 3, + "port": 80 + }, + "source": { + "as": { + "number": 35908 }, - "port": 48873, "bytes": 392, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.14", + "nat": { + "ip": "67.43.156.14", + "port": 48873 + }, "packets": 5, - "ip": "67.43.156.14" + "port": 48873, + "user": { + "name": "user1" + } }, - "event": { - "duration": 3000000000, - "severity": 14, - "original": "\u003c14\u003e1 2020-01-19T15:18:20.040 SRX100HM RT_FLOW - APPTRACK_SESSION_CLOSE_LS [junos@67.43.156.15 reason=\"TCP CLIENT RST\" source-address=\"67.43.156.14\" source-port=\"48873\" destination-address=\"67.43.156.15\" destination-port=\"80\" service-name=\"junos-http\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"67.43.156.14\" nat-source-port=\"48873\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"80\" src-nat-rule-name=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"permit-all\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"32\" packets-from-client=\"5\" bytes-from-client=\"392\" packets-from-server=\"3\" bytes-from-server=\"646\" elapsed-time=\"3\" username=\"user1\" roles=\"DEPT1\" encrypted=\"No\" destination-interface-name=”st0.0” apbr-rule-type=”default”]", - "kind": "event", - "start": "2020-01-19T15:18:20.040Z", - "action": "flow_close", - "end": "2020-01-19T15:18:23.040Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2020-07-14T14:17:11.928Z", + "client": { + "bytes": 2322, + "ip": "10.1.1.100", "nat": { - "port": 80 + "port": 6018 }, - "port": 80, - "bytes": 2132, - "packets": 34, - "ip": "67.43.156.14" - }, - "log": { - "level": "informational" + "packets": 42, + "port": 58943 }, "destination": { - "nat": { - "port": 80, - "ip": "67.43.156.14" + "as": { + "number": 35908 }, + "bytes": 2132, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 80, - "bytes": 2132, "ip": "67.43.156.14", - "packets": 34 - }, - "rule": { - "name": "default-permit" - }, - "source": { "nat": { - "port": 6018, - "ip": "172.19.34.100" + "ip": "67.43.156.14", + "port": 80 }, - "port": 58943, - "bytes": 2322, - "packets": 42, - "ip": "10.1.1.100" + "packets": 34, + "port": 80 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_started", + "category": [ + "network" + ], + "duration": 60000000000, + "end": "2020-07-14T14:18:11.928Z", + "kind": "event", + "original": "\u003c14\u003e1 2020-07-14T14:17:11.928Z SRX100HM RT_FLOW - APPTRACK_SESSION_VOL_UPDATE [junos@67.43.156.15 source-address=\"10.1.1.100\" source-port=\"58943\" destination-address=\"67.43.156.14\" destination-port=\"80\" service-name=\"junos-http\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"172.19.34.100\" nat-source-port=\"6018\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"80\" src-nat-rule-name=\"our-nat-rule\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"default-permit\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"16118\" packets-from-client=\"42\" bytes-from-client=\"2322\" packets-from-server=\"34\" bytes-from-server=\"2132\" elapsed-time=\"60\" username=\"N/A\" roles=\"N/A\" encrypted=\"No\" destination-interface-name=\"ge-0/0/0.0\" category=\"N/A\" sub-category=\"N/A\" src-vrf-grp=\"N/A\" dst-vrf-grp=\"N/A\"]", + "outcome": "success", + "severity": 14, + "start": "2020-07-14T14:17:11.928Z", + "type": [ + "start", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "src_nat_rule_name": "our-nat-rule", + "encrypted": "No", "process": "RT_FLOW", + "service_name": "junos-http", "session_id_32": "16118", - "tag": "APPTRACK_SESSION_VOL_UPDATE", - "encrypted": "No", - "service_name": "junos-http" + "src_nat_rule_name": "our-nat-rule", + "tag": "APPTRACK_SESSION_VOL_UPDATE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "tcp", "bytes": 4454, "iana_number": "6", - "packets": 76 + "packets": 76, + "transport": "tcp" }, "observer": { - "name": "SRX100HM", - "ingress": { - "zone": "trust" - }, - "product": "SRX", - "type": "firewall", - "vendor": "Juniper", "egress": { "interface": { "name": "ge-0/0/0.0" }, "zone": "untrust" - } - }, - "@timestamp": "2020-07-14T14:17:11.928Z", - "ecs": { - "version": "8.0.0" + }, + "ingress": { + "zone": "trust" + }, + "name": "SRX100HM", + "product": "SRX", + "type": "firewall", + "vendor": "Juniper" }, "related": { "ip": [ @@ -2605,128 +2607,129 @@ "172.19.34.100" ] }, - "client": { + "rule": { + "name": "default-permit" + }, + "server": { + "bytes": 2132, + "ip": "67.43.156.14", "nat": { - "port": 6018 + "port": 80 }, - "port": 58943, + "packets": 34, + "port": 80 + }, + "source": { "bytes": 2322, + "ip": "10.1.1.100", + "nat": { + "ip": "172.19.34.100", + "port": 6018 + }, "packets": 42, - "ip": "10.1.1.100" + "port": 58943 }, - "event": { - "duration": 60000000000, - "severity": 14, - "original": "\u003c14\u003e1 2020-07-14T14:17:11.928Z SRX100HM RT_FLOW - APPTRACK_SESSION_VOL_UPDATE [junos@67.43.156.15 source-address=\"10.1.1.100\" source-port=\"58943\" destination-address=\"67.43.156.14\" destination-port=\"80\" service-name=\"junos-http\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"172.19.34.100\" nat-source-port=\"6018\" nat-destination-address=\"67.43.156.14\" nat-destination-port=\"80\" src-nat-rule-name=\"our-nat-rule\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"default-permit\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"16118\" packets-from-client=\"42\" bytes-from-client=\"2322\" packets-from-server=\"34\" bytes-from-server=\"2132\" elapsed-time=\"60\" username=\"N/A\" roles=\"N/A\" encrypted=\"No\" destination-interface-name=\"ge-0/0/0.0\" category=\"N/A\" sub-category=\"N/A\" src-vrf-grp=\"N/A\" dst-vrf-grp=\"N/A\"]", - "kind": "event", - "start": "2020-07-14T14:17:11.928Z", - "action": "flow_started", - "end": "2020-07-14T14:18:11.928Z", - "category": [ - "network" - ], - "type": [ - "start", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2020-07-13T16:43:05.041Z", + "client": { + "bytes": 9530, + "ip": "10.1.1.100", "nat": { - "port": 8883 + "port": 24519 }, - "port": 8883, - "bytes": 9670, - "packets": 96, - "ip": "67.43.156.15" - }, - "log": { - "level": "informational" + "packets": 161, + "port": 64720 }, "destination": { - "nat": { - "port": 8883, - "ip": "67.43.156.15" + "as": { + "number": 35908 }, + "bytes": 9670, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 8883, - "bytes": 9670, "ip": "67.43.156.15", - "packets": 96 - }, - "rule": { - "name": "default-permit" - }, - "source": { "nat": { - "port": 24519, - "ip": "172.19.34.100" + "ip": "67.43.156.15", + "port": 8883 }, - "port": 64720, - "bytes": 9530, - "packets": 161, - "ip": "10.1.1.100" + "packets": 96, + "port": 8883 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 23755000000000, + "end": "2020-07-13T23:19:00.041Z", + "kind": "event", + "original": "\u003c14\u003e1 2020-07-13T16:43:05.041Z SRX100HM RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"idle Timeout\" source-address=\"10.1.1.100\" source-port=\"64720\" destination-address=\"67.43.156.15\" destination-port=\"8883\" connection-tag=\"0\" service-name=\"None\" nat-source-address=\"172.19.34.100\" nat-source-port=\"24519\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"8883\" nat-connection-tag=\"0\" src-nat-rule-type=\"source rule\" src-nat-rule-name=\"our-nat-rule\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"default-permit\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"3851\" packets-from-client=\"161\" bytes-from-client=\"9530\" packets-from-server=\"96\" bytes-from-server=\"9670\" elapsed-time=\"23755\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"ge-0/0/1.0\" encrypted=\"UNKNOWN\" application-category=\"N/A\" application-sub-category=\"N/A\" application-risk=\"1\" application-characteristics=\"N/A\" secure-web-proxy-session-type=\"NA\" peer-session-id=\"0\" peer-source-address=\"0.0.0.0\" peer-source-port=\"0\" peer-destination-address=\"0.0.0.0\" peer-destination-port=\"0\" hostname=\"NA NA\" src-vrf-grp=\"N/A\" dst-vrf-grp=\"N/A\"]", + "outcome": "success", + "risk_score": 1.0, + "severity": 14, + "start": "2020-07-13T16:43:05.041Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "src_nat_rule_name": "our-nat-rule", - "reason": "idle Timeout", - "process": "RT_FLOW", "connection_tag": "0", - "peer_source_address": "0.0.0.0", - "peer_destination_address": "0.0.0.0", "hostname": "NA NA", - "peer_source_port": "0", - "peer_session_id": "0", + "nat_connection_tag": "0", + "peer_destination_address": "0.0.0.0", "peer_destination_port": "0", + "peer_session_id": "0", + "peer_source_address": "0.0.0.0", + "peer_source_port": "0", + "process": "RT_FLOW", + "reason": "idle Timeout", "secure_web_proxy_session_type": "NA", "session_id_32": "3851", - "nat_connection_tag": "0", - "tag": "RT_FLOW_SESSION_CLOSE", - "src_nat_rule_type": "source rule" + "src_nat_rule_name": "our-nat-rule", + "src_nat_rule_type": "source rule", + "tag": "RT_FLOW_SESSION_CLOSE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "tcp", "bytes": 19200, "iana_number": "6", - "packets": 257 + "packets": 257, + "transport": "tcp" }, "observer": { - "name": "SRX100HM", + "egress": { + "zone": "untrust" + }, "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trust" }, + "name": "SRX100HM", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "untrust" - } - }, - "@timestamp": "2020-07-13T16:43:05.041Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -2735,114 +2738,113 @@ "172.19.34.100" ] }, - "client": { + "rule": { + "name": "default-permit" + }, + "server": { + "bytes": 9670, + "ip": "67.43.156.15", "nat": { - "port": 24519 + "port": 8883 }, - "port": 64720, + "packets": 96, + "port": 8883 + }, + "source": { "bytes": 9530, + "ip": "10.1.1.100", + "nat": { + "ip": "172.19.34.100", + "port": 24519 + }, "packets": 161, - "ip": "10.1.1.100" + "port": 64720 }, - "event": { - "duration": 23755000000000, - "severity": 14, - "original": "\u003c14\u003e1 2020-07-13T16:43:05.041Z SRX100HM RT_FLOW - RT_FLOW_SESSION_CLOSE [junos@67.43.156.15 reason=\"idle Timeout\" source-address=\"10.1.1.100\" source-port=\"64720\" destination-address=\"67.43.156.15\" destination-port=\"8883\" connection-tag=\"0\" service-name=\"None\" nat-source-address=\"172.19.34.100\" nat-source-port=\"24519\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"8883\" nat-connection-tag=\"0\" src-nat-rule-type=\"source rule\" src-nat-rule-name=\"our-nat-rule\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"6\" policy-name=\"default-permit\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"3851\" packets-from-client=\"161\" bytes-from-client=\"9530\" packets-from-server=\"96\" bytes-from-server=\"9670\" elapsed-time=\"23755\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"ge-0/0/1.0\" encrypted=\"UNKNOWN\" application-category=\"N/A\" application-sub-category=\"N/A\" application-risk=\"1\" application-characteristics=\"N/A\" secure-web-proxy-session-type=\"NA\" peer-session-id=\"0\" peer-source-address=\"0.0.0.0\" peer-source-port=\"0\" peer-destination-address=\"0.0.0.0\" peer-destination-port=\"0\" hostname=\"NA NA\" src-vrf-grp=\"N/A\" dst-vrf-grp=\"N/A\"]", - "risk_score": 1.0, - "kind": "event", - "start": "2020-07-13T16:43:05.041Z", - "action": "flow_close", - "end": "2020-07-13T23:19:00.041Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2020-07-13T16:12:05.530Z", + "client": { + "ip": "10.1.1.100", "nat": { - "port": 53 + "port": 30838 }, - "port": 53, - "ip": "67.43.156.15" - }, - "log": { - "level": "informational" + "port": 49583 }, "destination": { - "nat": { - "port": 53, - "ip": "67.43.156.15" + "as": { + "number": 35908 }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 + "ip": "67.43.156.15", + "nat": { + "ip": "67.43.156.15", + "port": 53 }, - "port": 53, - "ip": "67.43.156.15" + "port": 53 }, - "rule": { - "name": "default-permit" + "ecs": { + "version": "8.2.0" }, - "source": { - "nat": { - "port": 30838, - "ip": "172.19.34.100" - }, - "port": 49583, - "ip": "10.1.1.100" + "event": { + "action": "flow_started", + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c14\u003e1 2020-07-13T16:12:05.530Z SRX100HM RT_FLOW - RT_FLOW_SESSION_CREATE [junos@67.43.156.15 source-address=\"10.1.1.100\" source-port=\"49583\" destination-address=\"67.43.156.15\" destination-port=\"53\" connection-tag=\"0\" service-name=\"junos-dns-udp\" nat-source-address=\"172.19.34.100\" nat-source-port=\"30838\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"53\" nat-connection-tag=\"0\" src-nat-rule-type=\"source rule\" src-nat-rule-name=\"our-nat-rule\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"17\" policy-name=\"default-permit\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"15399\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"ge-0/0/1.0\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" encrypted=\"UNKNOWN\" application-category=\"N/A\" application-sub-category=\"N/A\" application-risk=\"1\" application-characteristics=\"N/A\" src-vrf-grp=\"N/A\" dst-vrf-grp=\"N/A\"]", + "outcome": "success", + "risk_score": 1.0, + "severity": 14, + "type": [ + "start", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "src_nat_rule_name": "our-nat-rule", - "process": "RT_FLOW", "connection_tag": "0", + "nat_connection_tag": "0", + "process": "RT_FLOW", "service_name": "junos-dns-udp", "session_id_32": "15399", - "nat_connection_tag": "0", - "tag": "RT_FLOW_SESSION_CREATE", - "src_nat_rule_type": "source rule" + "src_nat_rule_name": "our-nat-rule", + "src_nat_rule_type": "source rule", + "tag": "RT_FLOW_SESSION_CREATE" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "iana_number": "17", "transport": "udp" }, "observer": { - "name": "SRX100HM", + "egress": { + "zone": "untrust" + }, "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trust" }, + "name": "SRX100HM", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "untrust" - } - }, - "@timestamp": "2020-07-13T16:12:05.530Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -2851,119 +2853,119 @@ "172.19.34.100" ] }, - "client": { + "rule": { + "name": "default-permit" + }, + "server": { + "ip": "67.43.156.15", + "nat": { + "port": 53 + }, + "port": 53 + }, + "source": { + "ip": "10.1.1.100", "nat": { + "ip": "172.19.34.100", "port": 30838 }, - "port": 49583, - "ip": "10.1.1.100" + "port": 49583 }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2020-07-13T16:12:05.530Z SRX100HM RT_FLOW - RT_FLOW_SESSION_CREATE [junos@67.43.156.15 source-address=\"10.1.1.100\" source-port=\"49583\" destination-address=\"67.43.156.15\" destination-port=\"53\" connection-tag=\"0\" service-name=\"junos-dns-udp\" nat-source-address=\"172.19.34.100\" nat-source-port=\"30838\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"53\" nat-connection-tag=\"0\" src-nat-rule-type=\"source rule\" src-nat-rule-name=\"our-nat-rule\" dst-nat-rule-type=\"N/A\" dst-nat-rule-name=\"N/A\" protocol-id=\"17\" policy-name=\"default-permit\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"15399\" username=\"N/A\" roles=\"N/A\" packet-incoming-interface=\"ge-0/0/1.0\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" encrypted=\"UNKNOWN\" application-category=\"N/A\" application-sub-category=\"N/A\" application-risk=\"1\" application-characteristics=\"N/A\" src-vrf-grp=\"N/A\" dst-vrf-grp=\"N/A\"]", - "risk_score": 1.0, - "kind": "event", - "action": "flow_started", - "category": [ - "network" - ], - "type": [ - "start", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2020-07-13T16:12:05.530Z", + "client": { + "bytes": 66, + "ip": "10.1.1.100", "nat": { - "port": 53 + "port": 26764 }, - "port": 53, - "bytes": 82, "packets": 1, - "ip": "67.43.156.15" - }, - "log": { - "level": "informational" + "port": 63381 }, "destination": { - "nat": { - "port": 53, - "ip": "67.43.156.15" + "as": { + "number": 35908 }, + "bytes": 82, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 53, - "bytes": 82, "ip": "67.43.156.15", - "packets": 1 - }, - "rule": { - "name": "default-permit" - }, - "source": { "nat": { - "port": 26764, - "ip": "172.19.34.100" + "ip": "67.43.156.15", + "port": 53 }, - "port": 63381, - "bytes": 66, "packets": 1, - "ip": "10.1.1.100" + "port": 53 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flow_close", + "category": [ + "network" + ], + "duration": 3000000000, + "end": "2020-07-13T16:12:08.530Z", + "kind": "event", + "original": "\u003c14\u003e1 2020-07-13T16:12:05.530Z SRX100HM RT_FLOW - APPTRACK_SESSION_CLOSE [junos@67.43.156.15 reason=\"Closed by junos-alg\" source-address=\"10.1.1.100\" source-port=\"63381\" destination-address=\"67.43.156.15\" destination-port=\"53\" service-name=\"junos-dns-udp\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"172.19.34.100\" nat-source-port=\"26764\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"53\" src-nat-rule-name=\"our-nat-rule\" dst-nat-rule-name=\"N/A\" protocol-id=\"17\" policy-name=\"default-permit\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"15361\" packets-from-client=\"1\" bytes-from-client=\"66\" packets-from-server=\"1\" bytes-from-server=\"82\" elapsed-time=\"3\" username=\"N/A\" roles=\"N/A\" encrypted=\"No\" profile-name=\"N/A\" rule-name=\"N/A\" routing-instance=\"default\" destination-interface-name=\"ge-0/0/0.0\" uplink-incoming-interface-name=\"N/A\" uplink-tx-bytes=\"0\" uplink-rx-bytes=\"0\" category=\"N/A\" sub-category=\"N/A\" apbr-policy-name=\"N/A\" multipath-rule-name=\"N/A\" src-vrf-grp=\"N/A\" dst-vrf-grp=\"N/A\"]", + "outcome": "success", + "severity": 14, + "start": "2020-07-13T16:12:05.530Z", + "type": [ + "end", + "allowed", + "connection" + ] }, "juniper": { "srx": { - "src_nat_rule_name": "our-nat-rule", - "reason": "Closed by junos-alg", + "encrypted": "No", "process": "RT_FLOW", + "reason": "Closed by junos-alg", "routing_instance": "default", - "encrypted": "No", "service_name": "junos-dns-udp", - "uplink_tx_bytes": "0", - "uplink_rx_bytes": "0", "session_id_32": "15361", - "tag": "APPTRACK_SESSION_CLOSE" + "src_nat_rule_name": "our-nat-rule", + "tag": "APPTRACK_SESSION_CLOSE", + "uplink_rx_bytes": "0", + "uplink_tx_bytes": "0" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { - "transport": "udp", "bytes": 148, "iana_number": "17", - "packets": 2 + "packets": 2, + "transport": "udp" }, "observer": { - "name": "SRX100HM", - "ingress": { - "zone": "trust" - }, - "product": "SRX", - "type": "firewall", - "vendor": "Juniper", "egress": { "interface": { "name": "ge-0/0/0.0" }, "zone": "untrust" - } - }, - "@timestamp": "2020-07-13T16:12:05.530Z", - "ecs": { - "version": "8.0.0" + }, + "ingress": { + "zone": "trust" + }, + "name": "SRX100HM", + "product": "SRX", + "type": "firewall", + "vendor": "Juniper" }, "related": { "ip": [ @@ -2972,33 +2974,31 @@ "172.19.34.100" ] }, - "client": { + "rule": { + "name": "default-permit" + }, + "server": { + "bytes": 82, + "ip": "67.43.156.15", "nat": { - "port": 26764 + "port": 53 }, - "port": 63381, + "packets": 1, + "port": 53 + }, + "source": { "bytes": 66, + "ip": "10.1.1.100", + "nat": { + "ip": "172.19.34.100", + "port": 26764 + }, "packets": 1, - "ip": "10.1.1.100" + "port": 63381 }, - "event": { - "duration": 3000000000, - "severity": 14, - "original": "\u003c14\u003e1 2020-07-13T16:12:05.530Z SRX100HM RT_FLOW - APPTRACK_SESSION_CLOSE [junos@67.43.156.15 reason=\"Closed by junos-alg\" source-address=\"10.1.1.100\" source-port=\"63381\" destination-address=\"67.43.156.15\" destination-port=\"53\" service-name=\"junos-dns-udp\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" nat-source-address=\"172.19.34.100\" nat-source-port=\"26764\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"53\" src-nat-rule-name=\"our-nat-rule\" dst-nat-rule-name=\"N/A\" protocol-id=\"17\" policy-name=\"default-permit\" source-zone-name=\"trust\" destination-zone-name=\"untrust\" session-id-32=\"15361\" packets-from-client=\"1\" bytes-from-client=\"66\" packets-from-server=\"1\" bytes-from-server=\"82\" elapsed-time=\"3\" username=\"N/A\" roles=\"N/A\" encrypted=\"No\" profile-name=\"N/A\" rule-name=\"N/A\" routing-instance=\"default\" destination-interface-name=\"ge-0/0/0.0\" uplink-incoming-interface-name=\"N/A\" uplink-tx-bytes=\"0\" uplink-rx-bytes=\"0\" category=\"N/A\" sub-category=\"N/A\" apbr-policy-name=\"N/A\" multipath-rule-name=\"N/A\" src-vrf-grp=\"N/A\" dst-vrf-grp=\"N/A\"]", - "kind": "event", - "start": "2020-07-13T16:12:05.530Z", - "action": "flow_close", - "end": "2020-07-13T16:12:08.530Z", - "category": [ - "network" - ], - "type": [ - "end", - "allowed", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] } ] } \ No newline at end of file diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json index abbfd67351f..d8b76951cfa 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json @@ -1,343 +1,345 @@ { "expected": [ { - "server": { + "@timestamp": "2020-03-02T23:13:03.193Z", + "client": { + "bytes": 0, + "ip": "10.11.11.1", "nat": { - "port": 9757 + "port": 13312 }, - "port": 123, - "bytes": 0, "packets": 0, - "ip": "67.43.156.13" - }, - "log": { - "level": "notification" + "port": 12345 }, "destination": { + "bytes": 0, + "ip": "67.43.156.13", "nat": { - "port": 9757, - "ip": "67.43.156.15" + "ip": "67.43.156.15", + "port": 9757 }, - "port": 123, - "bytes": 0, "packets": 0, - "ip": "67.43.156.13" + "port": 123 }, - "rule": { - "name": "IPS", - "id": "3" + "ecs": { + "version": "8.2.0" }, - "source": { - "nat": { - "port": 13312, - "ip": "0.0.0.0" - }, - "port": 12345, - "user": { - "name": "unknown-user" - }, - "bytes": 0, - "packets": 0, - "ip": "10.11.11.1" + "event": { + "action": "security_threat", + "category": [ + "network", + "intrusion_detection" + ], + "duration": 0, + "end": "2020-03-02T23:13:03.193Z", + "kind": "alert", + "original": "\u003c165\u003e1 2020-03-02T23:13:03.193Z idp1 RT_IDP - IDP_ATTACK_LOG_EVENT [junos@67.43.156.15 epoch-time=\"1583190783\" message-type=\"SIG\" source-address=\"10.11.11.1\" source-port=\"12345\" destination-address=\"67.43.156.13\" destination-port=\"123\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"3\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"20175\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"HTTP:MISC:GENERIC-DIR-TRAVERSAL\" nat-source-address=\"0.0.0.0\" nat-source-port=\"13312\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"9757\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"UNTRUST\" source-interface-name=\"reth1.24\" destination-zone-name=\"DMZ\" destination-interface-name=\"reth2.21\" packet-log-id=\"0\" alert=\"no\" username=\"unknown-user\" roles=\"N/A\" index=\"cnm\" type=\"idp\" message=\"-\"]", + "outcome": "success", + "severity": 165, + "start": "2020-03-02T23:13:03.193Z", + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { - "process": "RT_IDP", - "threat_severity": "HIGH", - "service_name": "SERVICE_IDP", - "policy_name": "Recommended", + "action": "DROP", + "alert": "no", + "application_name": "HTTP", + "attack_name": "HTTP:MISC:GENERIC-DIR-TRAVERSAL", + "epoch_time": "1583190783", + "export_id": "20175", "index": "cnm", "message_type": "SIG", - "repeat_count": "0", - "export_id": "20175", - "type": "idp", - "attack_name": "HTTP:MISC:GENERIC-DIR-TRAVERSAL", - "application_name": "HTTP", - "alert": "no", "packet_log_id": "0", - "action": "DROP", + "policy_name": "Recommended", + "process": "RT_IDP", + "repeat_count": "0", + "service_name": "SERVICE_IDP", "tag": "IDP_ATTACK_LOG_EVENT", - "epoch_time": "1583190783" + "threat_severity": "HIGH", + "type": "idp" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "notification" + }, "network": { "protocol": "TCP" }, "observer": { - "name": "idp1", + "egress": { + "interface": { + "name": "reth2.21" + }, + "zone": "DMZ" + }, "ingress": { "interface": { "name": "reth1.24" }, "zone": "UNTRUST" }, + "name": "idp1", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "interface": { - "name": "reth2.21" - }, - "zone": "DMZ" - } - }, - "@timestamp": "2020-03-02T23:13:03.193Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { - "user": [ - "unknown-user" - ], "ip": [ "10.11.11.1", "67.43.156.13", "0.0.0.0", "67.43.156.15" + ], + "user": [ + "unknown-user" ] }, - "client": { + "rule": { + "id": "3", + "name": "IPS" + }, + "server": { + "bytes": 0, + "ip": "67.43.156.13", "nat": { - "port": 13312 + "port": 9757 }, - "port": 12345, + "packets": 0, + "port": 123 + }, + "source": { "bytes": 0, + "ip": "10.11.11.1", + "nat": { + "ip": "0.0.0.0", + "port": 13312 + }, "packets": 0, - "ip": "10.11.11.1" + "port": 12345, + "user": { + "name": "unknown-user" + } }, - "event": { - "duration": 0, - "severity": 165, - "original": "\u003c165\u003e1 2020-03-02T23:13:03.193Z idp1 RT_IDP - IDP_ATTACK_LOG_EVENT [junos@67.43.156.15 epoch-time=\"1583190783\" message-type=\"SIG\" source-address=\"10.11.11.1\" source-port=\"12345\" destination-address=\"67.43.156.13\" destination-port=\"123\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"3\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"20175\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"HTTP:MISC:GENERIC-DIR-TRAVERSAL\" nat-source-address=\"0.0.0.0\" nat-source-port=\"13312\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"9757\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"UNTRUST\" source-interface-name=\"reth1.24\" destination-zone-name=\"DMZ\" destination-interface-name=\"reth2.21\" packet-log-id=\"0\" alert=\"no\" username=\"unknown-user\" roles=\"N/A\" index=\"cnm\" type=\"idp\" message=\"-\"]", - "kind": "alert", - "start": "2020-03-02T23:13:03.193Z", - "action": "security_threat", - "end": "2020-03-02T23:13:03.193Z", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2020-03-02T23:13:03.197Z", + "client": { + "bytes": 0, + "ip": "10.11.11.1", "nat": { - "port": 9757 + "port": 13312 }, - "port": 123, - "bytes": 0, "packets": 0, - "ip": "67.43.156.13" - }, - "log": { - "level": "notification" + "port": 12345 }, "destination": { + "bytes": 0, + "ip": "67.43.156.13", "nat": { - "port": 9757, - "ip": "67.43.156.15" + "ip": "67.43.156.15", + "port": 9757 }, - "port": 123, - "bytes": 0, "packets": 0, - "ip": "67.43.156.13" + "port": 123 }, - "rule": { - "name": "IPS", - "id": "3" + "ecs": { + "version": "8.2.0" }, - "source": { - "nat": { - "port": 13312, - "ip": "0.0.0.0" - }, - "port": 12345, - "user": { - "name": "unknown-user" - }, - "bytes": 0, - "packets": 0, - "ip": "10.11.11.1" + "event": { + "action": "security_threat", + "category": [ + "network", + "intrusion_detection" + ], + "duration": 0, + "end": "2020-03-02T23:13:03.197Z", + "kind": "alert", + "original": "\u003c165\u003e1 2020-03-02T23:13:03.197Z idp1 RT_IDP - IDP_ATTACK_LOG_EVENT [junos@67.43.156.15 epoch-time=\"1583190783\" message-type=\"SIG\" source-address=\"10.11.11.1\" source-port=\"12345\" destination-address=\"67.43.156.13\" destination-port=\"123\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"3\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"20175\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"CRITICAL\" attack-name=\"TCP:C2S:AMBIG:C2S-SYN-DATA\" nat-source-address=\"0.0.0.0\" nat-source-port=\"13312\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"9757\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"UNTRUST\" source-interface-name=\"reth1.24\" destination-zone-name=\"DMZ\" destination-interface-name=\"reth2.21\" packet-log-id=\"0\" alert=\"no\" username=\"unknown-user\" roles=\"N/A\" index=\"cnm\" type=\"idp\" message=\"-\"]", + "outcome": "success", + "severity": 165, + "start": "2020-03-02T23:13:03.197Z", + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { - "process": "RT_IDP", - "threat_severity": "CRITICAL", - "service_name": "SERVICE_IDP", - "policy_name": "Recommended", + "action": "DROP", + "alert": "no", + "application_name": "HTTP", + "attack_name": "TCP:C2S:AMBIG:C2S-SYN-DATA", + "epoch_time": "1583190783", + "export_id": "20175", "index": "cnm", "message_type": "SIG", - "repeat_count": "0", - "export_id": "20175", - "type": "idp", - "attack_name": "TCP:C2S:AMBIG:C2S-SYN-DATA", - "application_name": "HTTP", - "alert": "no", "packet_log_id": "0", - "action": "DROP", + "policy_name": "Recommended", + "process": "RT_IDP", + "repeat_count": "0", + "service_name": "SERVICE_IDP", "tag": "IDP_ATTACK_LOG_EVENT", - "epoch_time": "1583190783" + "threat_severity": "CRITICAL", + "type": "idp" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "notification" + }, "network": { "protocol": "TCP" }, "observer": { - "name": "idp1", + "egress": { + "interface": { + "name": "reth2.21" + }, + "zone": "DMZ" + }, "ingress": { "interface": { "name": "reth1.24" }, "zone": "UNTRUST" }, + "name": "idp1", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "interface": { - "name": "reth2.21" - }, - "zone": "DMZ" - } - }, - "@timestamp": "2020-03-02T23:13:03.197Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { - "user": [ - "unknown-user" - ], "ip": [ "10.11.11.1", "67.43.156.13", "0.0.0.0", "67.43.156.15" + ], + "user": [ + "unknown-user" ] }, - "client": { + "rule": { + "id": "3", + "name": "IPS" + }, + "server": { + "bytes": 0, + "ip": "67.43.156.13", "nat": { - "port": 13312 + "port": 9757 }, - "port": 12345, + "packets": 0, + "port": 123 + }, + "source": { "bytes": 0, + "ip": "10.11.11.1", + "nat": { + "ip": "0.0.0.0", + "port": 13312 + }, "packets": 0, - "ip": "10.11.11.1" + "port": 12345, + "user": { + "name": "unknown-user" + } }, - "event": { - "duration": 0, - "severity": 165, - "original": "\u003c165\u003e1 2020-03-02T23:13:03.197Z idp1 RT_IDP - IDP_ATTACK_LOG_EVENT [junos@67.43.156.15 epoch-time=\"1583190783\" message-type=\"SIG\" source-address=\"10.11.11.1\" source-port=\"12345\" destination-address=\"67.43.156.13\" destination-port=\"123\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"3\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"20175\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"CRITICAL\" attack-name=\"TCP:C2S:AMBIG:C2S-SYN-DATA\" nat-source-address=\"0.0.0.0\" nat-source-port=\"13312\" nat-destination-address=\"67.43.156.15\" nat-destination-port=\"9757\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"UNTRUST\" source-interface-name=\"reth1.24\" destination-zone-name=\"DMZ\" destination-interface-name=\"reth2.21\" packet-log-id=\"0\" alert=\"no\" username=\"unknown-user\" roles=\"N/A\" index=\"cnm\" type=\"idp\" message=\"-\"]", - "kind": "alert", - "start": "2020-03-02T23:13:03.197Z", - "action": "security_threat", - "end": "2020-03-02T23:13:03.197Z", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2007-02-15T09:17:15.719Z", + "client": { + "bytes": 0, + "ip": "67.43.156.14", "nat": { "port": 0 }, - "port": 80, - "bytes": 0, "packets": 0, - "ip": "67.43.156.14" - }, - "log": { - "level": "notification" + "port": 45610 }, "destination": { + "bytes": 0, + "ip": "67.43.156.14", "nat": { - "port": 0, - "ip": "172.19.13.11" + "ip": "172.19.13.11", + "port": 0 }, - "port": 80, - "bytes": 0, "packets": 0, - "ip": "67.43.156.14" + "port": 80 }, - "rule": { - "name": "IPS", - "id": "9" + "ecs": { + "version": "8.2.0" }, - "source": { - "nat": { - "port": 0, - "ip": "0.0.0.0" - }, - "port": 45610, - "bytes": 0, - "packets": 0, - "ip": "67.43.156.14" + "event": { + "action": "security_threat", + "category": [ + "network", + "intrusion_detection" + ], + "duration": 0, + "end": "2007-02-15T09:17:15.719Z", + "kind": "alert", + "original": "\u003c165\u003e1 2007-02-15T09:17:15.719Z idp1 RT_IDP - IDP_ATTACK_LOG_EVENT [junos@67.43.156.15 epoch-time=\"1507845354\" message-type=\"SIG\" source-address=\"67.43.156.14\" source-port=\"45610\" destination-address=\"67.43.156.14\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"172.19.13.11\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0.11\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1.1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]", + "outcome": "success", + "severity": 165, + "start": "2007-02-15T09:17:15.719Z", + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { - "process": "RT_IDP", - "threat_severity": "HIGH", - "service_name": "SERVICE_IDP", - "policy_name": "Recommended", - "message_type": "SIG", - "repeat_count": "0", - "export_id": "15229", - "attack_name": "TROJAN:ZMEU-BOT-SCAN", - "application_name": "HTTP", + "action": "DROP", "alert": "no", + "application_name": "HTTP", + "attack_name": "TROJAN:ZMEU-BOT-SCAN", + "epoch_time": "1507845354", + "export_id": "15229", + "message_type": "SIG", "packet_log_id": "0", - "action": "DROP", + "policy_name": "Recommended", + "process": "RT_IDP", + "repeat_count": "0", + "service_name": "SERVICE_IDP", "tag": "IDP_ATTACK_LOG_EVENT", - "epoch_time": "1507845354" + "threat_severity": "HIGH" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "notification" + }, "network": { "protocol": "TCP" }, "observer": { - "name": "idp1", + "egress": { + "interface": { + "name": "reth1.1" + }, + "zone": "dst-sec-zone1-outside" + }, "ingress": { "interface": { "name": "reth0.11" }, "zone": "sec-zone-name-internet" }, + "name": "idp1", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "interface": { - "name": "reth1.1" - }, - "zone": "dst-sec-zone1-outside" - } - }, - "@timestamp": "2007-02-15T09:17:15.719Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -346,117 +348,117 @@ "172.19.13.11" ] }, - "client": { + "rule": { + "id": "9", + "name": "IPS" + }, + "server": { + "bytes": 0, + "ip": "67.43.156.14", "nat": { "port": 0 }, - "port": 45610, + "packets": 0, + "port": 80 + }, + "source": { "bytes": 0, + "ip": "67.43.156.14", + "nat": { + "ip": "0.0.0.0", + "port": 0 + }, "packets": 0, - "ip": "67.43.156.14" + "port": 45610 }, - "event": { - "duration": 0, - "severity": 165, - "original": "\u003c165\u003e1 2007-02-15T09:17:15.719Z idp1 RT_IDP - IDP_ATTACK_LOG_EVENT [junos@67.43.156.15 epoch-time=\"1507845354\" message-type=\"SIG\" source-address=\"67.43.156.14\" source-port=\"45610\" destination-address=\"67.43.156.14\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"172.19.13.11\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0.11\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1.1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]", - "kind": "alert", - "start": "2007-02-15T09:17:15.719Z", - "action": "security_threat", - "end": "2007-02-15T09:17:15.719Z", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2017-10-12T21:55:55.792Z", + "client": { + "bytes": 0, + "ip": "67.43.156.14", "nat": { "port": 0 }, - "port": 80, - "bytes": 0, "packets": 0, - "ip": "67.43.156.14" - }, - "log": { - "level": "notification" + "port": 45610 }, "destination": { + "bytes": 0, + "ip": "67.43.156.14", "nat": { - "port": 0, - "ip": "172.16.1.10" + "ip": "172.16.1.10", + "port": 0 }, - "port": 80, - "bytes": 0, "packets": 0, - "ip": "67.43.156.14" + "port": 80 }, - "rule": { - "name": "IPS", - "id": "9" + "ecs": { + "version": "8.2.0" }, - "source": { - "nat": { - "port": 0, - "ip": "0.0.0.0" - }, - "port": 45610, - "bytes": 0, - "packets": 0, - "ip": "67.43.156.14" + "event": { + "action": "security_threat", + "category": [ + "network", + "intrusion_detection" + ], + "duration": 0, + "end": "2017-10-12T21:55:55.792Z", + "kind": "alert", + "original": "\u003c165\u003e1 2017-10-13T08:55:55.792+11:00 idp1 RT_IDP - IDP_ATTACK_LOG_EVENT [junos@67.43.156.15 epoch-time=\"1507845354\" message-type=\"SIG\" source-address=\"67.43.156.14\" source-port=\"45610\" destination-address=\"67.43.156.14\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"172.16.1.10\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0.11\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1.1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]", + "outcome": "success", + "severity": 165, + "start": "2017-10-12T21:55:55.792Z", + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { - "process": "RT_IDP", - "threat_severity": "HIGH", - "service_name": "SERVICE_IDP", - "policy_name": "Recommended", - "message_type": "SIG", - "repeat_count": "0", - "export_id": "15229", - "attack_name": "TROJAN:ZMEU-BOT-SCAN", - "application_name": "HTTP", + "action": "DROP", "alert": "no", + "application_name": "HTTP", + "attack_name": "TROJAN:ZMEU-BOT-SCAN", + "epoch_time": "1507845354", + "export_id": "15229", + "message_type": "SIG", "packet_log_id": "0", - "action": "DROP", + "policy_name": "Recommended", + "process": "RT_IDP", + "repeat_count": "0", + "service_name": "SERVICE_IDP", "tag": "IDP_ATTACK_LOG_EVENT", - "epoch_time": "1507845354" + "threat_severity": "HIGH" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "notification" + }, "network": { "protocol": "TCP" }, "observer": { - "name": "idp1", + "egress": { + "interface": { + "name": "reth1.1" + }, + "zone": "dst-sec-zone1-outside" + }, "ingress": { "interface": { "name": "reth0.11" }, "zone": "sec-zone-name-internet" }, + "name": "idp1", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "interface": { - "name": "reth1.1" - }, - "zone": "dst-sec-zone1-outside" - } - }, - "@timestamp": "2017-10-12T21:55:55.792Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -465,174 +467,178 @@ "172.16.1.10" ] }, - "client": { + "rule": { + "id": "9", + "name": "IPS" + }, + "server": { + "bytes": 0, + "ip": "67.43.156.14", "nat": { "port": 0 }, - "port": 45610, + "packets": 0, + "port": 80 + }, + "source": { "bytes": 0, + "ip": "67.43.156.14", + "nat": { + "ip": "0.0.0.0", + "port": 0 + }, "packets": 0, - "ip": "67.43.156.14" + "port": 45610 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2011-10-23T02:06:26.544Z", + "destination": { + "ip": "172.27.14.203", + "port": 80 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "duration": 0, - "severity": 165, - "original": "\u003c165\u003e1 2017-10-13T08:55:55.792+11:00 idp1 RT_IDP - IDP_ATTACK_LOG_EVENT [junos@67.43.156.15 epoch-time=\"1507845354\" message-type=\"SIG\" source-address=\"67.43.156.14\" source-port=\"45610\" destination-address=\"67.43.156.14\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"172.16.1.10\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0.11\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1.1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]", - "kind": "alert", - "start": "2017-10-12T21:55:55.792Z", - "action": "security_threat", - "end": "2017-10-12T21:55:55.792Z", + "action": "application_ddos", "category": [ "network", "intrusion_detection" ], + "kind": "alert", + "original": "\u003c165\u003e1 2011-10-23T02:06:26.544 SRX34001 RT_IDP - IDP_APPDDOS_APP_STATE_EVENT [junos@67.43.156.15 epoch-time=\"1319367986\" ddos-application-name=\"Webserver\" destination-zone-name=\"untrust\" destination-interface-name=\"reth0.0\" destination-address=\"172.27.14.203\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"HTTP\" rule-name=\"1\" rulebase-name=\"DDOS\" policy-name=\"A DoS-Webserver\" repeat-count=\"0\" message=\"Connection rate exceeded limit 60\" context-value=\"N/A\"]", + "outcome": "success", + "severity": 165, "type": [ "info", "denied", "connection" - ], - "outcome": "success" - } - }, - { - "server": { - "port": 80, - "ip": "172.27.14.203" - }, - "log": { - "level": "notification" - }, - "destination": { - "port": 80, - "ip": "172.27.14.203" - }, - "rule": { - "name": "DDOS", - "id": "1" + ] }, "juniper": { "srx": { - "process": "RT_IDP", - "service_name": "HTTP", "ddos_application_name": "Webserver", + "epoch_time": "1319367986", "policy_name": "A DoS-Webserver", + "process": "RT_IDP", "repeat_count": "0", - "tag": "IDP_APPDDOS_APP_STATE_EVENT", - "epoch_time": "1319367986" + "service_name": "HTTP", + "tag": "IDP_APPDDOS_APP_STATE_EVENT" } }, + "log": { + "level": "notification" + }, "message": "Connection rate exceeded limit 60", - "tags": [ - "preserve_original_event" - ], "network": { "protocol": "TCP" }, "observer": { - "name": "SRX34001", - "product": "SRX", - "type": "firewall", - "vendor": "Juniper", "egress": { "interface": { "name": "reth0.0" }, "zone": "untrust" - } - }, - "@timestamp": "2011-10-23T02:06:26.544Z", - "ecs": { - "version": "8.0.0" + }, + "name": "SRX34001", + "product": "SRX", + "type": "firewall", + "vendor": "Juniper" }, "related": { "ip": [ "172.27.14.203" ] }, + "rule": { + "id": "1", + "name": "DDOS" + }, + "server": { + "ip": "172.27.14.203", + "port": 80 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2011-10-23T16:28:31.696Z", + "client": { + "ip": "192.168.14.214", + "port": 50825 + }, + "destination": { + "ip": "172.27.14.203", + "port": 80 + }, + "ecs": { + "version": "8.2.0" + }, "event": { - "severity": 165, - "original": "\u003c165\u003e1 2011-10-23T02:06:26.544 SRX34001 RT_IDP - IDP_APPDDOS_APP_STATE_EVENT [junos@67.43.156.15 epoch-time=\"1319367986\" ddos-application-name=\"Webserver\" destination-zone-name=\"untrust\" destination-interface-name=\"reth0.0\" destination-address=\"172.27.14.203\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"HTTP\" rule-name=\"1\" rulebase-name=\"DDOS\" policy-name=\"A DoS-Webserver\" repeat-count=\"0\" message=\"Connection rate exceeded limit 60\" context-value=\"N/A\"]", - "kind": "alert", "action": "application_ddos", "category": [ "network", "intrusion_detection" ], + "kind": "alert", + "original": "\u003c165\u003e1 2011-10-23T16:28:31.696 SRX34001 RT_IDP - IDP_APPDDOS_APP_ATTACK_EVENT [junos@67.43.156.15 epoch-time=\"1319419711\" ddos-application-name=\"Webserver\" source-zone-name=\"trust\" source-interface-name=\"reth1.O\" source-address=\"192.168.14.214\" source-port=\"50825\" destination-zone-name=\"untrust\" destination-interface-name=\"reth0.0\" destination-address=\"172.27.14.203\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"HTTP\" rule-name=\"1\" ruleebase-name=\"DDOS\" policy-name=\"AppDoS-Webserver\" repeat-count=\"0\" action=\"NONE\" threat-severity=\"INFO\" connection-hit-rate=\"30\" context-name=\"http-get-url\" context-hit-rate=\"123\" context-value-hit-rate=\"0\" time-scope=\"PEER\" time-count=\"3\" time-period=\"60\" context-value=\"N/A\"]", + "outcome": "success", + "severity": 165, "type": [ "info", "denied", "connection" - ], - "outcome": "success" - } - }, - { - "server": { - "port": 80, - "ip": "172.27.14.203" - }, - "log": { - "level": "notification" - }, - "destination": { - "port": 80, - "ip": "172.27.14.203" - }, - "rule": { - "id": "1" - }, - "source": { - "port": 50825, - "ip": "192.168.14.214" + ] }, "juniper": { "srx": { - "process": "RT_IDP", + "action": "NONE", "connection_hit_rate": "30", - "threat_severity": "INFO", "context_hit_rate": "123", - "service_name": "HTTP", + "context_name": "http-get-url", + "context_value_hit_rate": "0", "ddos_application_name": "Webserver", + "epoch_time": "1319419711", "policy_name": "AppDoS-Webserver", + "process": "RT_IDP", "repeat_count": "0", - "context_name": "http-get-url", - "time_count": "3", - "time_scope": "PEER", "ruleebase_name": "DDOS", - "context_value_hit_rate": "0", - "action": "NONE", + "service_name": "HTTP", "tag": "IDP_APPDDOS_APP_ATTACK_EVENT", - "epoch_time": "1319419711", - "time_period": "60" + "threat_severity": "INFO", + "time_count": "3", + "time_period": "60", + "time_scope": "PEER" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "notification" + }, "network": { "protocol": "TCP" }, "observer": { - "name": "SRX34001", + "egress": { + "interface": { + "name": "reth0.0" + }, + "zone": "untrust" + }, "ingress": { "interface": { "name": "reth1.O" }, "zone": "trust" }, + "name": "SRX34001", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "interface": { - "name": "reth0.0" - }, - "zone": "untrust" - } - }, - "@timestamp": "2011-10-23T16:28:31.696Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -640,94 +646,94 @@ "172.27.14.203" ] }, + "rule": { + "id": "1" + }, + "server": { + "ip": "172.27.14.203", + "port": 80 + }, + "source": { + "ip": "192.168.14.214", + "port": 50825 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2012-10-23T17:28:31.696Z", "client": { - "port": 50825, - "ip": "192.168.14.214" + "ip": "192.168.14.214", + "port": 50825 + }, + "destination": { + "ip": "172.30.20.201", + "port": 80 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "severity": 165, - "original": "\u003c165\u003e1 2011-10-23T16:28:31.696 SRX34001 RT_IDP - IDP_APPDDOS_APP_ATTACK_EVENT [junos@67.43.156.15 epoch-time=\"1319419711\" ddos-application-name=\"Webserver\" source-zone-name=\"trust\" source-interface-name=\"reth1.O\" source-address=\"192.168.14.214\" source-port=\"50825\" destination-zone-name=\"untrust\" destination-interface-name=\"reth0.0\" destination-address=\"172.27.14.203\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"HTTP\" rule-name=\"1\" ruleebase-name=\"DDOS\" policy-name=\"AppDoS-Webserver\" repeat-count=\"0\" action=\"NONE\" threat-severity=\"INFO\" connection-hit-rate=\"30\" context-name=\"http-get-url\" context-hit-rate=\"123\" context-value-hit-rate=\"0\" time-scope=\"PEER\" time-count=\"3\" time-period=\"60\" context-value=\"N/A\"]", - "kind": "alert", "action": "application_ddos", "category": [ "network", "intrusion_detection" ], + "kind": "alert", + "original": "\u003c165\u003e1 2012-10-23T17:28:31.696 SRX34001 RT_IDP - IDP_APPDDOS_APP_ATTACK_EVENT_LS [junos@67.43.156.15 epoch-time=\"1419419711\" ddos-application-name=\"Webserver\" source-zone-name=\"trust\" source-interface-name=\"reth3.0\" source-address=\"192.168.14.214\" source-port=\"50825\" destination-zone-name=\"untrust\" destination-interface-name=\"reth0.1\" destination-address=\"172.30.20.201\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"HTTP\" rule-name=\"1\" ruleebase-name=\"DDOS02\" policy-name=\"AppDoS-Webserver\" repeat-count=\"0\" action=\"NONE\" threat-severity=\"INFO\" connection-hit-rate=\"30\" context-name=\"http-get-url\" context-hit-rate=\"123\" context-value-hit-rate=\"0\" time-scope=\"PEER\" time-count=\"3\" time-period=\"60\" context-value=\"N/A\"]", + "outcome": "success", + "severity": 165, "type": [ "info", "denied", "connection" - ], - "outcome": "success" - } - }, - { - "server": { - "port": 80, - "ip": "172.30.20.201" - }, - "log": { - "level": "notification" - }, - "destination": { - "port": 80, - "ip": "172.30.20.201" - }, - "rule": { - "id": "1" - }, - "source": { - "port": 50825, - "ip": "192.168.14.214" + ] }, "juniper": { "srx": { - "process": "RT_IDP", + "action": "NONE", "connection_hit_rate": "30", - "threat_severity": "INFO", "context_hit_rate": "123", - "service_name": "HTTP", + "context_name": "http-get-url", + "context_value_hit_rate": "0", "ddos_application_name": "Webserver", + "epoch_time": "1419419711", "policy_name": "AppDoS-Webserver", + "process": "RT_IDP", "repeat_count": "0", - "context_name": "http-get-url", - "time_count": "3", - "time_scope": "PEER", "ruleebase_name": "DDOS02", - "context_value_hit_rate": "0", - "action": "NONE", + "service_name": "HTTP", "tag": "IDP_APPDDOS_APP_ATTACK_EVENT_LS", - "epoch_time": "1419419711", - "time_period": "60" + "threat_severity": "INFO", + "time_count": "3", + "time_period": "60", + "time_scope": "PEER" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "notification" + }, "network": { "protocol": "TCP" }, "observer": { - "name": "SRX34001", + "egress": { + "interface": { + "name": "reth0.1" + }, + "zone": "untrust" + }, "ingress": { "interface": { "name": "reth3.0" }, "zone": "trust" }, + "name": "SRX34001", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "interface": { - "name": "reth0.1" - }, - "zone": "untrust" - } - }, - "@timestamp": "2012-10-23T17:28:31.696Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -735,26 +741,20 @@ "172.30.20.201" ] }, - "client": { - "port": 50825, - "ip": "192.168.14.214" + "rule": { + "id": "1" }, - "event": { - "severity": 165, - "original": "\u003c165\u003e1 2012-10-23T17:28:31.696 SRX34001 RT_IDP - IDP_APPDDOS_APP_ATTACK_EVENT_LS [junos@67.43.156.15 epoch-time=\"1419419711\" ddos-application-name=\"Webserver\" source-zone-name=\"trust\" source-interface-name=\"reth3.0\" source-address=\"192.168.14.214\" source-port=\"50825\" destination-zone-name=\"untrust\" destination-interface-name=\"reth0.1\" destination-address=\"172.30.20.201\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"HTTP\" rule-name=\"1\" ruleebase-name=\"DDOS02\" policy-name=\"AppDoS-Webserver\" repeat-count=\"0\" action=\"NONE\" threat-severity=\"INFO\" connection-hit-rate=\"30\" context-name=\"http-get-url\" context-hit-rate=\"123\" context-value-hit-rate=\"0\" time-scope=\"PEER\" time-count=\"3\" time-period=\"60\" context-value=\"N/A\"]", - "kind": "alert", - "action": "application_ddos", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } + "server": { + "ip": "172.30.20.201", + "port": 80 + }, + "source": { + "ip": "192.168.14.214", + "port": 50825 + }, + "tags": [ + "preserve_original_event" + ] } ] } \ No newline at end of file diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json index c0400853063..f9da37f354d 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json @@ -1,44 +1,45 @@ { "expected": [ { - "server": { - "port": 1433, - "ip": "67.43.156.14" - }, - "log": { - "level": "error" + "@timestamp": "2018-07-19T23:17:02.309Z", + "client": { + "ip": "67.43.156.13", + "port": 6000 }, "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, "as": { "number": 35908 }, - "port": 1433, - "ip": "67.43.156.14" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 6000, - "ip": "67.43.156.13" + "ip": "67.43.156.14", + "port": 1433 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "sweep_detected", + "category": [ + "network", + "intrusion_detection" + ], + "kind": "alert", + "original": "\u003c11\u003e1 2018-07-19T18:17:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_TCP [junos@67.43.156.15 attack-name=\"TCP sweep!\" source-address=\"67.43.156.13\" source-port=\"6000\" destination-address=\"67.43.156.14\" destination-port=\"1433\" source-zone-name=\"untrust\" interface-name=\"fe-0/0/2.0\" action=\"drop\"]", + "outcome": "success", + "severity": 11, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { @@ -48,85 +49,88 @@ "tag": "RT_SCREEN_TCP" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "error" + }, "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "fe-0/0/2.0" }, "zone": "untrust" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2018-07-19T23:17:02.309Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "67.43.156.13", "67.43.156.14" ] }, - "client": { - "port": 6000, - "ip": "67.43.156.13" - }, - "event": { - "severity": 11, - "original": "\u003c11\u003e1 2018-07-19T18:17:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_TCP [junos@67.43.156.15 attack-name=\"TCP sweep!\" source-address=\"67.43.156.13\" source-port=\"6000\" destination-address=\"67.43.156.14\" destination-port=\"1433\" source-zone-name=\"untrust\" interface-name=\"fe-0/0/2.0\" action=\"drop\"]", - "kind": "alert", - "action": "sweep_detected", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } - }, - { "server": { - "port": 139, - "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + "ip": "67.43.156.14", + "port": 1433 }, - "log": { - "level": "error" - }, - "destination": { + "source": { + "as": { + "number": 35908 + }, "geo": { - "continent_name": "Europe", - "country_name": "Norway", + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", "location": { - "lon": 10.0, - "lat": 62.0 - }, - "country_iso_code": "NO" + "lat": 27.5, + "lon": 90.5 + } }, - "port": 139, - "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + "ip": "67.43.156.13", + "port": 6000 }, - "source": { + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-07-19T23:18:02.309Z", + "client": { + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "port": 3240 + }, + "destination": { "geo": { "continent_name": "Europe", + "country_iso_code": "NO", "country_name": "Norway", "location": { - "lon": 10.0, - "lat": 62.0 - }, - "country_iso_code": "NO" + "lat": 62.0, + "lon": 10.0 + } }, - "port": 3240, - "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "port": 139 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "attack_detected", + "category": [ + "network", + "intrusion_detection" + ], + "kind": "alert", + "original": "\u003c11\u003e1 2018-07-19T18:18:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_TCP [junos@67.43.156.15 attack-name=\"WinNuke attack!\" source-address=\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\" source-port=\"3240\" destination-address=\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\" destination-port=\"139\" source-zone-name=\"untrust\" interface-name=\"fe-0/0/2.0\" action=\"drop\"]", + "outcome": "success", + "severity": 11, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { @@ -136,90 +140,87 @@ "tag": "RT_SCREEN_TCP" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "error" + }, "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "fe-0/0/2.0" }, "zone": "untrust" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2018-07-19T23:18:02.309Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" ] }, - "client": { - "port": 3240, - "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" - }, - "event": { - "severity": 11, - "original": "\u003c11\u003e1 2018-07-19T18:18:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_TCP [junos@67.43.156.15 attack-name=\"WinNuke attack!\" source-address=\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\" source-port=\"3240\" destination-address=\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\" destination-port=\"139\" source-zone-name=\"untrust\" interface-name=\"fe-0/0/2.0\" action=\"drop\"]", - "kind": "alert", - "action": "attack_detected", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } - }, - { "server": { - "port": 50010, - "ip": "67.43.156.12" + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "port": 139 }, - "log": { - "level": "error" - }, - "destination": { + "source": { "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 62.0, + "lon": 10.0 + } }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", + "port": 3240 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-07-19T23:19:02.309Z", + "client": { + "ip": "67.43.156.15", + "port": 40001 + }, + "destination": { "as": { "number": 35908 }, - "port": 50010, - "ip": "67.43.156.12" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 40001, - "ip": "67.43.156.15" + "ip": "67.43.156.12", + "port": 50010 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flood_detected", + "category": [ + "network", + "intrusion_detection" + ], + "kind": "alert", + "original": "\u003c11\u003e1 2018-07-19T18:19:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_TCP [junos@67.43.156.15 attack-name=\"SYN flood!\" source-address=\"67.43.156.15\" source-port=\"40001\" destination-address=\"67.43.156.12\" destination-port=\"50010\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", + "outcome": "success", + "severity": 11, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { @@ -229,91 +230,91 @@ "tag": "RT_SCREEN_TCP" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "error" + }, "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trustZone" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2018-07-19T23:19:02.309Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "67.43.156.15", "67.43.156.12" ] }, - "client": { - "port": 40001, - "ip": "67.43.156.15" - }, - "event": { - "severity": 11, - "original": "\u003c11\u003e1 2018-07-19T18:19:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_TCP [junos@67.43.156.15 attack-name=\"SYN flood!\" source-address=\"67.43.156.15\" source-port=\"40001\" destination-address=\"67.43.156.12\" destination-port=\"50010\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", - "kind": "alert", - "action": "flood_detected", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } - }, - { "server": { - "port": 53, - "ip": "67.43.156.15" + "ip": "67.43.156.12", + "port": 50010 }, - "log": { - "level": "error" - }, - "destination": { + "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.15", + "port": 40001 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-07-19T23:22:02.309Z", + "client": { + "ip": "67.43.156.15", + "port": 40001 + }, + "destination": { "as": { "number": 35908 }, - "port": 53, - "ip": "67.43.156.15" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 40001, - "ip": "67.43.156.15" + "ip": "67.43.156.15", + "port": 53 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "flood_detected", + "category": [ + "network", + "intrusion_detection" + ], + "kind": "alert", + "original": "\u003c11\u003e1 2018-07-19T18:22:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_UDP [junos@67.43.156.15 attack-name=\"UDP flood!\" source-address=\"67.43.156.15\" source-port=\"40001\" destination-address=\"67.43.156.15\" destination-port=\"53\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", + "outcome": "success", + "severity": 11, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { @@ -323,88 +324,89 @@ "tag": "RT_SCREEN_UDP" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "error" + }, "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trustZone" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2018-07-19T23:22:02.309Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "67.43.156.15" ] }, - "client": { - "port": 40001, - "ip": "67.43.156.15" + "server": { + "ip": "67.43.156.15", + "port": 53 }, - "event": { - "severity": 11, - "original": "\u003c11\u003e1 2018-07-19T18:22:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_UDP [junos@67.43.156.15 attack-name=\"UDP flood!\" source-address=\"67.43.156.15\" source-port=\"40001\" destination-address=\"67.43.156.15\" destination-port=\"53\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", - "kind": "alert", - "action": "flood_detected", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } + "source": { + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.15", + "port": 40001 + }, + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2018-07-19T23:25:02.309Z", + "client": { "ip": "67.43.156.15" }, - "log": { - "level": "error" - }, "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, "as": { "number": 35908 }, - "ip": "67.43.156.15" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, "ip": "67.43.156.15" }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "fragment_detected", + "category": [ + "network", + "intrusion_detection" + ], + "kind": "alert", + "original": "\u003c11\u003e1 2018-07-19T18:25:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_ICMP [junos@67.43.156.15 attack-name=\"ICMP fragment!\" source-address=\"67.43.156.15\" destination-address=\"67.43.156.15\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", + "outcome": "success", + "severity": 11, + "type": [ + "info", + "denied", + "connection" + ] + }, "juniper": { "srx": { "action": "drop", @@ -413,87 +415,86 @@ "tag": "RT_SCREEN_ICMP" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "error" + }, "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trustZone" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2018-07-19T23:25:02.309Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "67.43.156.15" ] }, - "client": { - "ip": "67.43.156.15" - }, - "event": { - "severity": 11, - "original": "\u003c11\u003e1 2018-07-19T18:25:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_ICMP [junos@67.43.156.15 attack-name=\"ICMP fragment!\" source-address=\"67.43.156.15\" destination-address=\"67.43.156.15\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", - "kind": "alert", - "action": "fragment_detected", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } - }, - { "server": { "ip": "67.43.156.15" }, - "log": { - "level": "error" - }, - "destination": { + "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.15" + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-07-19T23:26:02.309Z", + "client": { + "ip": "67.43.156.15" + }, + "destination": { "as": { "number": 35908 }, - "ip": "67.43.156.15" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, "ip": "67.43.156.15" }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": [ + "network", + "intrusion_detection" + ], + "kind": "alert", + "original": "\u003c11\u003e1 2018-07-19T18:26:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_IP [junos@67.43.156.15 attack-name=\"Record Route IP option!\" source-address=\"67.43.156.15\" destination-address=\"67.43.156.15\" protocol-id=\"1\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", + "outcome": "success", + "severity": 11, + "type": [ + "info", + "denied", + "connection" + ] + }, "juniper": { "srx": { "action": "drop", @@ -502,83 +503,87 @@ "tag": "RT_SCREEN_IP" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "error" + }, "network": { "iana_number": "1", "transport": "icmp" }, "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trustZone" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2018-07-19T23:26:02.309Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "67.43.156.15" ] }, - "client": { + "server": { "ip": "67.43.156.15" }, - "event": { - "severity": 11, - "original": "\u003c11\u003e1 2018-07-19T18:26:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_IP [junos@67.43.156.15 attack-name=\"Record Route IP option!\" source-address=\"67.43.156.15\" destination-address=\"67.43.156.15\" protocol-id=\"1\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "kind": "alert", - "outcome": "success" - } + "source": { + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.15" + }, + "tags": [ + "preserve_original_event" + ] }, { - "server": { + "@timestamp": "2018-07-19T23:27:02.309Z", + "client": { "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, - "log": { - "level": "error" - }, "destination": { "geo": { "continent_name": "Europe", + "country_iso_code": "NO", "country_name": "Norway", "location": { - "lon": 10.0, - "lat": 62.0 - }, - "country_iso_code": "NO" + "lat": 62.0, + "lon": 10.0 + } }, "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, - "source": { - "geo": { - "continent_name": "Europe", - "country_name": "Norway", - "location": { - "lon": 10.0, - "lat": 62.0 - }, - "country_iso_code": "NO" - }, - "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "tunneling_screen", + "category": [ + "network", + "intrusion_detection" + ], + "kind": "alert", + "original": "\u003c11\u003e1 2018-07-19T18:27:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_IP [junos@67.43.156.15 attack-name=\"Tunnel GRE 6in6!\" source-address=\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\" destination-address=\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\" protocol-id=\"1\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", + "outcome": "success", + "severity": 11, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { @@ -588,90 +593,87 @@ "tag": "RT_SCREEN_IP" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "error" + }, "network": { "iana_number": "1", "transport": "icmp" }, "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trustZone" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2018-07-19T23:27:02.309Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" ] }, - "client": { + "server": { "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, - "event": { - "severity": 11, - "original": "\u003c11\u003e1 2018-07-19T18:27:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_IP [junos@67.43.156.15 attack-name=\"Tunnel GRE 6in6!\" source-address=\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\" destination-address=\"2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6\" protocol-id=\"1\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", - "kind": "alert", - "action": "tunneling_screen", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } + "source": { + "geo": { + "continent_name": "Europe", + "country_iso_code": "NO", + "country_name": "Norway", + "location": { + "lat": 62.0, + "lon": 10.0 + } + }, + "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" + }, + "tags": [ + "preserve_original_event" + ] }, { - "server": { - "ip": "67.43.156.15" - }, - "log": { - "level": "error" + "@timestamp": "2018-07-19T23:28:02.309Z", + "client": { + "ip": "67.43.156.13" }, "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, "as": { "number": 35908 }, - "ip": "67.43.156.15" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "ip": "67.43.156.13" + "ip": "67.43.156.15" + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "tunneling_screen", + "category": [ + "network", + "intrusion_detection" + ], + "kind": "alert", + "original": "\u003c11\u003e1 2018-07-19T18:28:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_IP [junos@67.43.156.15 attack-name=\"Tunnel GRE 4in4!\" source-address=\"67.43.156.13\" destination-address=\"67.43.156.15\" protocol-id=\"1\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", + "outcome": "success", + "severity": 11, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { @@ -681,212 +683,223 @@ "tag": "RT_SCREEN_IP" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "error" + }, "network": { "iana_number": "1", "transport": "icmp" }, "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trustZone" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2018-07-19T23:28:02.309Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "67.43.156.13", "67.43.156.15" ] }, - "client": { + "server": { + "ip": "67.43.156.15" + }, + "source": { + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, "ip": "67.43.156.13" }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-07-20T00:19:02.309Z", + "destination": { + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.12" + }, + "ecs": { + "version": "8.2.0" + }, "event": { - "severity": 11, - "original": "\u003c11\u003e1 2018-07-19T18:28:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_IP [junos@67.43.156.15 attack-name=\"Tunnel GRE 4in4!\" source-address=\"67.43.156.13\" destination-address=\"67.43.156.15\" protocol-id=\"1\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", - "kind": "alert", - "action": "tunneling_screen", + "action": "flood_detected", "category": [ "network", "intrusion_detection" ], + "kind": "alert", + "original": "\u003c11\u003e1 2018-07-19T19:19:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_TCP_DST_IP [junos@67.43.156.15 attack-name=\"SYN flood!\" destination-address=\"67.43.156.12\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"alarm-without-drop\"]", + "outcome": "success", + "severity": 11, "type": [ "info", "denied", "connection" - ], - "outcome": "success" - } - }, - { - "server": { - "ip": "67.43.156.12" + ] + }, + "juniper": { + "srx": { + "action": "alarm-without-drop", + "attack_name": "SYN flood!", + "process": "RT_IDS", + "tag": "RT_SCREEN_TCP_DST_IP" + } + }, + "log": { + "level": "error" }, "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trustZone" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2018-07-20T00:19:02.309Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "67.43.156.12" ] }, - "log": { - "level": "error" - }, - "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, + "server": { "ip": "67.43.156.12" }, - "juniper": { - "srx": { - "action": "alarm-without-drop", - "attack_name": "SYN flood!", - "process": "RT_IDS", - "tag": "RT_SCREEN_TCP_DST_IP" - } + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2018-07-20T00:19:02.309Z", + "client": { + "ip": "67.43.156.15" + }, + "ecs": { + "version": "8.2.0" }, "event": { - "severity": 11, - "original": "\u003c11\u003e1 2018-07-19T19:19:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_TCP_DST_IP [junos@67.43.156.15 attack-name=\"SYN flood!\" destination-address=\"67.43.156.12\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"alarm-without-drop\"]", - "kind": "alert", "action": "flood_detected", "category": [ "network", "intrusion_detection" ], + "kind": "alert", + "original": "\u003c11\u003e1 2018-07-19T19:19:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_TCP_SRC_IP [junos@67.43.156.15 attack-name=\"SYN flood!\" source-address=\"67.43.156.15\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"alarm-without-drop\"]", + "outcome": "success", + "severity": 11, "type": [ "info", "denied", "connection" - ], - "outcome": "success" + ] + }, + "juniper": { + "srx": { + "action": "alarm-without-drop", + "attack_name": "SYN flood!", + "process": "RT_IDS", + "tag": "RT_SCREEN_TCP_SRC_IP" + } + }, + "log": { + "level": "error" }, - "tags": [ - "preserve_original_event" - ] - }, - { "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trustZone" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2018-07-20T00:19:02.309Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "67.43.156.15" ] }, - "log": { - "level": "error" - }, - "client": { - "ip": "67.43.156.15" - }, "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, "ip": "67.43.156.15" }, - "juniper": { - "srx": { - "action": "alarm-without-drop", - "attack_name": "SYN flood!", - "process": "RT_IDS", - "tag": "RT_SCREEN_TCP_SRC_IP" - } + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2020-07-17T07:54:43.912Z", + "client": { + "ip": "10.1.1.100", + "port": 50630 + }, + "destination": { + "ip": "10.1.1.1", + "port": 10778 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "severity": 11, - "original": "\u003c11\u003e1 2018-07-19T19:19:02.309-05:00 rtr199 RT_IDS - RT_SCREEN_TCP_SRC_IP [junos@67.43.156.15 attack-name=\"SYN flood!\" source-address=\"67.43.156.15\" source-zone-name=\"trustZone\" interface-name=\"ge-0/0/1.0\" action=\"alarm-without-drop\"]", - "kind": "alert", - "action": "flood_detected", + "action": "scan_detected", "category": [ "network", "intrusion_detection" ], + "kind": "alert", + "original": "\u003c11\u003e1 2020-07-17T09:54:43.912+02:00 rtr199 RT_IDS - RT_SCREEN_TCP [junos@67.43.156.15 attack-name=\"TCP port scan!\" source-address=\"10.1.1.100\" source-port=\"50630\" destination-address=\"10.1.1.1\" destination-port=\"10778\" source-zone-name=\"trust\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", + "outcome": "success", + "severity": 11, "type": [ "info", "denied", "connection" - ], - "outcome": "success" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "server": { - "port": 10778, - "ip": "10.1.1.1" - }, - "log": { - "level": "error" - }, - "destination": { - "port": 10778, - "ip": "10.1.1.1" - }, - "source": { - "port": 50630, - "ip": "10.1.1.100" + ] }, "juniper": { "srx": { @@ -896,67 +909,67 @@ "tag": "RT_SCREEN_TCP" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "error" + }, "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trust" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2020-07-17T07:54:43.912Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "10.1.1.100", "10.1.1.1" ] }, + "server": { + "ip": "10.1.1.1", + "port": 10778 + }, + "source": { + "ip": "10.1.1.100", + "port": 50630 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2020-07-17T08:01:43.006Z", "client": { - "port": 50630, - "ip": "10.1.1.100" + "ip": "10.1.1.100", + "port": 42799 + }, + "destination": { + "ip": "10.1.1.1", + "port": 7 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "severity": 11, - "original": "\u003c11\u003e1 2020-07-17T09:54:43.912+02:00 rtr199 RT_IDS - RT_SCREEN_TCP [junos@67.43.156.15 attack-name=\"TCP port scan!\" source-address=\"10.1.1.100\" source-port=\"50630\" destination-address=\"10.1.1.1\" destination-port=\"10778\" source-zone-name=\"trust\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", - "kind": "alert", - "action": "scan_detected", + "action": "illegal_tcp_flag_detected", "category": [ "network", "intrusion_detection" ], + "kind": "alert", + "original": "\u003c11\u003e1 2020-07-17T10:01:43.006+02:00 rtr199 RT_IDS - RT_SCREEN_TCP [junos@67.43.156.15 attack-name=\"FIN but no ACK bit!\" source-address=\"10.1.1.100\" source-port=\"42799\" destination-address=\"10.1.1.1\" destination-port=\"7\" source-zone-name=\"trust\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", + "outcome": "success", + "severity": 11, "type": [ "info", "denied", "connection" - ], - "outcome": "success" - } - }, - { - "server": { - "port": 7, - "ip": "10.1.1.1" - }, - "log": { - "level": "error" - }, - "destination": { - "port": 7, - "ip": "10.1.1.1" - }, - "source": { - "port": 42799, - "ip": "10.1.1.100" + ] }, "juniper": { "srx": { @@ -966,51 +979,38 @@ "tag": "RT_SCREEN_TCP" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "error" + }, "observer": { - "name": "rtr199", "ingress": { "interface": { "name": "ge-0/0/1.0" }, "zone": "trust" }, + "name": "rtr199", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2020-07-17T08:01:43.006Z", - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "10.1.1.100", "10.1.1.1" ] }, - "client": { - "port": 42799, - "ip": "10.1.1.100" + "server": { + "ip": "10.1.1.1", + "port": 7 }, - "event": { - "severity": 11, - "original": "\u003c11\u003e1 2020-07-17T10:01:43.006+02:00 rtr199 RT_IDS - RT_SCREEN_TCP [junos@67.43.156.15 attack-name=\"FIN but no ACK bit!\" source-address=\"10.1.1.100\" source-port=\"42799\" destination-address=\"10.1.1.1\" destination-port=\"7\" source-zone-name=\"trust\" interface-name=\"ge-0/0/1.0\" action=\"drop\"]", - "kind": "alert", - "action": "illegal_tcp_flag_detected", - "category": [ - "network", - "intrusion_detection" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } + "source": { + "ip": "10.1.1.100", + "port": 42799 + }, + "tags": [ + "preserve_original_event" + ] } ] } \ No newline at end of file diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json index 5ed66107a9c..c7d6082e540 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json @@ -1,191 +1,185 @@ { "expected": [ { - "server": { - "port": 24039, - "ip": "67.43.156.15" - }, - "log": { - "level": "informational" + "@timestamp": "2016-10-17T15:18:11.618Z", + "client": { + "ip": "67.43.156.15", + "port": 1 }, "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, "as": { "number": 35908 }, - "port": 24039, - "ip": "67.43.156.15" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 1, - "ip": "67.43.156.15" + "ip": "67.43.156.15", + "port": 24039 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "malware_detected", + "category": [ + "network", + "malware" + ], + "kind": "alert", + "original": "\u003c14\u003e1 2016-10-17T15:18:11.618Z SRX-1500 RT_SECINTEL - SECINTEL_ACTION_LOG [junos@67.43.156.15 category=\"secintel\" sub-category=\"Blacklist\" action=\"BLOCK\" action-detail=\"DROP\" http-host=\"N/A\" threat-severity=\"0\" source-address=\"67.43.156.15\" source-port=\"1\" destination-address=\"67.43.156.15\" destination-port=\"24039\" protocol-id=\"1\" application=\"N/A\" nested-application=\"N/A\" feed-name=\"Tor_Exit_Nodes\" policy-name=\"cc_policy\" profile-name=\"Blacklist\" username=\"N/A\" roles=\"N/A\" session-id-32=\"572564\" source-zone-name=\"Outside\" destination-zone-name=\"DMZ\"]", + "outcome": "success", + "severity": 14, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { - "profile_name": "Blacklist", - "process": "RT_SECINTEL", - "threat_severity": "0", - "sub_category": "Blacklist", - "policy_name": "cc_policy", "action": "BLOCK", "action_detail": "DROP", + "category": "secintel", + "feed_name": "Tor_Exit_Nodes", + "policy_name": "cc_policy", + "process": "RT_SECINTEL", + "profile_name": "Blacklist", "session_id_32": "572564", + "sub_category": "Blacklist", "tag": "SECINTEL_ACTION_LOG", - "category": "secintel", - "feed_name": "Tor_Exit_Nodes" + "threat_severity": "0" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "iana_number": "1", "transport": "icmp" }, "observer": { - "name": "SRX-1500", + "egress": { + "zone": "DMZ" + }, "ingress": { "zone": "Outside" }, + "name": "SRX-1500", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "DMZ" - } - }, - "@timestamp": "2016-10-17T15:18:11.618Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ "67.43.156.15" ] }, - "client": { - "port": 1, - "ip": "67.43.156.15" - }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2016-10-17T15:18:11.618Z SRX-1500 RT_SECINTEL - SECINTEL_ACTION_LOG [junos@67.43.156.15 category=\"secintel\" sub-category=\"Blacklist\" action=\"BLOCK\" action-detail=\"DROP\" http-host=\"N/A\" threat-severity=\"0\" source-address=\"67.43.156.15\" source-port=\"1\" destination-address=\"67.43.156.15\" destination-port=\"24039\" protocol-id=\"1\" application=\"N/A\" nested-application=\"N/A\" feed-name=\"Tor_Exit_Nodes\" policy-name=\"cc_policy\" profile-name=\"Blacklist\" username=\"N/A\" roles=\"N/A\" session-id-32=\"572564\" source-zone-name=\"Outside\" destination-zone-name=\"DMZ\"]", - "kind": "alert", - "action": "malware_detected", - "category": [ - "network", - "malware" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } - }, - { "server": { - "port": 80, - "ip": "67.43.156.15" + "ip": "67.43.156.15", + "port": 24039 }, - "log": { - "level": "informational" - }, - "destination": { + "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.15", + "port": 1 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2016-10-17T15:18:11.618Z", + "client": { + "ip": "67.43.156.15", + "port": 36612 + }, + "destination": { "as": { "number": 35908 }, - "port": 80, - "ip": "67.43.156.15" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 36612, - "ip": "67.43.156.15" + "ip": "67.43.156.15", + "port": 80 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "malware_detected", + "category": [ + "network", + "malware" + ], + "kind": "alert", + "original": "\u003c14\u003e1 2016-10-17T15:18:11.618Z SRX-1500 RT_SECINTEL - SECINTEL_ACTION_LOG [junos@67.43.156.15 category=\"secintel\" sub-category=\"CC\" action=\"BLOCK\" action-detail=\"CLOSE REDIRECT MSG\" http-host=\"dummy_host\" threat-severity=\"10\" source-address=\"67.43.156.15\" source-port=\"36612\" destination-address=\"67.43.156.15\" destination-port=\"80\" protocol-id=\"6\" application=\"HTTP\" nested-application=\"N/A\" feed-name=\"cc_url_data\" policy-name=\"test\" profile-name=\"test-profile\" username=\"N/A\" roles=\"N/A\" session-id-32=\"502362\" source-zone-name=\"Inside\" destination-zone-name=\"Outside\" occur-count=\"0\"]", + "outcome": "success", + "severity": 14, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { - "process": "RT_SECINTEL", - "threat_severity": "10", - "sub_category": "CC", + "action": "BLOCK", + "action_detail": "CLOSE REDIRECT MSG", + "application": "HTTP", + "category": "secintel", + "feed_name": "cc_url_data", "occur_count": "0", "policy_name": "test", - "feed_name": "cc_url_data", + "process": "RT_SECINTEL", "profile_name": "test-profile", - "application": "HTTP", - "action": "BLOCK", - "action_detail": "CLOSE REDIRECT MSG", "session_id_32": "502362", + "sub_category": "CC", "tag": "SECINTEL_ACTION_LOG", - "category": "secintel" + "threat_severity": "10" } }, - "url": { - "domain": "dummy_host" + "log": { + "level": "informational" }, - "tags": [ - "preserve_original_event" - ], "network": { "iana_number": "6", "transport": "tcp" }, "observer": { - "name": "SRX-1500", + "egress": { + "zone": "Outside" + }, "ingress": { "zone": "Inside" }, + "name": "SRX-1500", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "Outside" - } - }, - "@timestamp": "2016-10-17T15:18:11.618Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "hosts": [ @@ -195,25 +189,31 @@ "67.43.156.15" ] }, - "client": { - "port": 36612, - "ip": "67.43.156.15" + "server": { + "ip": "67.43.156.15", + "port": 80 }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2016-10-17T15:18:11.618Z SRX-1500 RT_SECINTEL - SECINTEL_ACTION_LOG [junos@67.43.156.15 category=\"secintel\" sub-category=\"CC\" action=\"BLOCK\" action-detail=\"CLOSE REDIRECT MSG\" http-host=\"dummy_host\" threat-severity=\"10\" source-address=\"67.43.156.15\" source-port=\"36612\" destination-address=\"67.43.156.15\" destination-port=\"80\" protocol-id=\"6\" application=\"HTTP\" nested-application=\"N/A\" feed-name=\"cc_url_data\" policy-name=\"test\" profile-name=\"test-profile\" username=\"N/A\" roles=\"N/A\" session-id-32=\"502362\" source-zone-name=\"Inside\" destination-zone-name=\"Outside\" occur-count=\"0\"]", - "kind": "alert", - "action": "malware_detected", - "category": [ - "network", - "malware" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" + "source": { + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.15", + "port": 36612 + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "dummy_host" } } ] diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json index 020b3aebdf0..c06aa2a2642 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json @@ -1,220 +1,224 @@ { "expected": [ { - "server": { - "port": 80, - "ip": "67.43.156.13" - }, - "log": { - "level": "warning" + "@timestamp": "2016-02-18T01:32:50.391Z", + "client": { + "ip": "192.168.1.100", + "port": 58071 }, "destination": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 80, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 80 }, - "source": { - "port": 58071, - "user": { - "name": "user01" - }, - "ip": "192.168.1.100" + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "web_filter", + "category": [ + "network", + "malware" + ], + "kind": "alert", + "original": "\u003c12\u003e1 2016-02-18T01:32:50.391Z utm-srx550-b RT_UTM - WEBFILTER_URL_BLOCKED [junos@67.43.156.15 source-address=\"192.168.1.100\" source-port=\"58071\" destination-address=\"67.43.156.13\" destination-port=\"80\" category=\"cat1\" reason=\"BY_BLACK_LIST\" profile=\"uf1\" url=\"www.baidu.com\" obj=\"/\" username=\"user01\" roles=\"N/A\"]", + "outcome": "success", + "severity": 12, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { - "reason": "BY_BLACK_LIST", - "process": "RT_UTM", - "tag": "WEBFILTER_URL_BLOCKED", "category": "cat1", - "profile": "uf1" + "process": "RT_UTM", + "profile": "uf1", + "reason": "BY_BLACK_LIST", + "tag": "WEBFILTER_URL_BLOCKED" } }, - "url": { - "path": "/", - "domain": "www.baidu.com" + "log": { + "level": "warning" }, - "tags": [ - "preserve_original_event" - ], "observer": { "name": "utm-srx550-b", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2016-02-18T01:32:50.391Z", - "ecs": { - "version": "8.0.0" - }, "related": { - "user": [ - "user01" - ], "hosts": [ "www.baidu.com" ], "ip": [ "192.168.1.100", "67.43.156.13" + ], + "user": [ + "user01" ] }, - "client": { + "server": { + "ip": "67.43.156.13", + "port": 80 + }, + "source": { + "ip": "192.168.1.100", "port": 58071, - "ip": "192.168.1.100" + "user": { + "name": "user01" + } }, - "event": { - "severity": 12, - "original": "\u003c12\u003e1 2016-02-18T01:32:50.391Z utm-srx550-b RT_UTM - WEBFILTER_URL_BLOCKED [junos@67.43.156.15 source-address=\"192.168.1.100\" source-port=\"58071\" destination-address=\"67.43.156.13\" destination-port=\"80\" category=\"cat1\" reason=\"BY_BLACK_LIST\" profile=\"uf1\" url=\"www.baidu.com\" obj=\"/\" username=\"user01\" roles=\"N/A\"]", - "kind": "alert", - "action": "web_filter", - "category": [ - "network", - "malware" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "www.baidu.com", + "path": "/" } }, { - "server": { - "port": 80, - "ip": "67.43.156.13" - }, - "log": { - "level": "warning" + "@timestamp": "2016-02-18T01:32:50.391Z", + "client": { + "ip": "10.10.10.50", + "port": 1402 }, "destination": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 80, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 80 }, - "source": { - "port": 1402, - "user": { - "name": "user02" - }, - "ip": "10.10.10.50" + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c12\u003e1 2016-02-18T01:32:50.391Z utm-srx550-b RT_UTM - WEBFILTER_URL_PERMITTED [junos@67.43.156.15 source-address=\"10.10.10.50\" source-port=\"1402\" destination-address=\"67.43.156.13\" destination-port=\"80\" category=\"N/A\" reason=\"BY_OTHER\" profile=\"wf-profile\" url=\"www.checkpoint.com\" obj=\"/css/homepage2012.css\" username=\"user02\" roles=\"N/A\"]", + "outcome": "success", + "severity": 12, + "type": [ + "allowed", + "connection" + ] }, "juniper": { "srx": { - "reason": "BY_OTHER", "process": "RT_UTM", - "tag": "WEBFILTER_URL_PERMITTED", - "profile": "wf-profile" + "profile": "wf-profile", + "reason": "BY_OTHER", + "tag": "WEBFILTER_URL_PERMITTED" } }, - "url": { - "path": "/css/homepage2012.css", - "domain": "www.checkpoint.com" + "log": { + "level": "warning" }, - "tags": [ - "preserve_original_event" - ], "observer": { "name": "utm-srx550-b", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2016-02-18T01:32:50.391Z", - "ecs": { - "version": "8.0.0" - }, "related": { - "user": [ - "user02" - ], "hosts": [ "www.checkpoint.com" ], "ip": [ "10.10.10.50", "67.43.156.13" + ], + "user": [ + "user02" ] }, - "client": { + "server": { + "ip": "67.43.156.13", + "port": 80 + }, + "source": { + "ip": "10.10.10.50", "port": 1402, - "ip": "10.10.10.50" + "user": { + "name": "user02" + } }, - "event": { - "severity": 12, - "original": "\u003c12\u003e1 2016-02-18T01:32:50.391Z utm-srx550-b RT_UTM - WEBFILTER_URL_PERMITTED [junos@67.43.156.15 source-address=\"10.10.10.50\" source-port=\"1402\" destination-address=\"67.43.156.13\" destination-port=\"80\" category=\"N/A\" reason=\"BY_OTHER\" profile=\"wf-profile\" url=\"www.checkpoint.com\" obj=\"/css/homepage2012.css\" username=\"user02\" roles=\"N/A\"]", - "category": [ - "network" - ], - "type": [ - "allowed", - "connection" - ], - "kind": "event", - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "www.checkpoint.com", + "path": "/css/homepage2012.css" } }, { - "server": { - "port": 47095, - "ip": "67.43.156.12" - }, - "log": { - "level": "warning" + "@timestamp": "2010-02-08T08:29:28.565Z", + "client": { + "ip": "67.43.156.13", + "port": 80 }, "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, "as": { "number": 35908 }, - "port": 47095, - "ip": "67.43.156.12" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 80, - "ip": "67.43.156.13" + "ip": "67.43.156.12", + "port": 47095 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "virus_detected", + "category": [ + "network", + "malware" + ], + "kind": "alert", + "original": "\u003c12\u003e1 2010-02-08T08:29:28.565Z SRX650-1 RT_UTM - AV_VIRUS_DETECTED_MT [junos@67.43.156.15 source-address=\"67.43.156.13\" source-port=\"80\" destination-address=\"67.43.156.12\" destination-port=\"47095\" source-zone-name=\"untrust\" filename=\"www.eicar.org/download/eicar.com\" temporary-filename=\"www.eicar.org/download/eicar.com\" name=\"EICAR-Test-File\" url=\"EICAR-Test-File\"]", + "outcome": "success", + "severity": 12, + "type": [ + "info", + "denied", + "connection" + ] + }, + "file": { + "name": "www.eicar.org/download/eicar.com" }, "juniper": { "srx": { @@ -224,28 +228,18 @@ "temporary_filename": "www.eicar.org/download/eicar.com" } }, - "url": { - "domain": "EICAR-Test-File" + "log": { + "level": "warning" }, - "tags": [ - "preserve_original_event" - ], "observer": { - "name": "SRX650-1", "ingress": { "zone": "untrust" }, + "name": "SRX650-1", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2010-02-08T08:29:28.565Z", - "file": { - "name": "www.eicar.org/download/eicar.com" - }, - "ecs": { - "version": "8.0.0" - }, "related": { "hosts": [ "EICAR-Test-File" @@ -255,90 +249,90 @@ "67.43.156.12" ] }, - "client": { - "port": 80, - "ip": "67.43.156.13" - }, - "event": { - "severity": 12, - "original": "\u003c12\u003e1 2010-02-08T08:29:28.565Z SRX650-1 RT_UTM - AV_VIRUS_DETECTED_MT [junos@67.43.156.15 source-address=\"67.43.156.13\" source-port=\"80\" destination-address=\"67.43.156.12\" destination-port=\"47095\" source-zone-name=\"untrust\" filename=\"www.eicar.org/download/eicar.com\" temporary-filename=\"www.eicar.org/download/eicar.com\" name=\"EICAR-Test-File\" url=\"EICAR-Test-File\"]", - "kind": "alert", - "action": "virus_detected", - "category": [ - "network", - "malware" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } - }, - { "server": { - "port": 33578, - "ip": "67.43.156.12" + "ip": "67.43.156.12", + "port": 47095 }, - "log": { - "level": "warning" - }, - "destination": { + "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.13", + "port": 80 + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "EICAR-Test-File" + } + }, + { + "@timestamp": "2010-02-08T08:29:28.565Z", + "client": { + "ip": "67.43.156.14", + "port": 80 + }, + "destination": { "as": { "number": 35908 }, - "port": 33578, - "ip": "67.43.156.12" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 80, - "ip": "67.43.156.14" + "ip": "67.43.156.12", + "port": 33578 }, - "juniper": { - "srx": { - "error_message": "scan engine is not ready", - "process": "RT_UTM", - "error_code": "14", - "tag": "AV_SCANNER_DROP_FILE_MT" - } + "ecs": { + "version": "8.2.0" }, - "tags": [ - "preserve_original_event" - ], - "observer": { - "name": "SRX650-1", - "product": "SRX", - "type": "firewall", - "vendor": "Juniper" + "event": { + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c12\u003e1 2010-02-08T08:29:28.565Z SRX650-1 RT_UTM - AV_SCANNER_DROP_FILE_MT [junos@67.43.156.15 source-address=\"67.43.156.14\" source-port=\"80\" destination-address=\"67.43.156.12\" destination-port=\"33578\" filename=\"www.google.com/\" error-code=\"14\" error-message=\"scan engine is not ready\"]", + "outcome": "success", + "severity": 12, + "type": [ + "allowed", + "connection" + ] }, - "@timestamp": "2010-02-08T08:29:28.565Z", "file": { "name": "www.google.com/" }, - "ecs": { - "version": "8.0.0" + "juniper": { + "srx": { + "error_code": "14", + "error_message": "scan engine is not ready", + "process": "RT_UTM", + "tag": "AV_SCANNER_DROP_FILE_MT" + } + }, + "log": { + "level": "warning" + }, + "observer": { + "name": "SRX650-1", + "product": "SRX", + "type": "firewall", + "vendor": "Juniper" }, "related": { "ip": [ @@ -346,51 +340,70 @@ "67.43.156.12" ] }, - "client": { - "port": 80, - "ip": "67.43.156.14" - }, - "event": { - "severity": 12, - "original": "\u003c12\u003e1 2010-02-08T08:29:28.565Z SRX650-1 RT_UTM - AV_SCANNER_DROP_FILE_MT [junos@67.43.156.15 source-address=\"67.43.156.14\" source-port=\"80\" destination-address=\"67.43.156.12\" destination-port=\"33578\" filename=\"www.google.com/\" error-code=\"14\" error-message=\"scan engine is not ready\"]", - "category": [ - "network" - ], - "type": [ - "allowed", - "connection" - ], - "kind": "event", - "outcome": "success" - } - }, - { "server": { - "port": 51727, - "ip": "67.43.156.12" - }, - "log": { - "level": "warning" + "ip": "67.43.156.12", + "port": 33578 }, - "destination": { + "source": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, + "ip": "67.43.156.14", + "port": 80 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2010-01-29T10:59:59.660Z", + "client": { + "ip": "10.2.1.101", + "port": 80 + }, + "destination": { "as": { "number": 35908 }, - "port": 51727, - "ip": "67.43.156.12" + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.12", + "port": 51727 }, - "source": { - "port": 80, - "ip": "10.2.1.101" + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c12\u003e1 2010-01-29T10:59:59.660Z SRX650-1 RT_UTM - AV_HUGE_FILE_DROPPED_MT [junos@67.43.156.15 source-address=\"10.2.1.101\" source-port=\"80\" destination-address=\"67.43.156.12\" destination-port=\"51727\" filename=\"10.2.1.101/images/junos- srxsme-10.2-20100106.0-domestic.tgz\"]", + "outcome": "success", + "severity": 12, + "type": [ + "allowed", + "connection" + ] + }, + "file": { + "name": "10.2.1.101/images/junos- srxsme-10.2-20100106.0-domestic.tgz" }, "juniper": { "srx": { @@ -398,324 +411,315 @@ "tag": "AV_HUGE_FILE_DROPPED_MT" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "warning" + }, "observer": { "name": "SRX650-1", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2010-01-29T10:59:59.660Z", - "file": { - "name": "10.2.1.101/images/junos- srxsme-10.2-20100106.0-domestic.tgz" - }, - "ecs": { - "version": "8.0.0" - }, "related": { "ip": [ "10.2.1.101", "67.43.156.12" ] }, + "server": { + "ip": "67.43.156.12", + "port": 51727 + }, + "source": { + "ip": "10.2.1.101", + "port": 80 + }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2016-02-18T01:33:50.391Z", "client": { - "port": 80, - "ip": "10.2.1.101" + "ip": "10.10.10.1" + }, + "ecs": { + "version": "8.2.0" }, "event": { - "severity": 12, - "original": "\u003c12\u003e1 2010-01-29T10:59:59.660Z SRX650-1 RT_UTM - AV_HUGE_FILE_DROPPED_MT [junos@67.43.156.15 source-address=\"10.2.1.101\" source-port=\"80\" destination-address=\"67.43.156.12\" destination-port=\"51727\" filename=\"10.2.1.101/images/junos- srxsme-10.2-20100106.0-domestic.tgz\"]", + "action": "antispam_filter", "category": [ - "network" + "network", + "malware" ], + "kind": "alert", + "original": "\u003c14\u003e1 2016-02-18T01:33:50.391Z utm-srx550-b RT_UTM - ANTISPAM_SPAM_DETECTED_MT [junos@67.43.156.15 source-zone=\"trust\" destination-zone=\"untrust\" source-name=\"N/A\" source-address=\"10.10.10.1\" profile-name=\"antispam01\" action=\"drop\" reason=\"Match local blacklist\" username=\"user01\" roles=\"N/A\"]", + "outcome": "success", + "severity": 14, "type": [ - "allowed", + "info", + "denied", "connection" - ], - "kind": "event", - "outcome": "success" - } - }, - { + ] + }, + "juniper": { + "srx": { + "action": "drop", + "process": "RT_UTM", + "profile_name": "antispam01", + "reason": "Match local blacklist", + "tag": "ANTISPAM_SPAM_DETECTED_MT" + } + }, + "log": { + "level": "informational" + }, "observer": { - "name": "utm-srx550-b", + "egress": { + "zone": "untrust" + }, "ingress": { "zone": "trust" }, + "name": "utm-srx550-b", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "untrust" - } - }, - "@timestamp": "2016-02-18T01:33:50.391Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { - "user": [ - "user01" - ], "ip": [ "10.10.10.1" + ], + "user": [ + "user01" ] }, - "log": { - "level": "informational" - }, - "client": { - "ip": "10.10.10.1" - }, "source": { + "ip": "10.10.10.1", "user": { "name": "user01" - }, - "ip": "10.10.10.1" - }, - "juniper": { - "srx": { - "profile_name": "antispam01", - "reason": "Match local blacklist", - "action": "drop", - "process": "RT_UTM", - "tag": "ANTISPAM_SPAM_DETECTED_MT" } }, + "tags": [ + "preserve_original_event" + ] + }, + { + "@timestamp": "2016-02-18T01:34:50.391Z", + "client": { + "ip": "192.168.2.3", + "port": 58071 + }, + "destination": { + "ip": "192.168.100.2", + "port": 80 + }, + "ecs": { + "version": "8.2.0" + }, "event": { - "severity": 14, - "original": "\u003c14\u003e1 2016-02-18T01:33:50.391Z utm-srx550-b RT_UTM - ANTISPAM_SPAM_DETECTED_MT [junos@67.43.156.15 source-zone=\"trust\" destination-zone=\"untrust\" source-name=\"N/A\" source-address=\"10.10.10.1\" profile-name=\"antispam01\" action=\"drop\" reason=\"Match local blacklist\" username=\"user01\" roles=\"N/A\"]", - "kind": "alert", - "action": "antispam_filter", + "action": "content_filter", "category": [ "network", "malware" ], + "kind": "alert", + "original": "\u003c14\u003e1 2016-02-18T01:34:50.391Z utm-srx550-b RT_UTM - CONTENT_FILTERING_BLOCKED_MT [junos@67.43.156.15 source-zone=\"untrust\" destination-zone=\"trust\" protocol=\"http\" source-address=\"192.168.2.3\" source-port=\"58071\" destination-address=\"192.168.100.2\" destination-port=\"80\" profile-name=\"content02\" action=\"drop\" reason=\"blocked due to file extension block list\" username=\"user01@testuser.com\" roles=\"N/A\" filename=\"test.cmd\"]", + "outcome": "success", + "severity": 14, "type": [ "info", "denied", "connection" - ], - "outcome": "success" - }, - "tags": [ - "preserve_original_event" - ] - }, - { - "server": { - "port": 80, - "ip": "192.168.100.2" - }, - "log": { - "level": "informational" - }, - "destination": { - "port": 80, - "ip": "192.168.100.2" + ] }, - "source": { - "port": 58071, - "user": { - "name": "user01@testuser.com" - }, - "ip": "192.168.2.3" + "file": { + "name": "test.cmd" }, "juniper": { "srx": { - "reason": "blocked due to file extension block list", - "profile_name": "content02", "action": "drop", "process": "RT_UTM", + "profile_name": "content02", + "reason": "blocked due to file extension block list", "tag": "CONTENT_FILTERING_BLOCKED_MT" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "informational" + }, "network": { "protocol": "http" }, "observer": { - "name": "utm-srx550-b", + "egress": { + "zone": "trust" + }, "ingress": { "zone": "untrust" }, + "name": "utm-srx550-b", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "trust" - } - }, - "@timestamp": "2016-02-18T01:34:50.391Z", - "file": { - "name": "test.cmd" - }, - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { - "user": [ - "user01@testuser.com" - ], "ip": [ "192.168.2.3", "192.168.100.2" + ], + "user": [ + "user01@testuser.com" ] }, - "client": { + "server": { + "ip": "192.168.100.2", + "port": 80 + }, + "source": { + "ip": "192.168.2.3", "port": 58071, - "ip": "192.168.2.3" + "user": { + "name": "user01@testuser.com" + } }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2016-02-18T01:34:50.391Z utm-srx550-b RT_UTM - CONTENT_FILTERING_BLOCKED_MT [junos@67.43.156.15 source-zone=\"untrust\" destination-zone=\"trust\" protocol=\"http\" source-address=\"192.168.2.3\" source-port=\"58071\" destination-address=\"192.168.100.2\" destination-port=\"80\" profile-name=\"content02\" action=\"drop\" reason=\"blocked due to file extension block list\" username=\"user01@testuser.com\" roles=\"N/A\" filename=\"test.cmd\"]", - "kind": "alert", - "action": "content_filter", - "category": [ - "network", - "malware" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" - } + "tags": [ + "preserve_original_event" + ] }, { - "server": { - "port": 80, - "ip": "67.43.156.13" - }, - "log": { - "level": "warning" + "@timestamp": "2016-02-19T01:32:50.391Z", + "client": { + "ip": "192.168.1.100", + "port": 58071 }, "destination": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" + "lat": 27.5, + "lon": 90.5 + } }, - "as": { - "number": 35908 - }, - "port": 80, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 80 }, - "source": { - "port": 58071, - "user": { - "name": "user01" - }, - "ip": "192.168.1.100" + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "web_filter", + "category": [ + "network", + "malware" + ], + "kind": "alert", + "original": "\u003c12\u003e1 2016-02-19T01:32:50.391Z utm-srx550-b RT_UTM - WEBFILTER_URL_BLOCKED_LS [junos@67.43.156.15 source-address=\"192.168.1.100\" source-port=\"58071\" destination-address=\"67.43.156.13\" destination-port=\"80\" category=\"cat1\" reason=\"BY_BLACK_LIST\" profile=\"uf1\" url=\"www.baidu.com\" obj=\"/\" username=\"user01\" roles=\"N/A\"]", + "outcome": "success", + "severity": 12, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { - "reason": "BY_BLACK_LIST", - "process": "RT_UTM", - "tag": "WEBFILTER_URL_BLOCKED_LS", "category": "cat1", - "profile": "uf1" + "process": "RT_UTM", + "profile": "uf1", + "reason": "BY_BLACK_LIST", + "tag": "WEBFILTER_URL_BLOCKED_LS" } }, - "url": { - "path": "/", - "domain": "www.baidu.com" + "log": { + "level": "warning" }, - "tags": [ - "preserve_original_event" - ], "observer": { "name": "utm-srx550-b", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2016-02-19T01:32:50.391Z", - "ecs": { - "version": "8.0.0" - }, "related": { - "user": [ - "user01" - ], "hosts": [ "www.baidu.com" ], "ip": [ "192.168.1.100", "67.43.156.13" + ], + "user": [ + "user01" ] }, - "client": { + "server": { + "ip": "67.43.156.13", + "port": 80 + }, + "source": { + "ip": "192.168.1.100", "port": 58071, - "ip": "192.168.1.100" + "user": { + "name": "user01" + } }, - "event": { - "severity": 12, - "original": "\u003c12\u003e1 2016-02-19T01:32:50.391Z utm-srx550-b RT_UTM - WEBFILTER_URL_BLOCKED_LS [junos@67.43.156.15 source-address=\"192.168.1.100\" source-port=\"58071\" destination-address=\"67.43.156.13\" destination-port=\"80\" category=\"cat1\" reason=\"BY_BLACK_LIST\" profile=\"uf1\" url=\"www.baidu.com\" obj=\"/\" username=\"user01\" roles=\"N/A\"]", - "kind": "alert", - "action": "web_filter", - "category": [ - "network", - "malware" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "www.baidu.com", + "path": "/" } }, { - "server": { - "port": 47095, - "ip": "67.43.156.12" - }, - "log": { - "level": "warning" + "@timestamp": "2011-02-08T08:29:28.565Z", + "client": { + "ip": "67.43.156.13", + "port": 80 }, "destination": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, "as": { "number": 35908 }, - "port": 47095, - "ip": "67.43.156.12" - }, - "source": { "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 80, - "ip": "67.43.156.13" + "ip": "67.43.156.12", + "port": 47095 + }, + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "virus_detected", + "category": [ + "network", + "malware" + ], + "kind": "alert", + "original": "\u003c12\u003e1 2011-02-08T08:29:28.565Z SRX650-1 RT_UTM - AV_VIRUS_DETECTED_MT_LS [junos@67.43.156.15 source-address=\"67.43.156.13\" source-port=\"80\" destination-address=\"67.43.156.12\" destination-port=\"47095\" source-zone-name=\"untrust\" filename=\"www.eicar.org/download/eicar.com\" temporary-filename=\"www.eicar.org/download/eicar.com\" name=\"EICAR-Test-File\" url=\"EICAR-Test-File\"]", + "outcome": "success", + "severity": 12, + "type": [ + "info", + "denied", + "connection" + ] + }, + "file": { + "name": "www.eicar.org/download/eicar.com" }, "juniper": { "srx": { @@ -725,28 +729,18 @@ "temporary_filename": "www.eicar.org/download/eicar.com" } }, - "url": { - "domain": "EICAR-Test-File" + "log": { + "level": "warning" }, - "tags": [ - "preserve_original_event" - ], "observer": { - "name": "SRX650-1", "ingress": { "zone": "untrust" }, + "name": "SRX650-1", "product": "SRX", "type": "firewall", "vendor": "Juniper" }, - "@timestamp": "2011-02-08T08:29:28.565Z", - "file": { - "name": "www.eicar.org/download/eicar.com" - }, - "ecs": { - "version": "8.0.0" - }, "related": { "hosts": [ "EICAR-Test-File" @@ -756,87 +750,96 @@ "67.43.156.12" ] }, - "client": { - "port": 80, - "ip": "67.43.156.13" + "server": { + "ip": "67.43.156.12", + "port": 47095 + }, + "source": { + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 80 }, - "event": { - "severity": 12, - "original": "\u003c12\u003e1 2011-02-08T08:29:28.565Z SRX650-1 RT_UTM - AV_VIRUS_DETECTED_MT_LS [junos@67.43.156.15 source-address=\"67.43.156.13\" source-port=\"80\" destination-address=\"67.43.156.12\" destination-port=\"47095\" source-zone-name=\"untrust\" filename=\"www.eicar.org/download/eicar.com\" temporary-filename=\"www.eicar.org/download/eicar.com\" name=\"EICAR-Test-File\" url=\"EICAR-Test-File\"]", - "kind": "alert", - "action": "virus_detected", - "category": [ - "network", - "malware" - ], - "type": [ - "info", - "denied", - "connection" - ], - "outcome": "success" + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "EICAR-Test-File" } }, { - "server": { - "port": 443, - "ip": "67.43.156.14" - }, - "log": { - "level": "informational" + "@timestamp": "2020-07-14T14:16:18.345Z", + "client": { + "ip": "10.1.1.100", + "port": 58974 }, "destination": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 443, - "ip": "67.43.156.14" + "ip": "67.43.156.14", + "port": 443 }, - "source": { - "port": 58974, - "ip": "10.1.1.100" + "ecs": { + "version": "8.2.0" + }, + "event": { + "category": [ + "network" + ], + "kind": "event", + "original": "\u003c14\u003e1 2020-07-14T14:16:18.345Z SRX650-1 RT_UTM - WEBFILTER_URL_PERMITTED [junos@67.43.156.15 source-zone=\"trust\" destination-zone=\"untrust\" source-address=\"10.1.1.100\" source-port=\"58974\" destination-address=\"67.43.156.14\" destination-port=\"443\" session-id=\"16297\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" category=\"Enhanced_Information_Technology\" reason=\"BY_SITE_REPUTATION_MODERATELY_SAFE\" profile=\"WCF1\" url=\"datawrapper.dwcdn.net\" obj=\"/\" username=\"N/A\" roles=\"N/A\" application-sub-category=\"N/A\" urlcategory-risk=\"0\"]", + "outcome": "success", + "risk_score": 0.0, + "severity": 14, + "type": [ + "allowed", + "connection" + ] }, "juniper": { "srx": { + "category": "Enhanced_Information_Technology", + "process": "RT_UTM", + "profile": "WCF1", "reason": "BY_SITE_REPUTATION_MODERATELY_SAFE", "session_id": "16297", - "process": "RT_UTM", - "tag": "WEBFILTER_URL_PERMITTED", - "category": "Enhanced_Information_Technology", - "profile": "WCF1" + "tag": "WEBFILTER_URL_PERMITTED" } }, - "url": { - "path": "/", - "domain": "datawrapper.dwcdn.net" + "log": { + "level": "informational" }, - "tags": [ - "preserve_original_event" - ], "observer": { - "name": "SRX650-1", + "egress": { + "zone": "untrust" + }, "ingress": { "zone": "trust" }, + "name": "SRX650-1", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "untrust" - } - }, - "@timestamp": "2020-07-14T14:16:18.345Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "hosts": [ @@ -847,85 +850,88 @@ "67.43.156.14" ] }, - "client": { - "port": 58974, - "ip": "10.1.1.100" + "server": { + "ip": "67.43.156.14", + "port": 443 }, - "event": { - "severity": 14, - "original": "\u003c14\u003e1 2020-07-14T14:16:18.345Z SRX650-1 RT_UTM - WEBFILTER_URL_PERMITTED [junos@67.43.156.15 source-zone=\"trust\" destination-zone=\"untrust\" source-address=\"10.1.1.100\" source-port=\"58974\" destination-address=\"67.43.156.14\" destination-port=\"443\" session-id=\"16297\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" category=\"Enhanced_Information_Technology\" reason=\"BY_SITE_REPUTATION_MODERATELY_SAFE\" profile=\"WCF1\" url=\"datawrapper.dwcdn.net\" obj=\"/\" username=\"N/A\" roles=\"N/A\" application-sub-category=\"N/A\" urlcategory-risk=\"0\"]", - "risk_score": 0.0, - "kind": "event", - "category": [ - "network" - ], - "type": [ - "allowed", - "connection" - ], - "outcome": "success" + "source": { + "ip": "10.1.1.100", + "port": 58974 + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "datawrapper.dwcdn.net", + "path": "/" } }, { - "server": { - "port": 443, - "ip": "67.43.156.13" - }, - "log": { - "level": "warning" + "@timestamp": "2020-07-14T14:16:29.541Z", + "client": { + "ip": "10.1.1.100", + "port": 59075 }, "destination": { + "as": { + "number": 35908 + }, "geo": { "continent_name": "Asia", + "country_iso_code": "BT", "country_name": "Bhutan", "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 + "lat": 27.5, + "lon": 90.5 + } }, - "port": 443, - "ip": "67.43.156.13" + "ip": "67.43.156.13", + "port": 443 }, - "source": { - "port": 59075, - "ip": "10.1.1.100" + "ecs": { + "version": "8.2.0" + }, + "event": { + "action": "web_filter", + "category": [ + "network", + "malware" + ], + "kind": "alert", + "original": "\u003c12\u003e1 2020-07-14T14:16:29.541Z SRX650-1 RT_UTM - WEBFILTER_URL_BLOCKED [junos@67.43.156.15 source-zone=\"trust\" destination-zone=\"untrust\" source-address=\"10.1.1.100\" source-port=\"59075\" destination-address=\"67.43.156.13\" destination-port=\"443\" session-id=\"16490\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" category=\"Enhanced_Advertisements\" reason=\"BY_SITE_REPUTATION_SUSPICIOUS\" profile=\"WCF1\" url=\"dsp.adfarm1.adition.com\" obj=\"/\" username=\"N/A\" roles=\"N/A\" application-sub-category=\"N/A\" urlcategory-risk=\"3\"]", + "outcome": "success", + "risk_score": 3.0, + "severity": 12, + "type": [ + "info", + "denied", + "connection" + ] }, "juniper": { "srx": { + "category": "Enhanced_Advertisements", + "process": "RT_UTM", + "profile": "WCF1", "reason": "BY_SITE_REPUTATION_SUSPICIOUS", "session_id": "16490", - "process": "RT_UTM", - "tag": "WEBFILTER_URL_BLOCKED", - "category": "Enhanced_Advertisements", - "profile": "WCF1" + "tag": "WEBFILTER_URL_BLOCKED" } }, - "url": { - "path": "/", - "domain": "dsp.adfarm1.adition.com" + "log": { + "level": "warning" }, - "tags": [ - "preserve_original_event" - ], "observer": { - "name": "SRX650-1", + "egress": { + "zone": "untrust" + }, "ingress": { "zone": "trust" }, + "name": "SRX650-1", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "untrust" - } - }, - "@timestamp": "2020-07-14T14:16:29.541Z", - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "hosts": [ @@ -936,87 +942,75 @@ "67.43.156.13" ] }, + "server": { + "ip": "67.43.156.13", + "port": 443 + }, + "source": { + "ip": "10.1.1.100", + "port": 59075 + }, + "tags": [ + "preserve_original_event" + ], + "url": { + "domain": "dsp.adfarm1.adition.com", + "path": "/" + } + }, + { + "@timestamp": "2020-07-14T14:17:04.733Z", "client": { - "port": 59075, - "ip": "10.1.1.100" + "ip": "67.43.156.13", + "port": 80 + }, + "destination": { + "ip": "10.1.1.100", + "port": 58954 + }, + "ecs": { + "version": "8.2.0" }, "event": { - "severity": 12, - "original": "\u003c12\u003e1 2020-07-14T14:16:29.541Z SRX650-1 RT_UTM - WEBFILTER_URL_BLOCKED [junos@67.43.156.15 source-zone=\"trust\" destination-zone=\"untrust\" source-address=\"10.1.1.100\" source-port=\"59075\" destination-address=\"67.43.156.13\" destination-port=\"443\" session-id=\"16490\" application=\"UNKNOWN\" nested-application=\"UNKNOWN\" category=\"Enhanced_Advertisements\" reason=\"BY_SITE_REPUTATION_SUSPICIOUS\" profile=\"WCF1\" url=\"dsp.adfarm1.adition.com\" obj=\"/\" username=\"N/A\" roles=\"N/A\" application-sub-category=\"N/A\" urlcategory-risk=\"3\"]", - "risk_score": 3.0, - "kind": "alert", - "action": "web_filter", "category": [ - "network", - "malware" + "network" ], + "kind": "event", + "original": "\u003c12\u003e1 2020-07-14T14:17:04.733Z SRX650-1 RT_UTM - AV_FILE_NOT_SCANNED_DROPPED_MT [junos@67.43.156.15 source-zone=\"trust\" destination-zone=\"untrust\" source-address=\"67.43.156.13\" source-port=\"80\" destination-address=\"10.1.1.100\" destination-port=\"58954\" profile-name=\"Custom-Sophos-Profile\" filename=\"download.cdn.mozilla.net/pub/firefox/releases/78.0.2/update/win64/de/firefox-78.0.2.complete.mar\" action=\"BLOCKED\" reason=\"exceeding maximum content size\" error-code=\"7\" username=\"N/A\" roles=\"N/A\"]", + "outcome": "success", + "severity": 12, "type": [ - "info", - "denied", + "allowed", "connection" - ], - "outcome": "success" - } - }, - { - "server": { - "port": 58954, - "ip": "10.1.1.100" - }, - "log": { - "level": "warning" - }, - "destination": { - "port": 58954, - "ip": "10.1.1.100" + ] }, - "source": { - "geo": { - "continent_name": "Asia", - "country_name": "Bhutan", - "location": { - "lon": 90.5, - "lat": 27.5 - }, - "country_iso_code": "BT" - }, - "as": { - "number": 35908 - }, - "port": 80, - "ip": "67.43.156.13" + "file": { + "name": "download.cdn.mozilla.net/pub/firefox/releases/78.0.2/update/win64/de/firefox-78.0.2.complete.mar" }, "juniper": { "srx": { - "reason": "exceeding maximum content size", - "profile_name": "Custom-Sophos-Profile", "action": "BLOCKED", - "process": "RT_UTM", "error_code": "7", + "process": "RT_UTM", + "profile_name": "Custom-Sophos-Profile", + "reason": "exceeding maximum content size", "tag": "AV_FILE_NOT_SCANNED_DROPPED_MT" } }, - "tags": [ - "preserve_original_event" - ], + "log": { + "level": "warning" + }, "observer": { - "name": "SRX650-1", + "egress": { + "zone": "untrust" + }, "ingress": { "zone": "trust" }, + "name": "SRX650-1", "product": "SRX", "type": "firewall", - "vendor": "Juniper", - "egress": { - "zone": "untrust" - } - }, - "@timestamp": "2020-07-14T14:17:04.733Z", - "file": { - "name": "download.cdn.mozilla.net/pub/firefox/releases/78.0.2/update/win64/de/firefox-78.0.2.complete.mar" - }, - "ecs": { - "version": "8.0.0" + "vendor": "Juniper" }, "related": { "ip": [ @@ -1024,23 +1018,29 @@ "10.1.1.100" ] }, - "client": { - "port": 80, - "ip": "67.43.156.13" + "server": { + "ip": "10.1.1.100", + "port": 58954 }, - "event": { - "severity": 12, - "original": "\u003c12\u003e1 2020-07-14T14:17:04.733Z SRX650-1 RT_UTM - AV_FILE_NOT_SCANNED_DROPPED_MT [junos@67.43.156.15 source-zone=\"trust\" destination-zone=\"untrust\" source-address=\"67.43.156.13\" source-port=\"80\" destination-address=\"10.1.1.100\" destination-port=\"58954\" profile-name=\"Custom-Sophos-Profile\" filename=\"download.cdn.mozilla.net/pub/firefox/releases/78.0.2/update/win64/de/firefox-78.0.2.complete.mar\" action=\"BLOCKED\" reason=\"exceeding maximum content size\" error-code=\"7\" username=\"N/A\" roles=\"N/A\"]", - "category": [ - "network" - ], - "type": [ - "allowed", - "connection" - ], - "kind": "event", - "outcome": "success" - } + "source": { + "as": { + "number": 35908 + }, + "geo": { + "continent_name": "Asia", + "country_iso_code": "BT", + "country_name": "Bhutan", + "location": { + "lat": 27.5, + "lon": 90.5 + } + }, + "ip": "67.43.156.13", + "port": 80 + }, + "tags": [ + "preserve_original_event" + ] } ] } \ No newline at end of file diff --git a/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 3af403bbe0b..7399a1fe75b 100644 --- a/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -5,7 +5,7 @@ description: Pipeline for parsing junipersrx firewall logs processors: - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/juniper_srx/data_stream/log/sample_event.json b/packages/juniper_srx/data_stream/log/sample_event.json index 74dedb8bdd4..ea03571008f 100644 --- a/packages/juniper_srx/data_stream/log/sample_event.json +++ b/packages/juniper_srx/data_stream/log/sample_event.json @@ -33,7 +33,7 @@ "port": 80 }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/juniper_srx/docs/README.md b/packages/juniper_srx/docs/README.md index c64378fc538..cd744d74530 100644 --- a/packages/juniper_srx/docs/README.md +++ b/packages/juniper_srx/docs/README.md @@ -576,7 +576,7 @@ The following processes and tags are supported: | process.parent.pe.imphash | A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. | keyword | | process.parent.pe.original_file_name | Internal name of the file, provided at compile-time. | keyword | | process.parent.pe.product | Internal product name of the file, provided at compile-time. | keyword | -| process.parent.pgid | Identifier of the group of processes the process belongs to. | long | +| process.parent.pgid | Deprecated for removal in next major version release. This field is superseded by `process.group_leader.pid`. Identifier of the group of processes the process belongs to. | long | | process.parent.pid | Process id. | long | | process.parent.start | The time the process started. | date | | process.parent.thread.id | Thread ID. | long | @@ -593,7 +593,7 @@ The following processes and tags are supported: | process.pe.imphash | A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. | keyword | | process.pe.original_file_name | Internal name of the file, provided at compile-time. | keyword | | process.pe.product | Internal product name of the file, provided at compile-time. | keyword | -| process.pgid | Identifier of the group of processes the process belongs to. | long | +| process.pgid | Deprecated for removal in next major version release. This field is superseded by `process.group_leader.pid`. Identifier of the group of processes the process belongs to. | long | | process.pid | Process id. | long | | process.start | The time the process started. | date | | process.thread.id | Thread ID. | long | diff --git a/packages/juniper_srx/manifest.yml b/packages/juniper_srx/manifest.yml index d51d376d952..66d24736fdf 100644 --- a/packages/juniper_srx/manifest.yml +++ b/packages/juniper_srx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_srx title: Juniper SRX -version: 1.1.2 +version: 1.2.0 description: Collect logs from Juniper SRX devices with Elastic Agent. categories: ["network", "security"] release: ga diff --git a/packages/keycloak/_dev/build/build.yml b/packages/keycloak/_dev/build/build.yml index 809e76063e9..d61527283ec 100644 --- a/packages/keycloak/_dev/build/build.yml +++ b/packages/keycloak/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.0 + reference: git@8.2 diff --git a/packages/keycloak/changelog.yml b/packages/keycloak/changelog.yml index 0b03f72e0f3..9767451727b 100644 --- a/packages/keycloak/changelog.yml +++ b/packages/keycloak/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update to ECS 8.2 + type: enhancement + link: https://github.com/elastic/integrations/pull/2779 - version: "1.2.1" changes: - description: Add documentation for multi-fields diff --git a/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index 7a25b11f40f..74117fd2f4c 100644 --- a/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -8,14 +8,13 @@ }, "@timestamp": "2021-10-22T21:01:42.548-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "INFO", "logger": "org.keycloak.services" }, "event": { - "ingested": "2022-01-01T23:08:20.555171355Z", "timezone": "America/Chicago", "original": "2021-10-22 21:01:42,548 INFO [org.keycloak.services] (ServerService Thread Pool -- 64) KC-SERVICES0009: Added user 'admin' to realm 'master'" }, @@ -32,14 +31,13 @@ }, "@timestamp": "2021-10-22T21:01:42.667-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "INFO", "logger": "org.jboss.resteasy.resteasy_jaxrs.i18n" }, "event": { - "ingested": "2022-01-01T23:08:20.555173689Z", "timezone": "America/Chicago", "original": "2021-10-22 21:01:42,667 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication" }, @@ -56,14 +54,13 @@ }, "@timestamp": "2021-10-22T21:01:42.912-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "INFO", "logger": "org.wildfly.extension.undertow" }, "event": { - "ingested": "2022-01-01T23:08:20.555174655Z", "timezone": "America/Chicago", "original": "2021-10-22 21:01:42,912 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 64) WFLYUT002021-10-22 21: Registered web context: '/auth' for server 'default-server' " }, @@ -80,14 +77,13 @@ }, "@timestamp": "2021-10-22T21:01:43.208-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "INFO", "logger": "org.jboss.as.server" }, "event": { - "ingested": "2022-01-01T23:08:20.555175531Z", "timezone": "America/Chicago", "original": "2021-10-22 21:01:43,208 INFO [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0010: Deployed \"keycloak-server.war\" (runtime-name : \"keycloak-server.war\") " }, @@ -104,14 +100,13 @@ }, "@timestamp": "2021-10-22T21:01:43.299-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "INFO", "logger": "org.jboss.as.server" }, "event": { - "ingested": "2022-01-01T23:08:20.555176396Z", "timezone": "America/Chicago", "original": "2021-10-22 21:01:43,299 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server" }, @@ -128,14 +123,13 @@ }, "@timestamp": "2021-10-22T21:01:43.307-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "INFO", "logger": "org.jboss.as" }, "event": { - "ingested": "2022-01-01T23:08:20.555177251Z", "timezone": "America/Chicago", "original": "2021-10-22 21:01:43,307 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started in 28315ms - Started 692 of 977 services (686 services are lazy, passive or on-demand)" }, @@ -152,14 +146,13 @@ }, "@timestamp": "2021-10-22T21:01:43.327-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "INFO", "logger": "org.jboss.as" }, "event": { - "ingested": "2022-01-01T23:08:20.555178112Z", "timezone": "America/Chicago", "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management" }, @@ -176,14 +169,13 @@ }, "@timestamp": "2021-10-22T21:01:43.327-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "log": { "level": "INFO", "logger": "org.jboss.as" }, "event": { - "ingested": "2022-01-01T23:08:20.555179012Z", "timezone": "America/Chicago", "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990" }, @@ -213,7 +205,7 @@ }, "@timestamp": "2021-10-22T21:01:45.403-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -232,7 +224,6 @@ "ip": "172.18.0.1" }, "event": { - "ingested": "2022-01-01T23:08:20.555179871Z", "original": "2021-10-22 21:01:45,403 WARN [org.keycloak.events] (default task-1) type=LOGIN_ERROR, realmId=test, clientId=test, userId=null, ipAddress=172.18.0.1, error=invalid_redirect_uri, redirect_uri=http://localhost:8080", "code": "invalid_redirect_uri", "timezone": "America/Chicago", @@ -299,7 +290,7 @@ ], "@timestamp": "2021-10-22T21:20:42.120-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -313,7 +304,6 @@ ] }, "event": { - "ingested": "2022-01-01T23:08:20.555180776Z", "original": "2021-10-22 21:20:42,120 WARN [org.keycloak.events] (default task-2) type=LOGIN_ERROR, realmId=test, clientId=test, userId=cc74404c-de7e-482a-98f7-b271ff3c49be, ipAddress=172.18.0.1, error=invalid_user_credentials, auth_method=openid-connect, auth_type=code, redirect_uri=http://127.0.0.1:8080, code_id=3a76b735-e324-42b1-aa15-7c1f69f22eb8, username=admin, authSessionParentId=3a76b735-e324-42b1-aa15-7c1f69f22eb8, authSessionTabId=oJpF-WjDC04", "code": "invalid_user_credentials", "timezone": "America/Chicago", @@ -358,7 +348,7 @@ }, "@timestamp": "2021-10-22T21:24:41.076-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -377,7 +367,6 @@ "ip": "172.18.0.1" }, "event": { - "ingested": "2022-01-01T23:08:20.555181632Z", "original": "2021-10-22 21:24:41,076 WARN [org.keycloak.events] (default task-10) type=LOGIN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=172.18.0.1, error=user_not_found, auth_method=openid-connect, auth_type=code, redirect_uri=http://127.0.0.1:9090/auth/admin/master/console/, code_id=f9d4300d-d052-4eb6-9aeb-e8fcf642a21f, authSessionParentId=f9d4300d-d052-4eb6-9aeb-e8fcf642a21f, authSessionTabId=C8EtUrcFMsg", "code": "user_not_found", "timezone": "America/Chicago", @@ -423,7 +412,7 @@ }, "@timestamp": "2021-10-22T21:31:31.555-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "hosts": [ @@ -442,7 +431,6 @@ "ip": "172.18.0.1" }, "event": { - "ingested": "2022-01-01T23:08:20.555182635Z", "original": "2021-10-22 21:31:31,555 WARN [org.keycloak.events] (default task-10) type=LOGIN_ERROR, realmId=test, clientId=test, userId=null, ipAddress=172.18.0.1, error=invalid_redirect_uri, redirect_uri=http://localhost:8080", "code": "invalid_redirect_uri", "timezone": "America/Chicago", @@ -509,7 +497,7 @@ ], "@timestamp": "2021-10-22T20:58:02.700-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -523,7 +511,6 @@ ] }, "event": { - "ingested": "2022-01-01T23:08:20.555183512Z", "original": "2021-10-22 20:58:02,700 WARN [org.keycloak.events] (default task-18) type=LOGIN_ERROR, realmId=ABCD TEST, clientId=https://www.example.com/shibboleth, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, error=invalid_user_credentials, auth_method=saml, redirect_uri=https://www.example.com/Shibboleth.sso/SAML2/POST, code_id=cbefe0ca-bc11-48b4-b7fa-f1a59d220980, username=admin, authSessionParentId=cbefe0ca-bc11-48b4-b7fa-f1a59d220980, authSessionTabId=97qImXws36A", "code": "invalid_user_credentials", "timezone": "America/Chicago", @@ -586,7 +573,7 @@ ], "@timestamp": "2021-10-22T22:11:31.257-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -600,7 +587,6 @@ ] }, "event": { - "ingested": "2022-01-01T23:08:20.555184369Z", "original": "2021-10-22 22:11:31,257 DEBUG [org.keycloak.events] (default task-2) type=LOGIN, realmId=test, clientId=security-admin-console, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, auth_method=openid-connect, auth_type=code, redirect_uri=https://www.example.com/auth/admin/test/console/#/realms/test/events, consent=no_consent_required, code_id=bae6e56e-368f-4809-89f3-48cfb6279f5e, username=admin, authSessionParentId=bae6e56e-368f-4809-89f3-48cfb6279f5e, authSessionTabId=Kz_ye2UvP6M", "timezone": "America/Chicago", "kind": "event", @@ -640,7 +626,7 @@ }, "@timestamp": "2021-10-22T22:11:32.131-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -659,7 +645,6 @@ "ip": "10.2.2.156" }, "event": { - "ingested": "2022-01-01T23:08:20.555185220Z", "original": "2021-10-22 22:11:32,131 DEBUG [org.keycloak.events] (default task-3) type=CODE_TO_TOKEN, realmId=test, clientId=security-admin-console, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, token_id=561459c0-75f1-46d4-986d-d1c96d12b513, grant_type=authorization_code, refresh_token_type=Refresh, scope=openid, refresh_token_id=07434488-ca99-412a-99a0-c2e47c93d6d1, code_id=bae6e56e-368f-4809-89f3-48cfb6279f5e, client_auth_method=client-secret", "timezone": "America/Chicago", "kind": "event", @@ -702,7 +687,7 @@ }, "@timestamp": "2021-10-22T22:12:09.871-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -722,7 +707,6 @@ "ip": "10.2.2.156" }, "event": { - "ingested": "2022-01-01T23:08:20.555186085Z", "original": "2021-10-22 22:12:09,871 DEBUG [org.keycloak.events] (default task-3) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=USER, resourcePath=users/07972d16-b173-4c99-803d-90f211080f40", "code": "CREATE-USER", "timezone": "America/Chicago", @@ -771,7 +755,7 @@ }, "@timestamp": "2021-10-22T22:12:13.599-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -791,7 +775,6 @@ "ip": "10.2.2.156" }, "event": { - "ingested": "2022-01-01T23:08:20.555187035Z", "original": "2021-10-22 22:12:13,599 DEBUG [org.keycloak.events] (default task-1) operationType=UPDATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=USER, resourcePath=users/07972d16-b173-4c99-803d-90f211080f40", "code": "UPDATE-USER", "timezone": "America/Chicago", @@ -851,7 +834,7 @@ ], "@timestamp": "2021-10-22T22:14:29.031-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -862,7 +845,6 @@ ] }, "event": { - "ingested": "2022-01-01T23:08:20.555187894Z", "original": "2021-10-22 22:14:29,031 DEBUG [org.keycloak.events] (default task-9) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=GROUP, resourcePath=groups/d043d5af-6100-483a-9c41-b1a30d5149f7", "code": "CREATE-GROUP", "timezone": "America/Chicago", @@ -908,7 +890,7 @@ }, "@timestamp": "2021-10-22T22:16:12.150-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -927,7 +909,6 @@ "ip": "10.2.2.156" }, "event": { - "ingested": "2022-01-01T23:08:20.555188760Z", "original": "2021-10-22 22:16:12,150 DEBUG [org.keycloak.events] (default task-8) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=CLIENT_SCOPE, resourcePath=client-scopes/3b4139b4-66e1-4309-88c1-63ee5abc93a6", "code": "CREATE-CLIENT_SCOPE", "timezone": "America/Chicago", @@ -987,7 +968,7 @@ ], "@timestamp": "2021-10-22T22:45:12.592-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1001,7 +982,6 @@ ] }, "event": { - "ingested": "2022-01-01T23:08:20.555189623Z", "original": "2021-10-22 22:45:12,592 DEBUG [org.keycloak.events] (default task-8) type=LOGOUT, realmId=test, clientId=null, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, redirect_uri=https://www.example.com/auth/admin/test/console/#/realms/test/admin-events, authSessionParentId=bae6e56e-368f-4809-89f3-48cfb6279f5e, authSessionTabId=GbBi74IWYc4", "timezone": "America/Chicago", "kind": "event", @@ -1053,7 +1033,7 @@ ], "@timestamp": "2021-10-22T22:46:14.913-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1064,7 +1044,6 @@ ] }, "event": { - "ingested": "2022-01-01T23:08:20.555190467Z", "original": "2021-10-22 22:46:14,913 DEBUG [org.keycloak.events] (default task-1) operationType=DELETE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=GROUP, resourcePath=groups/d043d5af-6100-483a-9c41-b1a30d5149f7", "code": "DELETE-GROUP", "timezone": "America/Chicago", @@ -1121,7 +1100,7 @@ ], "@timestamp": "2021-10-22T23:05:03.371-05:00", "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "related": { "user": [ @@ -1132,7 +1111,6 @@ ] }, "event": { - "ingested": "2022-01-01T23:08:20.555191340Z", "original": "2021-10-22 23:05:03,371 DEBUG [org.keycloak.events] (default task-8) operationType=CREATE, realmId=test, clientId=7bcaf1cb-820a-40f1-91dd-75ced03ef03b, userId=ce637d23-b89c-4fca-9088-1aea1d053e19, ipAddress=10.2.2.156, resourceType=GROUP, resourcePath=groups/a57cd49f-fdfd-4d25-9fd2-2a46de44a9e6/children", "code": "CREATE-GROUP", "timezone": "America/Chicago", diff --git a/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml index e82afc40c77..b1005cbec64 100644 --- a/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -1,12 +1,9 @@ --- description: Pipeline for parsing keycloak logs processors: -- set: - field: event.ingested - value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.0.0' + value: '8.2.0' - rename: field: message target_field: event.original diff --git a/packages/keycloak/data_stream/log/sample_event.json b/packages/keycloak/data_stream/log/sample_event.json index f4e1e147ff6..c942b9ceb64 100644 --- a/packages/keycloak/data_stream/log/sample_event.json +++ b/packages/keycloak/data_stream/log/sample_event.json @@ -13,7 +13,7 @@ "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/keycloak/docs/README.md b/packages/keycloak/docs/README.md index b36a2f6bb7d..c5f471e0306 100644 --- a/packages/keycloak/docs/README.md +++ b/packages/keycloak/docs/README.md @@ -146,7 +146,7 @@ An example event for `log` looks as following: "type": "logs" }, "ecs": { - "version": "8.0.0" + "version": "8.2.0" }, "elastic_agent": { "id": "b1d83907-ff3e-464a-b79a-cf843f6f0bba", diff --git a/packages/keycloak/manifest.yml b/packages/keycloak/manifest.yml index 814e9aa39c5..484e84fa335 100644 --- a/packages/keycloak/manifest.yml +++ b/packages/keycloak/manifest.yml @@ -1,6 +1,6 @@ name: keycloak title: Keycloak -version: 1.2.1 +version: 1.3.0 release: ga description: Keycloak Integration type: integration