elastic · efd6 · Jun 28, 2022 · May 11, 2022 · May 11, 2022 · May 11, 2022
@@ -110,6 +110,24 @@ contains kerberos data.
 
 {{fields "kerberos"}}
 
+### known_certs
+
+The `known_certs` dataset captures information about SSL/TLS certificates seen on the local network. See the [documentation](https://docs.zeek.org/en/master/logs/known-and-software.html#known-certs-log) for more details.
+
+{{fields "known_certs"}}
+
+### known_hosts
+
+The `known_hosts` dataset simply records a timestamp and an IP address when Zeek observes a new system on the local network.. See the [documentation](https://docs.zeek.org/en/master/logs/known-and-software.html#known-hosts-log) for more details.
+
+{{fields "known_hosts"}}
+
+### known_services
+
+The `known_services` dataset records a timestamp, IP, port number, protocol, and service (if available) when Zeek observes a system offering a new service on the local network. See the [documentation](https://docs.zeek.org/en/master/logs/known-and-software.html#known-services-log) for more details.
+
+{{fields "known_services"}}
+
 ### modbus
 
 The `modbus` dataset collects the Zeek modbus.log file, which contains
@@ -236,6 +254,12 @@ SOCKS proxy requests.
 
 {{fields "socks"}}
 
+### software
+
+The `software` dataset collects details on applications operated by the hosts it sees on the local network. See the [documentation](https://docs.zeek.org/en/master/logs/known-and-software.html#software-log) for more details.
+
+{{fields "software"}}
+
 ### ssh
 
 The `ssh` dataset collects the Zeek ssh.log file, which contains SSH

@@ -2,4 +2,4 @@
 {"ts":1617062640.941952,"ts_delta":900.0005369186401,"peer":"zeek","gaps":58475,"acks":65665,"percent_lost":89.05048351481003}
 {"ts":1617063540.942231,"ts_delta":900.0002789497376,"peer":"zeek","gaps":54754,"acks":61818,"percent_lost":88.5729075673752}
 {"ts":1617064440.942597,"ts_delta":900.0003659725189,"peer":"zeek","gaps":51022,"acks":57974,"percent_lost":88.00841756649533}
-{"ts":1617065340.942651,"ts_delta":900.0000541210175,"peer":"zeek","gaps":55105,"acks":62497,"percent_lost":88.17223226714883}
+{"ts":1617065340.942651,"ts_delta":900.0000541210175,"peer":"zeek","gaps":55105,"acks":62497,"percent_lost":88.17223226714883}
@@ -1,2 +1,2 @@
 {"ts":1476605498.771847,"uids":["CmWOt6VWaNGqXYcH6","CLObLo4YHn0u23Tp8a"],"client_addr":"192.168.199.132","server_addr":"192.168.199.254","mac":"00:0c:29:03:df:ad","host_name":"DESKTOP-2AEFM7G","client_fqdn":"DESKTOP-2AEFM7G","domain":"localdomain","requested_addr":"192.168.199.132","assigned_addr":"192.168.199.132","lease_time":1800.0,"msg_types":["REQUEST","ACK"],"duration":0.000161}
-{"ts":1617088722.072416,"uids":["Ck0tsG4wsJxI3lIEZ"],"client_addr":"10.156.0.2","server_addr":"169.254.169.254","mac":"42:01:0a:9c:00:02","domain":"c.elastic-sa.internal","assigned_addr":"10.156.0.2","lease_time":86400.0,"msg_types":["ACK"],"duration":0.0}
+{"ts":1617088722.072416,"uids":["Ck0tsG4wsJxI3lIEZ"],"client_addr":"10.156.0.2","server_addr":"169.254.169.254","mac":"42:01:0a:9c:00:02","domain":"c.elastic-sa.internal","assigned_addr":"10.156.0.2","lease_time":86400.0,"msg_types":["ACK"],"duration":0.0}
@@ -5,4 +5,4 @@
 {"ts":1617069773.678327,"fuid":"FYszs61e8hIUWMWgL5","tx_hosts":["89.160.20.156"],"rx_hosts":["10.156.0.2"],"conn_uids":["CaB3fq3yLrKCbYLqr4"],"source":"SSL","depth":0,"analyzers":["X509","SHA256","SHA1","MD5"],"mime_type":"application/x-x509-user-cert","duration":0.0,"local_orig":false,"is_orig":false,"seen_bytes":893,"missing_bytes":0,"overflow_bytes":0,"timedout":false,"md5":"5abbc8a9137f6924861596848b7d7794","sha1":"99c1daf07c8d69a8a065492dcaae43c43ff13497","sha256":"1de4074b4e38377f4367303f4a19c986a506180f22a6e53a68cc7679ea6d9c74"}
 {"ts":1617069783.678588,"fuid":"FdGWZq2wRIvCfjvdI5","tx_hosts":["89.160.20.156"],"rx_hosts":["10.156.0.2"],"conn_uids":["C0vhl91PPOI7LbrPZ8"],"source":"SSL","depth":0,"analyzers":["X509","SHA256","SHA1","MD5"],"mime_type":"application/x-x509-user-cert","duration":0.0,"local_orig":false,"is_orig":false,"seen_bytes":893,"missing_bytes":0,"overflow_bytes":0,"timedout":false,"md5":"5abbc8a9137f6924861596848b7d7794","sha1":"99c1daf07c8d69a8a065492dcaae43c43ff13497","sha256":"1de4074b4e38377f4367303f4a19c986a506180f22a6e53a68cc7679ea6d9c74"}
 {"ts":1617069792.519193,"fuid":"FSMkdM3YUSoEVpLZN4","tx_hosts":["169.254.169.254"],"rx_hosts":["10.156.0.2"],"conn_uids":["CgbPEj2jf5Ca7Lw0x2"],"source":"HTTP","depth":0,"analyzers":["SHA1","MD5"],"mime_type":"text/html","duration":0.00005316734313964844,"local_orig":false,"is_orig":false,"seen_bytes":1609,"total_bytes":1609,"missing_bytes":0,"overflow_bytes":0,"timedout":false,"md5":"1ab1d3a926a99ccfc25acccc5b4289b4","sha1":"1895628784b47ad8da112c699a1b21f5b49c2b80"}
-{"ts":1617069793.669729,"fuid":"F1msmE2xRFsdvL2iI","tx_hosts":["89.160.20.156"],"rx_hosts":["10.156.0.2"],"conn_uids":["C0vua63rzjtLaiefyj"],"source":"SSL","depth":0,"analyzers":["X509","SHA256","SHA1","MD5"],"mime_type":"application/x-x509-user-cert","duration":0.0,"local_orig":false,"is_orig":false,"seen_bytes":893,"missing_bytes":0,"overflow_bytes":0,"timedout":false,"md5":"5abbc8a9137f6924861596848b7d7794","sha1":"99c1daf07c8d69a8a065492dcaae43c43ff13497","sha256":"1de4074b4e38377f4367303f4a19c986a506180f22a6e53a68cc7679ea6d9c74"}
+{"ts":1617069793.669729,"fuid":"F1msmE2xRFsdvL2iI","tx_hosts":["89.160.20.156"],"rx_hosts":["10.156.0.2"],"conn_uids":["C0vua63rzjtLaiefyj"],"source":"SSL","depth":0,"analyzers":["X509","SHA256","SHA1","MD5"],"mime_type":"application/x-x509-user-cert","duration":0.0,"local_orig":false,"is_orig":false,"seen_bytes":893,"missing_bytes":0,"overflow_bytes":0,"timedout":false,"md5":"5abbc8a9137f6924861596848b7d7794","sha1":"99c1daf07c8d69a8a065492dcaae43c43ff13497","sha256":"1de4074b4e38377f4367303f4a19c986a506180f22a6e53a68cc7679ea6d9c74"}
@@ -0,0 +1 @@
+{"ts":"2020-12-31T15:15:53.690221Z","host":"192.168.4.1","port_num":443,"subject":"L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US","issuer_subject":"L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US","serial":"98D0AD47D748CDD6"}
@@ -0,0 +1,5 @@
+{"ts":"2021-01-03T01:19:26.260073Z","host":"192.168.4.25"}
+{"ts":"2021-01-03T01:19:27.353353Z","host":"192.168.4.29"}
+{"ts":"2021-01-03T01:19:32.488179Z","host":"192.168.4.43"}
+{"ts":"2021-01-03T01:19:58.792683Z","host":"192.168.4.142"}
+{"ts":"2021-01-03T12:17:22.496004Z","host":"192.168.4.115"}
@@ -0,0 +1 @@
+{"ts":"2021-01-03T01:19:36.242774Z","host":"192.168.4.1","port_num":53,"port_proto":"udp","service":["DNS"]}
@@ -1,4 +1,4 @@
 {"ts":1320435875.879278,"note":"SSH::Password_Guessing","msg":"172.16.238.1 appears to be guessing SSH passwords (seen in 30 connections).","sub":"Sampled servers:  172.16.238.136, 172.16.238.136, 172.16.238.136, 172.16.238.136, 172.16.238.136","src":"172.16.238.1","peer_descr":"bro","actions":["Notice::ACTION_LOG"],"suppress_for":3600.0,"dropped":false}
 {"ts":1551393388.426472,"note":"Scan::Port_Scan","msg":"89.160.20.156 scanned at least 15 unique ports of host 89.160.20.156 in 0m0s","sub":"remote","src":"89.160.20.156","dst":"89.160.20.156","peer_descr":"bro","actions":["Notice::ACTION_LOG"],"suppress_for":3600.0,"dropped":false}
 {"ts":1617097740.958466,"note":"CaptureLoss::Too_Much_Loss","msg":"The capture loss script detected an estimated loss rate above 88.306%","actions":["Notice::ACTION_LOG"],"suppress_for":3600.0}
-{"ts":1617097929.601155,"uid":"CmvrSS1wIiuOGYCbfi","id.orig_h":"10.156.0.2","id.orig_p":48818,"id.resp_h":"89.160.20.156","id.resp_p":443,"fuid":"F39b0Bdfm3FW1rNS5","proto":"tcp","note":"SSL::Invalid_Server_Cert","msg":"SSL certificate validation failed with (self signed certificate)","sub":"CN=*.badssl.com,O=BadSSL,L=San Francisco,ST=California,C=US","src":"10.156.0.2","dst":"89.160.20.156","p":443,"actions":["Notice::ACTION_LOG"],"suppress_for":3600.0}
+{"ts":1617097929.601155,"uid":"CmvrSS1wIiuOGYCbfi","id.orig_h":"10.156.0.2","id.orig_p":48818,"id.resp_h":"89.160.20.156","id.resp_p":443,"fuid":"F39b0Bdfm3FW1rNS5","proto":"tcp","note":"SSL::Invalid_Server_Cert","msg":"SSL certificate validation failed with (self signed certificate)","sub":"CN=*.badssl.com,O=BadSSL,L=San Francisco,ST=California,C=US","src":"10.156.0.2","dst":"89.160.20.156","p":443,"actions":["Notice::ACTION_LOG"],"suppress_for":3600.0}
@@ -2,4 +2,4 @@
 {"ts":1105725482.965944,"uid":"ComJz236lSOcuOmix3","id.orig_h":"89.160.20.156","id.orig_p":5061,"id.resp_h":"89.160.20.156","id.resp_p":5060,"trans_depth":0,"method":"INVITE","uri":"sip:francisco@bestel.com:55060","request_from":"<sip:89.160.20.156:55061;user=phone>","request_to":"\u0022francisco@bestel.com\u0022 <sip:francisco@bestel.com:55060>","response_from":"<sip:89.160.20.156:55061;user=phone>","response_to":"\u0022francisco@bestel.com\u0022 <sip:francisco@bestel.com:55060>;tag=298852044","call_id":"12013223@89.160.20.156","seq":"1 INVITE","request_path":["SIP/2.0/UDP 89.160.20.156","SIP/2.0/UDP 89.160.20.156:55061"],"response_path":["SIP/2.0/UDP 89.160.20.156","SIP/2.0/UDP 89.160.20.156:55061","SIP/2.0/UDP 89.160.20.156","SIP/2.0/UDP 89.160.20.156:55061"],"status_code":180,"status_msg":"Ringing","request_body_len":229,"response_body_len":0}
 {"ts":1105725487.022577,"uid":"CJZDWgixtwqXctWEg","id.orig_h":"89.160.20.156","id.orig_p":5061,"id.resp_h":"89.160.20.156","id.resp_p":5060,"trans_depth":0,"method":"REGISTER","uri":"sip:Verso.com","request_from":"Ivan <sip:Ivan@Verso.com>","request_to":"Ivan <sip:Ivan@Verso.com>","response_from":"\u0022Ivan\u0022 <sip:Ivan@Verso.com>","response_to":"\u0022Ivan\u0022 <sip:Ivan@Verso.com>","call_id":"46E1C3CB36304F84A020CF6DD3F96461@Verso.com","seq":"37764 REGISTER","request_path":["SIP/2.0/UDP 89.160.20.156:5061;rport"],"response_path":["SIP/2.0/UDP 89.160.20.156:5061;received=89.160.20.156;rport=5061"],"user_agent":"Verso Softphone release 1104w","status_code":200,"status_msg":"OK","request_body_len":0,"response_body_len":0}
 {"ts":1617119416.928735,"uid":"CR6XQH1Lf2mF9YG7H2","id.orig_h":"89.160.20.156","id.orig_p":5083,"id.resp_h":"10.156.0.2","id.resp_p":5060,"trans_depth":0,"method":"OPTIONS","uri":"sip:100@89.160.20.156","request_from":"\"sipvicious\"<sip:90501@1.1.1.1>","request_to":"\"sipvicious\"<sip:90501@1.1.1.1>","call_id":"767538559354206383610151","seq":"1 OPTIONS","request_path":["SIP/2.0/UDP 89.160.20.156:5083"],"response_path":[],"user_agent":"friendly-scanner","request_body_len":0}
-{"ts":1617119923.416653,"uid":"Cf9QMt4ear7ZkX74ti","id.orig_h":"89.160.20.156","id.orig_p":5170,"id.resp_h":"10.156.0.2","id.resp_p":5060,"trans_depth":0,"method":"OPTIONS","uri":"sip:100@89.160.20.156","request_from":"\"sipvicious\"<sip:100@1.1.1.1>","request_to":"\"sipvicious\"<sip:100@1.1.1.1>","call_id":"35848812076538877174452","seq":"1 OPTIONS","request_path":["SIP/2.0/UDP 127.0.0.1:5170"],"response_path":[],"user_agent":"friendly-scanner","request_body_len":0}
+{"ts":1617119923.416653,"uid":"Cf9QMt4ear7ZkX74ti","id.orig_h":"89.160.20.156","id.orig_p":5170,"id.resp_h":"10.156.0.2","id.resp_p":5060,"trans_depth":0,"method":"OPTIONS","uri":"sip:100@89.160.20.156","request_from":"\"sipvicious\"<sip:100@1.1.1.1>","request_to":"\"sipvicious\"<sip:100@1.1.1.1>","call_id":"35848812076538877174452","seq":"1 OPTIONS","request_path":["SIP/2.0/UDP 127.0.0.1:5170"],"response_path":[],"user_agent":"friendly-scanner","request_body_len":0}
@@ -1,2 +1,2 @@
 {"ts":1543877948.916584,"uid":"CnKW1B4w9fpRa6Nkf2","id.orig_h":"192.168.1.2","id.orig_p":59696,"id.resp_h":"192.168.1.1","id.resp_p":161,"duration":7.849924,"version":"2c","community":"public","get_requests":0,"get_bulk_requests":0,"get_responses":8,"set_requests":0,"up_since":1543631204.766508}
-{"ts":1617080496.400704,"uid":"CxtWIB4ECPW89F8mSi","id.orig_h":"89.160.20.156","id.orig_p":37533,"id.resp_h":"10.156.0.2","id.resp_p":161,"duration":0.0,"version":"2c","community":"public","get_requests":4,"get_bulk_requests":0,"get_responses":0,"set_requests":0}
+{"ts":1617080496.400704,"uid":"CxtWIB4ECPW89F8mSi","id.orig_h":"89.160.20.156","id.orig_p":37533,"id.resp_h":"10.156.0.2","id.resp_p":161,"duration":0.0,"version":"2c","community":"public","get_requests":4,"get_bulk_requests":0,"get_responses":0,"set_requests":0}
@@ -0,0 +1 @@
+{"ts":"2021-01-03T00:16:22.694616Z","host":"192.168.4.25","software_type":"HTTP::BROWSER","name":"Windows-Update-Agent","version.major":10,"version.minor":0,"version.minor2":10011,"version.minor3":16384,"version.addl":"Client","unparsed_version":"Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.0"}
@@ -1,4 +1,4 @@
 {"ts":1562527532.904291,"uid":"CajWfz1b3qnnWT0BU9","id.orig_h":"192.168.1.2","id.orig_p":48380,"id.resp_h":"192.168.1.1","id.resp_p":22,"version":2,"auth_success":false,"auth_attempts":2,"client":"SSH-2.0-OpenSSH_7.9p1 Ubuntu-10","server":"SSH-2.0-OpenSSH_6.6.1p1 Debian-4~bpo70+1","cipher_alg":"chacha20-poly1305@openssh.com","mac_alg":"umac-64-etm@openssh.com","compression_alg":"none","kex_alg":"curve25519-sha256@libssh.org","host_key_alg":"ecdsa-sha2-nistp256","host_key":"86:71:ac:9c:35:1c:28:29:05:81:48:ec:66:67:de:bd"}
 {"ts":1617123417.413634,"uid":"COXxsJ3dlSh6ECRYQj","id.orig_h":"89.160.20.156","id.orig_p":38204,"id.resp_h":"10.156.0.2","id.resp_p":22,"auth_attempts":0,"direction":"INBOUND","client":"SSH-2.0-libssh-0.6.3"}
 {"ts":1617123445.61524,"uid":"CZPdXz1jfKSWzIDAeb","id.orig_h":"89.160.20.156","id.orig_p":44164,"id.resp_h":"10.156.0.2","id.resp_p":22,"auth_attempts":0,"direction":"INBOUND","client":"SSH-2.0-libssh-0.6.3"}
-{"ts":1617123450.957272,"uid":"Cha1rs3OamonAZ4Nz6","id.orig_h":"89.160.20.156","id.orig_p":33953,"id.resp_h":"10.156.0.2","id.resp_p":22,"auth_attempts":0,"direction":"INBOUND","client":"SSH-2.0-ZGrab ZGrab SSH Survey"}
+{"ts":1617123450.957272,"uid":"Cha1rs3OamonAZ4Nz6","id.orig_h":"89.160.20.156","id.orig_p":33953,"id.resp_h":"10.156.0.2","id.resp_p":22,"auth_attempts":0,"direction":"INBOUND","client":"SSH-2.0-ZGrab ZGrab SSH Survey"}
@@ -6,4 +6,4 @@
 {"ts":1617091253.726384,"uid":"C4jH9IqWGZwc1PPUh","id.orig_h":"89.160.20.156","id.orig_p":53368,"id.resp_h":"10.156.0.2","id.resp_p":443,"server_name":"tickets.swiftcrypto.com","resumed":false,"established":false}
 {"ts":1617091253.91861,"uid":"CXVMSq6Dainy4WFN9","id.orig_h":"89.160.20.156","id.orig_p":53382,"id.resp_h":"10.156.0.2","id.resp_p":443,"server_name":"rundeck.swiftcrypto.com","resumed":false,"established":false}
 {"ts":1617091254.325291,"uid":"CsgtQe4AikDZBsIM6k","id.orig_h":"10.156.0.2","id.orig_p":55120,"id.resp_h":"89.160.20.156","id.resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","curve":"secp256r1","resumed":false,"established":false,"cert_chain_fuids":["FeyRIk4nUtwwcUcnRf"],"client_cert_chain_fuids":[],"validation_status":"self signed certificate"}
-{"ts":1617091255.065602,"uid":"CPGhJS3UPpcnR96NQc","id.orig_h":"89.160.20.156","id.orig_p":53095,"id.resp_h":"10.156.0.2","id.resp_p":443,"server_name":"splunk-api.swiftcrypto.com","resumed":false,"established":false}
+{"ts":1617091255.065602,"uid":"CPGhJS3UPpcnR96NQc","id.orig_h":"89.160.20.156","id.orig_p":53095,"id.resp_h":"10.156.0.2","id.resp_p":443,"server_name":"splunk-api.swiftcrypto.com","resumed":false,"established":false}
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.2.0"
+  changes:
+    - description: Add new data sets for known_hosts, known_certs, known_services, & software logs files.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3340
 - version: "2.1.0"
   changes:
     - description: Add JA3/JA3S parsing & fix certificate data parsing; hash, not valid before/after timestamps

@@ -18,6 +18,7 @@ streams:
         required: true
         show_user: false
         default:
+          - forwarded
           - zeek-capture-loss
       - name: preserve_original_event
         required: true

@@ -21,6 +21,7 @@ streams:
         required: true
         show_user: false
         default:
+          - forwarded
           - zeek-connection
       - name: preserve_original_event
         required: true

@@ -18,6 +18,7 @@ streams:
         required: true
         show_user: false
         default:
+          - forwarded
           - zeek-dce-rpc
       - name: preserve_original_event
         required: true

@@ -18,6 +18,7 @@ streams:
         required: true
         show_user: false
         default:
+          - forwarded
           - zeek-dhcp
     template_path: log.yml.hbs
     title: Zeek dhcp.log

@@ -18,6 +18,7 @@ streams:
         required: true
         show_user: false
         default:
+          - forwarded
           - zeek-dns
       - name: preserve_original_event
         required: true

@@ -18,6 +18,7 @@ streams:
         required: true
         show_user: false
         default:
+          - forwarded
           - zeek-ftp
       - name: preserve_original_event
         required: true

@@ -18,6 +18,7 @@ streams:
         required: true
         show_user: false
         default:
+          - forwarded
           - zeek-http
       - name: preserve_original_event
         required: true

@@ -18,6 +18,7 @@ streams:
         required: true
         show_user: false
         default:
+          - forwarded
           - zeek-intel
       - name: preserve_original_event
         required: true

@@ -18,6 +18,7 @@ streams:
         required: true
         show_user: false
         default:
+          - forwarded
           - zeek-irc
       - name: preserve_original_event
         required: true

@@ -18,6 +18,7 @@ streams:
         required: true
         show_user: false
         default:
+          - forwarded
           - zeek-kerberos
       - name: preserve_original_event
         required: true

@@ -0,0 +1,4 @@
+fields:
+  "@timestamp": "2020-04-28T11:07:58.223Z"
+  tags:
+    - preserve_original_event
@@ -0,0 +1 @@
+{"ts":"2020-12-31T15:15:53.690221Z","host":"192.168.4.1","port_num":443,"subject":"L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US","issuer_subject":"L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US","serial":"98D0AD47D748CDD6"}
@@ -0,0 +1,57 @@
+{
+    "expected": [
+        {
+            "@timestamp": "2020-12-31T15:15:53.690Z",
+            "ecs": {
+                "version": "8.2.0"
+            },
+            "event": {
+                "category": [
+                    "network",
+                    "file"
+                ],
+                "created": "2020-04-28T11:07:58.223Z",
+                "kind": "event",
+                "original": "{\"ts\":\"2020-12-31T15:15:53.690221Z\",\"host\":\"192.168.4.1\",\"port_num\":443,\"subject\":\"L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US\",\"issuer_subject\":\"L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US\",\"serial\":\"98D0AD47D748CDD6\"}",
+                "type": [
+                    "info"
+                ]
+            },
+            "host": {
+                "ip": "192.168.4.1"
+            },
+            "network": {
+                "type": "ipv4"
+            },
+            "related": {
+                "ip": [
+                    "192.168.4.1"
+                ]
+            },
+            "server": {
+                "ip": "192.168.4.1",
+                "port": 443
+            },
+            "tags": [
+                "preserve_original_event"
+            ],
+            "tls": {
+                "server": {
+                    "issuer": "L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US",
+                    "subject": "L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US",
+                    "x509": {
+                        "issuer": {
+                            "common_name": "UBNT Router UI",
+                            "distinguished_name": "L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US"
+                        },
+                        "serial_number": "98D0AD47D748CDD6",
+                        "subject": {
+                            "common_name": "UBNT Router UI",
+                            "distinguished_name": "L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US"
+                        }
+                    }
+                }
+            }
+        }
+    ]
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"ts":"2020-12-31T15:15:53.690221Z","host":"192.168.4.1","port_num":443,"subject":"L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US","issuer_subject":"L=San Jose,ST=CA,O=Ubiquiti Networks,CN=UBNT Router UI,C=US","serial":"98D0AD47D748CDD6"}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"ts":"2021-01-03T01:19:36.242774Z","host":"192.168.4.1","port_num":53,"port_proto":"udp","service":["DNS"]}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		{"ts":"2021-01-03T00:16:22.694616Z","host":"192.168.4.25","software_type":"HTTP::BROWSER","name":"Windows-Update-Agent","version.major":10,"version.minor":0,"version.minor2":10011,"version.minor3":16384,"version.addl":"Client","unparsed_version":"Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.0"}