diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 97904b9..f4ef12f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,54 @@ name: CI +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + test: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: [3.11, 3.12] + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Cache pip + uses: actions/cache@v4 + with: + path: ~/.cache/pip + key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }} + restore-keys: | + ${{ runner.os }}-pip- + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -e .[test] + pip install ruff mypy + + - name: Run linter (ruff) + run: | + ruff check . + + - name: Run mypy + run: | + mypy azazel_pi --ignore-missing-imports + + - name: Run tests + run: | + pytest -q +name: CI + on: push: branches: [ main, feature/** ] diff --git a/README.md b/README.md index 7f0f3f3..8ef689a 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ English | [日本語](README_ja.md) -![Azazel-Pi_image](images/azazel-pi-prototype.jpg) +![Azazel-Pi_image](images/azazel-pi-prototype.jpg) ![version](https://img.shields.io/github/v/tag/01rabbit/Azazel-Pi?label=Version) ![License](https://img.shields.io/github/license/01rabbit/Azazel-Pi) ![release-date](https://img.shields.io/github/release-date/01rabbit/Azazel-Pi) diff --git a/README_ja.md b/README_ja.md index 5032734..0607d03 100644 --- a/README_ja.md +++ b/README_ja.md @@ -2,7 +2,7 @@ [English](README.md) | 日本語 -![Azazel-Pi_image](images/azazel-pi-prototype.jpg) +![Azazel-Pi_image](images/azazel-pi-prototype.jpg) ![version](https://img.shields.io/github/v/tag/01rabbit/Azazel-Pi?label=Version) ![License](https://img.shields.io/github/license/01rabbit/Azazel-Pi) ![release-date](https://img.shields.io/github/release-date/01rabbit/Azazel-Pi) diff --git a/azazel_pi/core/display/status_collector.py b/azazel_pi/core/display/status_collector.py index 9693bfa..26743e5 100644 --- a/azazel_pi/core/display/status_collector.py +++ b/azazel_pi/core/display/status_collector.py @@ -493,12 +493,28 @@ def _count_alerts(self, recent_window_seconds: int = 300) -> tuple[int, int]: def _is_service_active(self, service_name: str) -> bool: """Check if a systemd service is active.""" + if service_name == "opencanary": + return self._is_container_running("azazel_opencanary") try: result = run_cmd(["systemctl", "is-active", f"{service_name}.service"], capture_output=True, text=True, timeout=2, check=False) return (result.stdout or "").strip() == "active" except Exception: return False + def _is_container_running(self, container_name: str) -> bool: + """Check if a Docker container is running.""" + try: + result = run_cmd( + ["docker", "inspect", "-f", "{{.State.Running}}", container_name], + capture_output=True, + text=True, + timeout=2, + check=False, + ) + return result.returncode == 0 and (result.stdout or "").strip().lower() == "true" + except Exception: + return False + def _get_uptime(self) -> int: """Get system uptime in seconds.""" try: diff --git a/azctl/menu/core.py b/azctl/menu/core.py index db94685..70b116b 100644 --- a/azctl/menu/core.py +++ b/azctl/menu/core.py @@ -449,9 +449,9 @@ def _get_current_status(self) -> Dict[str, Any]: mode_display = mode.upper() if mode else "UNKNOWN" # Count active services (simplified) - services = ["suricata", "opencanary", "vector", "azctl"] + systemd_services = ["suricata", "vector", "azctl"] services_active = 0 - for service in services: + for service in systemd_services: try: result = run_cmd( ["systemctl", "is-active", service], @@ -462,11 +462,15 @@ def _get_current_status(self) -> Dict[str, Any]: except Exception: pass + services_total = len(systemd_services) + 1 # include OpenCanary container + if self._is_container_running("azazel_opencanary"): + services_active += 1 + return { "mode": mode, "mode_display": mode_display if 'mode_display' in locals() else (mode.upper() if mode else "UNKNOWN"), "services_active": services_active, - "services_total": len(services), + "services_total": services_total, } def _get_enhanced_status(self) -> Dict[str, Any]: @@ -487,4 +491,18 @@ def _get_enhanced_status(self) -> Dict[str, Any]: "profile": profile, "wlan0_info": wlan0_info, "wlan1_info": wlan1_info, - } \ No newline at end of file + } + + def _is_container_running(self, container_name: str) -> bool: + """Check whether a Docker container is running.""" + try: + result = run_cmd( + ["docker", "inspect", "-f", "{{.State.Running}}", container_name], + capture_output=True, + text=True, + timeout=5, + check=False, + ) + return result.returncode == 0 and (result.stdout or "").strip().lower() == "true" + except Exception: + return False diff --git a/azctl/menu/defense.py b/azctl/menu/defense.py index 24da5d2..9163b83 100644 --- a/azctl/menu/defense.py +++ b/azctl/menu/defense.py @@ -214,12 +214,11 @@ def _view_status(self) -> None: # Add services status if available try: - import subprocess suricata_status = run_cmd(['systemctl', 'is-active', 'suricata'], capture_output=True, text=True).stdout.strip() - canary_status = run_cmd(['systemctl', 'is-active', 'opencanary'], capture_output=True, text=True).stdout.strip() + canary_running = self._is_container_running("azazel_opencanary") - services_info = f"Suricata: {'✅' if suricata_status == 'active' else '❌'} | Canary: {'✅' if canary_status == 'active' else '❌'}" - except: + services_info = f"Suricata: {'✅' if suricata_status == 'active' else '❌'} | Canary: {'✅' if canary_running else '❌'}" + except Exception: services_info = "Status unknown" info_table.add_row( @@ -552,6 +551,20 @@ def _get_memory_usage(self) -> str: except Exception: return "N/A" + def _is_container_running(self, container_name: str) -> bool: + """Check whether a Docker container is running.""" + try: + result = run_cmd( + ["docker", "inspect", "-f", "{{.State.Running}}", container_name], + capture_output=True, + text=True, + timeout=5, + check=False, + ) + return result.returncode == 0 and (result.stdout or "").strip().lower() == "true" + except Exception: + return False + def _pause(self) -> None: """Pause for user input.""" - Prompt.ask("\n[dim]Press Enter to continue[/dim]", default="", show_default=False) \ No newline at end of file + Prompt.ask("\n[dim]Press Enter to continue[/dim]", default="", show_default=False) diff --git a/azctl/menu/emergency.py b/azctl/menu/emergency.py index d3eff3f..a7ea492 100644 --- a/azctl/menu/emergency.py +++ b/azctl/menu/emergency.py @@ -121,13 +121,18 @@ def _emergency_lockdown(self) -> None: # Step 4: Stop services self.console.print("[blue]4. Stopping non-essential services...[/blue]") - services_to_stop = ["vector", "opencanary"] + services_to_stop = ["vector"] for service in services_to_stop: try: run_cmd(["sudo", "systemctl", "stop", f"{service}.service"], timeout=15) self.console.print(f"[green]✓ {service} stopped[/green]") except Exception: self.console.print(f"[yellow]! {service} stop failed[/yellow]") + try: + run_cmd(["sudo", "docker", "stop", "azazel_opencanary"], timeout=30) + self.console.print("[green]✓ azazel_opencanary stopped[/green]") + except Exception: + self.console.print("[yellow]! azazel_opencanary stop failed[/yellow]") self.console.print("\n[bold red]EMERGENCY LOCKDOWN COMPLETED[/bold red]") self.console.print("[yellow]System is now in maximum security lockdown mode.[/yellow]") @@ -163,10 +168,10 @@ def _reset_network(self) -> None: run_cmd(["sudo", "systemctl", "stop", "wpa_supplicant"], timeout=10) # Backup and reset wpa_supplicant.conf - run_cmd([ - "sudo", "cp", "/etc/wpa_supplicant/wpa_supplicant.conf", - f"/etc/wpa_supplicant/wpa_supplicant.conf.backup.{datetime.now().strftime('%Y%m%d_%H%M%S')}" - ], timeout=5) + run_cmd([ + "sudo", "cp", "/etc/wpa_supplicant/wpa_supplicant.conf", + f"/etc/wpa_supplicant/wpa_supplicant.conf.backup.{datetime.now().strftime('%Y%m%d_%H%M%S')}" + ], timeout=5) # Create minimal wpa_supplicant.conf minimal_config = """ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev @@ -190,10 +195,10 @@ def _reset_network(self) -> None: # Reset network interfaces self.console.print("[blue]2. Resetting network interfaces...[/blue]") try: - run_cmd(["sudo", "ip", "link", "set", self.wan_if, "down"], timeout=5) - run_cmd(["sudo", "ip", "link", "set", self.wan_if, "up"], timeout=5) - run_cmd(["sudo", "ip", "link", "set", self.lan_if, "down"], timeout=5) - run_cmd(["sudo", "ip", "link", "set", self.lan_if, "up"], timeout=5) + run_cmd(["sudo", "ip", "link", "set", self.wan_if, "down"], timeout=5) + run_cmd(["sudo", "ip", "link", "set", self.wan_if, "up"], timeout=5) + run_cmd(["sudo", "ip", "link", "set", self.lan_if, "down"], timeout=5) + run_cmd(["sudo", "ip", "link", "set", self.lan_if, "up"], timeout=5) self.console.print("[green]✓ Network interfaces reset[/green]") except Exception as e: self.console.print(f"[red]✗ Interface reset failed: {e}[/red]") @@ -201,12 +206,12 @@ def _reset_network(self) -> None: # Restart network services self.console.print("[blue]3. Restarting network services...[/blue]") services = ["dhcpcd", "hostapd"] - for service in services: - try: - run_cmd(["sudo", "systemctl", "restart", service], timeout=15) - self.console.print(f"[green]✓ {service} restarted[/green]") - except Exception: - self.console.print(f"[yellow]! {service} restart failed[/yellow]") + for service in services: + try: + run_cmd(["sudo", "systemctl", "restart", service], timeout=15) + self.console.print(f"[green]✓ {service} restarted[/green]") + except Exception: + self.console.print(f"[yellow]! {service} restart failed[/yellow]") self.console.print("\n[bold green]Network configuration reset completed[/bold green]") @@ -292,7 +297,7 @@ def _system_report(self) -> None: # Service status report.write("SERVICE STATUS\n") report.write("-" * 15 + "\n") - services = ["azctl", "azctl-serve", "suricata", "opencanary", "vector"] + services = ["azctl", "azctl-serve", "suricata", "vector"] for service in services: try: result = run_cmd( @@ -303,6 +308,7 @@ def _system_report(self) -> None: report.write(f"{service}: {status}\n") except Exception: report.write(f"{service}: UNKNOWN\n") + report.write(f"azazel_opencanary (Docker): {'ACTIVE' if self._is_container_running('azazel_opencanary') else 'INACTIVE'}\n") report.write("\n") @@ -402,4 +408,18 @@ def _factory_reset(self) -> None: def _pause(self) -> None: """Pause for user input.""" - Prompt.ask("\n[dim]Press Enter to continue[/dim]", default="", show_default=False) \ No newline at end of file + Prompt.ask("\n[dim]Press Enter to continue[/dim]", default="", show_default=False) + + def _is_container_running(self, container_name: str) -> bool: + """Check whether a Docker container is running.""" + try: + result = run_cmd( + ["docker", "inspect", "-f", "{{.State.Running}}", container_name], + capture_output=True, + text=True, + timeout=5, + check=False, + ) + return result.returncode == 0 and (result.stdout or "").strip().lower() == "true" + except Exception: + return False diff --git a/azctl/menu/services.py b/azctl/menu/services.py index 221d190..024ef01 100644 --- a/azctl/menu/services.py +++ b/azctl/menu/services.py @@ -6,9 +6,8 @@ for the Azazel TUI menu system. """ -import subprocess from azazel_pi.utils.cmd_runner import run as run_cmd -from typing import List, Tuple +from typing import Tuple from rich.console import Console from rich.table import Table @@ -32,7 +31,7 @@ def get_category(self) -> MenuCategory: actions=[ MenuAction("Service Status Overview", "View all Azazel services status", self._service_status), MenuAction("Start/Stop Suricata 🔒", "Control Suricata IDS service", lambda: self._manage_service("suricata.service", "Suricata IDS"), requires_root=True), - MenuAction("Start/Stop OpenCanary 🔒", "Control OpenCanary honeypot service", lambda: self._manage_service("opencanary.service", "OpenCanary Honeypot"), requires_root=True), + MenuAction("Start/Stop OpenCanary 🔒", "Control OpenCanary honeypot container", self._manage_opencanary_container, requires_root=True), MenuAction("Start/Stop Vector 🔒", "Control Vector log processing service", lambda: self._manage_service("vector.service", "Vector Log Processor"), requires_root=True), MenuAction("Restart All Services 🔒 ⚠️", "Restart all Azazel services", self._restart_all_services, requires_root=True, dangerous=True), ] @@ -46,11 +45,11 @@ def _service_status(self) -> None: # Define Azazel services to monitor azazel_services = [ - ("azctl-unified.service", "Azazel Unified Control Daemon"), - ("suricata.service", "Suricata IDS/IPS"), - ("opencanary.service", "OpenCanary Honeypot"), - ("vector.service", "Vector Log Processor"), - ("azazel-epd.service", "E-Paper Display"), + ("azctl-unified.service", "Azazel Unified Control Daemon", "systemd"), + ("suricata.service", "Suricata IDS/IPS", "systemd"), + ("azazel_opencanary", "OpenCanary Honeypot (Docker)", "container"), + ("vector.service", "Vector Log Processor", "systemd"), + ("azazel-epd.service", "E-Paper Display", "systemd"), ] # Create services table @@ -61,8 +60,11 @@ def _service_status(self) -> None: table.add_column("Active Since", style="cyan", width=15) table.add_column("Actions", style="yellow", width=15) - for service_name, description in azazel_services: - status, since, actions = self._get_service_info(service_name) + for service_name, description, svc_type in azazel_services: + if svc_type == "container": + status, since, actions = self._get_container_info(service_name) + else: + status, since, actions = self._get_service_info(service_name) table.add_row(service_name, description, status, since, actions) self.console.print(table) @@ -117,6 +119,47 @@ def _get_service_info(self, service_name: str) -> Tuple[str, str, str]: actions = "check" return status, since, actions + + def _get_container_info(self, container_name: str) -> Tuple[str, str, str]: + """Get Docker container status information.""" + try: + result = run_cmd( + [ + "docker", + "ps", + "-a", + "--filter", + f"name=^{container_name}$", + "--format", + "{{.Status}}|{{.RunningFor}}", + ], + capture_output=True, + text=True, + timeout=5, + check=False, + ) + + data = (result.stdout or "").strip() + if not data: + return "🔴 STOPPED", "─", "start" + + parts = data.split("|", 1) + status_str = parts[0] + running_for = parts[1] if len(parts) > 1 else "" + + if status_str.startswith("Up"): + status = "🟢 ACTIVE" + actions = "stop | restart" + since = running_for or "active" + else: + status = "🔴 STOPPED" + actions = "start" + since = "─" + + return status, since, actions + + except Exception: + return "❓ UNKNOWN", "─", "check" def _manage_service(self, service_name: str, display_name: str) -> None: """Generic service management interface.""" @@ -180,6 +223,63 @@ def _manage_service(self, service_name: str, display_name: str) -> None: except Exception as e: self.console.print(f"[red]Error checking service status: {e}[/red]") self._pause() + + def _manage_opencanary_container(self) -> None: + """Management interface for the OpenCanary Docker container.""" + container_name = "azazel_opencanary" + display_name = "OpenCanary Honeypot (Docker)" + + self.console.clear() + title = Text(f"{display_name} Management", style="bold") + self.console.print(title) + self.console.print(Text("─" * len(f"{display_name} Management"), style="dim")) + + try: + is_running = self._is_container_running(container_name) + + if is_running: + self.console.print(f"[green]✓ {display_name} is currently ACTIVE[/green]") + self.console.print() + self.console.print("[cyan]1.[/cyan] Stop Container") + self.console.print("[cyan]2.[/cyan] Restart Container") + self.console.print("[cyan]3.[/cyan] View Recent Logs") + self.console.print("[cyan]4.[/cyan] View Container Details") + else: + self.console.print(f"[red]✗ {display_name} is currently STOPPED[/red]") + self.console.print() + self.console.print("[cyan]1.[/cyan] Start Container") + self.console.print("[cyan]2.[/cyan] View Recent Logs") + self.console.print("[cyan]3.[/cyan] View Container Details") + + self.console.print() + self.console.print("[cyan]b.[/cyan] Back to Service Management") + self.console.print() + + choice = Prompt.ask("Select action", default="b") + + if choice == "b": + return + elif choice == "1": + if is_running: + self._control_container(container_name, "stop", display_name) + else: + self._control_container(container_name, "start", display_name) + elif choice == "2": + if is_running: + self._control_container(container_name, "restart", display_name) + else: + self._show_container_logs(container_name, display_name) + elif choice == "3": + if is_running: + self._show_container_logs(container_name, display_name) + else: + self._show_container_details(container_name, display_name) + elif choice == "4" and is_running: + self._show_container_details(container_name, display_name) + + except Exception as e: + self.console.print(f"[red]Error managing container: {e}[/red]") + self._pause() def _control_service(self, service_name: str, action: str, display_name: str) -> None: """Control service (start/stop/restart).""" @@ -273,6 +373,106 @@ def _show_service_details(self, service_name: str, display_name: str) -> None: self.console.print(f"[red]Error getting service details: {e}[/red]") self._pause() + + def _control_container(self, container_name: str, action: str, display_name: str) -> None: + """Control a Docker container.""" + if action in ["stop", "restart"] and not Confirm.ask(f"{action.title()} {display_name}?", default=False): + return + + self.console.print(f"[blue]{action.title()}ing {display_name}...[/blue]") + + try: + result = run_cmd( + ["sudo", "docker", action, container_name], + capture_output=True, + text=True, + timeout=30, + ) + + if result.returncode == 0: + self.console.print(f"[green]✓ {display_name} {action}ed successfully[/green]") + else: + err = result.stderr.strip() or "Unknown error" + self.console.print(f"[red]✗ Failed to {action} {display_name}: {err}[/red]") + + except Exception as e: + self.console.print(f"[red]Error {action}ing container: {e}[/red]") + + self._pause() + + def _show_container_logs(self, container_name: str, display_name: str) -> None: + """Show recent Docker container logs.""" + title = Text(f"{display_name} Recent Logs", style="bold") + self.console.print(title) + self.console.print(Text("─" * len(f"{display_name} Recent Logs"), style="dim")) + + try: + result = run_cmd( + ["docker", "logs", "--tail", "50", container_name], + capture_output=True, + text=True, + timeout=15, + check=False, + ) + + if result.returncode == 0: + logs = result.stdout.strip() or "(no logs)" + self.console.print(logs) + else: + self.console.print(f"[red]Failed to retrieve logs: {result.stderr.strip()}[/red]") + + except Exception as e: + self.console.print(f"[red]Error retrieving logs: {e}[/red]") + + self._pause() + + def _show_container_details(self, container_name: str, display_name: str) -> None: + """Show Docker container status details.""" + title = Text(f"{display_name} Details", style="bold") + self.console.print(title) + self.console.print(Text("─" * len(f"{display_name} Details"), style="dim")) + + try: + result = run_cmd( + [ + "docker", + "ps", + "-a", + "--filter", + f"name=^{container_name}$", + "--format", + "table {{.Names}}\t{{.Status}}\t{{.RunningFor}}\t{{.Image}}", + ], + capture_output=True, + text=True, + timeout=10, + check=False, + ) + + output = result.stdout.strip() + if output: + self.console.print(output) + else: + self.console.print("[yellow]Container not found[/yellow]") + + except Exception as e: + self.console.print(f"[red]Error retrieving container details: {e}[/red]") + + self._pause() + + def _is_container_running(self, container_name: str) -> bool: + """Check whether a Docker container is running.""" + try: + result = run_cmd( + ["docker", "inspect", "-f", "{{.State.Running}}", container_name], + capture_output=True, + text=True, + timeout=5, + check=False, + ) + return result.returncode == 0 and (result.stdout or "").strip().lower() == "true" + except Exception: + return False def _restart_all_services(self) -> None: """Restart all Azazel services.""" @@ -283,7 +483,6 @@ def _restart_all_services(self) -> None: services = [ "azctl-unified.service", "suricata.service", - "opencanary.service", "vector.service", ] @@ -305,10 +504,27 @@ def _restart_all_services(self) -> None: except Exception as e: self.console.print(f"[red]✗ Error restarting {service}: {e}[/red]") + + self.console.print(f"[blue]Restarting azazel_opencanary container...[/blue]") + try: + result = run_cmd( + ["sudo", "docker", "restart", "azazel_opencanary"], + capture_output=True, + text=True, + timeout=30, + check=False, + ) + if result.returncode == 0: + self.console.print("[green]✓ azazel_opencanary restarted[/green]") + else: + err = result.stderr.strip() or "Unknown error" + self.console.print(f"[red]✗ Failed to restart azazel_opencanary: {err}[/red]") + except Exception as e: + self.console.print(f"[red]✗ Error restarting azazel_opencanary: {e}[/red]") self.console.print("\n[bold]All services restart attempts completed.[/bold]") self._pause() def _pause(self) -> None: """Pause for user input.""" - Prompt.ask("\n[dim]Press Enter to continue[/dim]", default="", show_default=False) \ No newline at end of file + Prompt.ask("\n[dim]Press Enter to continue[/dim]", default="", show_default=False) diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index a265547..b12d92f 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -1,5 +1,3 @@ -version: '3.8' - services: postgres: image: postgres:15 @@ -13,6 +11,8 @@ services: - /opt/azazel/data/postgres:/var/lib/postgresql/data ports: - "127.0.0.1:5432:5432" + networks: + - azazel_net ollama: image: ollama/ollama:latest @@ -32,6 +32,26 @@ services: timeout: 10s retries: 3 start_period: 60s + networks: + - azazel_net + + opencanary: + image: thinkst/opencanary:latest + container_name: azazel_opencanary + restart: always + volumes: + - /opt/azazel/config/opencanary.conf:/root/.opencanary.conf:ro + - /opt/azazel/logs:/logs + networks: + azazel_net: + ipv4_address: 172.16.10.10 volumes: ollama_data: + +networks: + azazel_net: + driver: bridge + ipam: + config: + - subnet: 172.16.10.0/24 diff --git a/deploy/opencanary.conf b/deploy/opencanary.conf index d8eaf55..c5483ba 100644 --- a/deploy/opencanary.conf +++ b/deploy/opencanary.conf @@ -21,7 +21,7 @@ "handlers": { "file": { "class": "logging.handlers.RotatingFileHandler", - "filename": "/var/log/azazel/canary.json", + "filename": "/logs/opencanary.log", "maxBytes": 10485760, "backupCount": 5, "formatter": "plain", diff --git a/deploy/vector.toml b/deploy/vector.toml index 5535080..e7f2f88 100644 --- a/deploy/vector.toml +++ b/deploy/vector.toml @@ -5,7 +5,7 @@ ##### SOURCE: OpenCanary ###################################################### [sources.opencanary_raw] type = "file" -include = ["/logs/opencanary.log"] +include = ["/logs/opencanary.log", "/opt/azazel/logs/opencanary.log"] read_from = "end" fingerprinting.strategy = "device_and_inode" diff --git a/docs/en/API_REFERENCE.md b/docs/en/API_REFERENCE.md index 7d0500a..ff55343 100644 --- a/docs/en/API_REFERENCE.md +++ b/docs/en/API_REFERENCE.md @@ -134,7 +134,7 @@ Manages Azazel system services. - `azctl-unified.service` - Unified control daemon - `azctl-unified.service` - HTTP server - `suricata.service` - IDS/IPS -- `opencanary.service` - Honeypot +- `azazel_opencanary (Docker)` - Honeypot - `vector.service` - Log collection - `azazel-epd.service` - E-Paper display diff --git a/docs/en/NETWORK_SETUP.md b/docs/en/NETWORK_SETUP.md index 9b98403..15ebb42 100644 --- a/docs/en/NETWORK_SETUP.md +++ b/docs/en/NETWORK_SETUP.md @@ -410,7 +410,7 @@ sudo tail -f /var/log/suricata/fast.log sudo tcpdump -i -n -c 100 # Check OpenCanary honeypot logs -sudo journalctl -u opencanary -f +docker logs -f azazel_opencanary ``` ## Legacy Network Configurations @@ -452,4 +452,4 @@ For cloud-connected deployments: --- -*For the latest networking guidance, refer to the [Azazel-Pi repository](https://github.com/01rabbit/Azazel-Pi) and consult your network administrator for enterprise deployments.* \ No newline at end of file +*For the latest networking guidance, refer to the [Azazel-Pi repository](https://github.com/01rabbit/Azazel-Pi) and consult your network administrator for enterprise deployments.* diff --git a/docs/en/OPERATIONS.md b/docs/en/OPERATIONS.md index 3b2e617..43641ef 100644 --- a/docs/en/OPERATIONS.md +++ b/docs/en/OPERATIONS.md @@ -307,7 +307,7 @@ sudo nano /etc/default/azazel-epd # Set UPDATE_INTERVAL=30 # OpenCanary service selective enabling -sudo nano /etc/azazel/opencanary/opencanary.conf +sudo nano /opt/azazel/config/opencanary.conf # Disable unnecessary services ``` diff --git a/docs/en/TROUBLESHOOTING.md b/docs/en/TROUBLESHOOTING.md index 3d15e9a..f2011c5 100644 --- a/docs/en/TROUBLESHOOTING.md +++ b/docs/en/TROUBLESHOOTING.md @@ -283,7 +283,8 @@ sudo journalctl -u azctl-unified.service --since "10 minutes ago" sudo systemctl status azctl-unified.service mattermost nginx docker # Check security services -sudo systemctl status suricata opencanary vector +sudo systemctl status suricata vector +docker ps --filter name=azazel_opencanary # Check E-Paper service (if installed) sudo systemctl status azazel-epd.service @@ -568,8 +569,8 @@ sudo systemctl list-dependencies azctl-unified.service # Start services individually sudo systemctl start suricata -sudo systemctl start opencanary sudo systemctl start vector +docker start azazel_opencanary sudo systemctl start azctl-unified.service # Check for configuration errors @@ -707,11 +708,11 @@ curl -s http://eicar.org/download/eicar.com.txt ```bash # Check OpenCanary status -sudo systemctl status opencanary -sudo journalctl -u opencanary --no-pager +docker ps --filter name=azazel_opencanary +docker logs --tail 100 azazel_opencanary # Verify configuration -sudo cat /etc/azazel/opencanary/opencanary.conf +sudo cat /opt/azazel/config/opencanary.conf # Test honeypot services nmap -sS -O localhost @@ -720,7 +721,7 @@ nmap -sS -O localhost sudo netstat -tuln | grep -E ':(22|23|80|443|21)' # Restart OpenCanary -sudo systemctl restart opencanary +docker restart azazel_opencanary ``` #### Problem: Firewall blocking legitimate traffic @@ -1093,4 +1094,4 @@ sudo nano /etc/logrotate.d/azazel --- -*For additional troubleshooting help, consult the [INSTALLATION.md](INSTALLATION.md), [OPERATIONS.md](OPERATIONS.md), and [NETWORK_SETUP.md](NETWORK_SETUP.md) guides, or file an issue at the [Azazel-Pi repository](https://github.com/01rabbit/Azazel-Pi).* \ No newline at end of file +*For additional troubleshooting help, consult the [INSTALLATION.md](INSTALLATION.md), [OPERATIONS.md](OPERATIONS.md), and [NETWORK_SETUP.md](NETWORK_SETUP.md) guides, or file an issue at the [Azazel-Pi repository](https://github.com/01rabbit/Azazel-Pi).* diff --git a/docs/ja/API_REFERENCE.md b/docs/ja/API_REFERENCE.md index 10f95db..14899bb 100644 --- a/docs/ja/API_REFERENCE.md +++ b/docs/ja/API_REFERENCE.md @@ -323,7 +323,7 @@ OpenCanaryハニーポットイベントを処理します。 **使用例:** ```python -canary_tail = CanaryTail("/var/log/opencanary.log") +canary_tail = CanaryTail("/opt/azazel/logs/opencanary.log") for event in canary_tail.tail_events(): print(f"ハニーポットイベント: {event.name}, 重要度: {event.severity}") ``` @@ -500,7 +500,7 @@ Azazelシステムサービスの管理を行います。 - `azctl-unified.service` - 統合制御デーモン - `azctl-unified.service` - HTTPサーバー - `suricata.service` - IDS/IPS -- `opencanary.service` - ハニーポット +- `azazel_opencanary (Docker)` - ハニーポット - `vector.service` - ログ収集 - `azazel-epd.service` - E-Paperディスプレイ @@ -877,7 +877,7 @@ sudo scripts/sanity_check.sh --json ``` [OK] azctl-unified.service is active [OK] suricata.service is active -[WARNING] opencanary.service is inactive +[WARNING] azazel_opencanary container is inactive [OK] vector.service is active [ERROR] mattermost.service failed to start ``` @@ -1023,4 +1023,4 @@ for event in suricata_tail.tail_events(): --- -*API仕様の最新情報については、[Azazel-Piリポジトリ](https://github.com/01rabbit/Azazel-Pi)のソースコードとテストスイートを参照してください。* \ No newline at end of file +*API仕様の最新情報については、[Azazel-Piリポジトリ](https://github.com/01rabbit/Azazel-Pi)のソースコードとテストスイートを参照してください。* diff --git a/docs/ja/ARCHITECTURE.md b/docs/ja/ARCHITECTURE.md index 51c2f86..7eafdd5 100644 --- a/docs/ja/ARCHITECTURE.md +++ b/docs/ja/ARCHITECTURE.md @@ -384,7 +384,7 @@ WantedBy=multi-user.target |----------|----------|------| | azctl-unified.service | ネットワーク | メインコントローラー | | suricata.service | ネットワーク | IDS/IPS | -| opencanary.service | なし | ハニーポット | +| azazel_opencanary (Docker) | Docker | ハニーポット | | vector.service | ログディレクトリ | ログ処理 | | mattermost.service | データベース | アラート通知 | | nginx.service | mattermost | リバースプロキシ | @@ -633,4 +633,4 @@ class AzazelTUIMenu: --- -*Azazel-Piアーキテクチャの詳細については、[公式リポジトリ](https://github.com/01rabbit/Azazel-Pi)のソースコードとドキュメントを参照してください。* \ No newline at end of file +*Azazel-Piアーキテクチャの詳細については、[公式リポジトリ](https://github.com/01rabbit/Azazel-Pi)のソースコードとドキュメントを参照してください。* diff --git a/docs/ja/NETWORK_SETUP.md b/docs/ja/NETWORK_SETUP.md index e7bdf36..64cffde 100644 --- a/docs/ja/NETWORK_SETUP.md +++ b/docs/ja/NETWORK_SETUP.md @@ -409,7 +409,7 @@ sudo tail -f /var/log/suricata/fast.log sudo tcpdump -i -n -c 100 # OpenCanaryハニーポットログを確認 -sudo journalctl -u opencanary -f +docker logs -f azazel_opencanary ``` ## レガシーネットワーク設定 @@ -499,4 +499,4 @@ sudo nano /etc/hostapd/hostapd.conf --- -*最新のネットワーキングガイダンスについては、[Azazel-Piリポジトリ](https://github.com/01rabbit/Azazel-Pi)を参照し、企業展開については管理者に相談してください。* \ No newline at end of file +*最新のネットワーキングガイダンスについては、[Azazel-Piリポジトリ](https://github.com/01rabbit/Azazel-Pi)を参照し、企業展開については管理者に相談してください。* diff --git a/docs/ja/OPERATIONS.md b/docs/ja/OPERATIONS.md index 1f44b99..3bca727 100644 --- a/docs/ja/OPERATIONS.md +++ b/docs/ja/OPERATIONS.md @@ -322,7 +322,7 @@ sudo nano /etc/default/azazel-epd # UPDATE_INTERVAL=30 に設定 # OpenCanaryサービスの選択的有効化 -sudo nano /etc/azazel/opencanary/opencanary.conf +sudo nano /opt/azazel/config/opencanary.conf # 不要なサービスを無効化 ``` @@ -418,4 +418,4 @@ sudo journalctl -u azctl-unified.service --since "1 hour ago" | grep -i error --- -*最新の運用ガイダンスについては、[Azazel-Piリポジトリ](https://github.com/01rabbit/Azazel-Pi)を参照し、企業展開については管理者に相談してください。* \ No newline at end of file +*最新の運用ガイダンスについては、[Azazel-Piリポジトリ](https://github.com/01rabbit/Azazel-Pi)を参照し、企業展開については管理者に相談してください。* diff --git a/docs/ja/TROUBLESHOOTING.md b/docs/ja/TROUBLESHOOTING.md index 6f9bd67..1bd04b9 100644 --- a/docs/ja/TROUBLESHOOTING.md +++ b/docs/ja/TROUBLESHOOTING.md @@ -26,7 +26,8 @@ sudo journalctl -u azctl-unified.service --since "10 minutes ago" sudo systemctl status azctl-unified.service mattermost nginx docker # セキュリティサービスを確認 -sudo systemctl status suricata opencanary vector +sudo systemctl status suricata vector +docker ps --filter name=azazel_opencanary # E-Paperサービスを確認(インストール済みの場合) sudo systemctl status azazel-epd.service @@ -311,8 +312,8 @@ sudo systemctl list-dependencies azctl-unified.service # サービスを個別に開始 sudo systemctl start suricata -sudo systemctl start opencanary sudo systemctl start vector +docker start azazel_opencanary sudo systemctl start azctl-unified.service # 設定エラーを確認 @@ -450,11 +451,11 @@ curl -s http://eicar.org/download/eicar.com.txt ```bash # OpenCanary状態を確認 -sudo systemctl status opencanary -sudo journalctl -u opencanary --no-pager +docker ps --filter name=azazel_opencanary +docker logs --tail 100 azazel_opencanary # 設定を確認 -sudo cat /etc/azazel/opencanary/opencanary.conf +sudo cat /opt/azazel/config/opencanary.conf # ハニーポットサービスをテスト nmap -sS -O localhost @@ -463,7 +464,7 @@ nmap -sS -O localhost sudo netstat -tuln | grep -E ':(22|23|80|443|21)' # OpenCanaryを再起動 -sudo systemctl restart opencanary +docker restart azazel_opencanary ``` #### 問題: ファイアウォールが正当なトラフィックをブロックする @@ -1137,4 +1138,4 @@ sudo nano /etc/systemd/journald.conf --- -*追加のトラブルシューティングヘルプについては、[`INSTALLATION_ja.md`](INSTALLATION_ja.md)、[`OPERATIONS_ja.md`](OPERATIONS_ja.md)、[`NETWORK_SETUP_ja.md`](NETWORK_SETUP_ja.md)ガイドを参照するか、[Azazel-Piリポジトリ](https://github.com/01rabbit/Azazel-Pi)でissueを報告してください。* \ No newline at end of file +*追加のトラブルシューティングヘルプについては、[`INSTALLATION_ja.md`](INSTALLATION_ja.md)、[`OPERATIONS_ja.md`](OPERATIONS_ja.md)、[`NETWORK_SETUP_ja.md`](NETWORK_SETUP_ja.md)ガイドを参照するか、[Azazel-Piリポジトリ](https://github.com/01rabbit/Azazel-Pi)でissueを報告してください。* diff --git a/runtime/demo_epd_output.txt b/runtime/demo_epd_output.txt new file mode 100644 index 0000000..883c10c --- /dev/null +++ b/runtime/demo_epd_output.txt @@ -0,0 +1,878 @@ +2025-11-12T22:34:47.663241 | 198.51.100.62 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=portal +2025-11-12T22:34:47.727843 | 198.51.100.220 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=portal +2025-11-12T22:36:07.519243 | 198.51.100.81 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=portal +2025-11-12T22:36:07.546786 | 198.51.100.218 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=portal +2025-11-12T22:37:46.098524 | 198.51.100.143 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=portal +2025-11-12T22:37:46.227630 | 198.51.100.22 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=portal +2025-11-12T22:37:46.238496 | 198.51.100.29 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=portal +2025-11-12T22:37:46.381958 | 198.51.100.218 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=shield +2025-11-12T22:37:46.495123 | 198.51.100.25 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=shield +2025-11-12T22:37:46.609795 | 198.51.100.173 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=shield +2025-11-12T22:37:46.720305 | 198.51.100.93 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=shield +2025-11-12T22:37:46.831357 | 198.51.100.205 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=shield +2025-11-12T22:37:46.866521 | 198.51.100.192 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:37:46.977839 | 198.51.100.8 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:37:47.088359 | 198.51.100.86 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:47.199857 | 198.51.100.47 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:47.310613 | 198.51.100.218 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:37:47.421676 | 198.51.100.190 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:47.532480 | 198.51.100.38 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:47.543670 | 198.51.100.205 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:37:47.655500 | 198.51.100.65 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:47.765885 | 198.51.100.58 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:37:47.876584 | 198.51.100.124 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:47.987311 | 198.51.100.224 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:48.098095 | 198.51.100.237 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:37:48.209181 | 198.51.100.202 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:48.322330 | 198.51.100.61 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:48.432794 | 198.51.100.94 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:48.443632 | 198.51.100.157 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:48.555350 | 198.51.100.130 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:48.667819 | 198.51.100.36 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:37:48.778541 | 198.51.100.158 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:37:48.889883 | 198.51.100.236 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:49.000493 | 198.51.100.61 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:37:49.114585 | 198.51.100.242 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:49.228652 | 198.51.100.149 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:49.242843 | 198.51.100.130 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:49.357240 | 198.51.100.109 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:49.471447 | 198.51.100.13 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:49.586175 | 198.51.100.127 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:37:49.700423 | 198.51.100.205 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:49.814858 | 198.51.100.191 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:49.928853 | 198.51.100.31 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:37:50.042260 | 198.51.100.40 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:50.056089 | 198.51.100.137 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:37:50.171690 | 198.51.100.47 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:50.286258 | 198.51.100.99 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:50.402397 | 198.51.100.193 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:37:50.517176 | 198.51.100.196 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:50.634243 | 198.51.100.243 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:50.648179 | 198.51.100.32 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:50.763118 | 198.51.100.238 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:37:50.877005 | 198.51.100.154 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:37:50.990761 | 198.51.100.144 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:51.105574 | 198.51.100.61 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:37:51.222896 | 198.51.100.191 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:51.337545 | 198.51.100.231 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:51.351548 | 198.51.100.166 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:51.466267 | 198.51.100.236 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:51.580343 | 198.51.100.8 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:37:51.695275 | 198.51.100.31 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:37:51.811008 | 198.51.100.10 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:51.925175 | 198.51.100.72 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:52.041314 | 198.51.100.169 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:52.055792 | 198.51.100.247 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:37:52.172382 | 198.51.100.158 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:52.286460 | 198.51.100.49 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:52.401251 | 198.51.100.127 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:52.517156 | 198.51.100.69 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:52.632808 | 198.51.100.155 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:52.747503 | 198.51.100.176 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:52.761840 | 198.51.100.53 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:37:52.877945 | 198.51.100.239 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:37:52.991813 | 198.51.100.174 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:53.108215 | 198.51.100.170 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:53.223092 | 198.51.100.143 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:53.338814 | 198.51.100.192 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:37:53.453028 | 198.51.100.37 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:37:53.468364 | 198.51.100.198 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:53.585698 | 198.51.100.98 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:53.699708 | 198.51.100.81 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:53.816100 | 198.51.100.62 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:37:53.928486 | 198.51.100.117 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:54.039278 | 198.51.100.186 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:54.150493 | 198.51.100.85 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:54.162065 | 198.51.100.230 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:54.273045 | 198.51.100.37 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:54.383672 | 198.51.100.50 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:54.494369 | 198.51.100.214 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:54.605143 | 198.51.100.126 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:37:54.716195 | 198.51.100.8 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:54.827263 | 198.51.100.195 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:54.938245 | 198.51.100.69 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:37:55.048548 | 198.51.100.70 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:55.062198 | 198.51.100.20 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:37:55.173282 | 198.51.100.221 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:37:55.284088 | 198.51.100.139 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:55.395800 | 198.51.100.240 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:37:55.506566 | 198.51.100.240 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:37:55.617221 | 198.51.100.107 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:55.727598 | 198.51.100.189 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:37:55.838302 | 198.51.100.40 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:37:55.948675 | 198.51.100.148 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:56.059462 | 198.51.100.215 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:56.072845 | 198.51.100.4 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:56.184277 | 198.51.100.150 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:56.300033 | 198.51.100.221 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:37:56.412004 | 198.51.100.119 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:37:56.522701 | 198.51.100.119 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:56.633471 | 198.51.100.166 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:37:56.744431 | 198.51.100.134 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:56.854778 | 198.51.100.25 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:37:56.866153 | 198.51.100.226 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:56.976863 | 198.51.100.243 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:37:57.087550 | 198.51.100.240 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:57.199155 | 198.51.100.202 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:37:57.310732 | 198.51.100.160 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:37:57.421124 | 198.51.100.241 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:57.531701 | 198.51.100.19 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:57.642585 | 198.51.100.45 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:57.753454 | 198.51.100.170 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:37:57.864096 | 198.51.100.143 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:37:57.874528 | 198.51.100.206 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:57.985410 | 198.51.100.88 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:58.095988 | 198.51.100.35 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:37:58.207011 | 198.51.100.138 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:37:58.317977 | 198.51.100.5 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:58.429994 | 198.51.100.85 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:58.540661 | 198.51.100.83 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:58.650969 | 198.51.100.38 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:37:58.762129 | 198.51.100.177 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:37:58.773211 | 198.51.100.148 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:37:58.884248 | 198.51.100.137 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:58.999218 | 198.51.100.118 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:37:59.113222 | 198.51.100.132 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:59.228583 | 198.51.100.220 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:37:59.343652 | 198.51.100.220 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:37:59.457978 | 198.51.100.191 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:37:59.572645 | 198.51.100.195 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:37:59.588719 | 198.51.100.206 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:37:59.705752 | 198.51.100.140 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:37:59.821877 | 198.51.100.33 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:37:59.937122 | 198.51.100.223 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:38:00.051952 | 198.51.100.23 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:38:00.167059 | 198.51.100.172 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:38:00.182282 | 198.51.100.126 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:38:00.297127 | 198.51.100.142 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:38:00.411356 | 198.51.100.118 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:38:00.526941 | 198.51.100.179 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:38:00.641860 | 198.51.100.134 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:38:00.754966 | 198.51.100.154 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:38:00.869633 | 198.51.100.158 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:38:00.883735 | 198.51.100.166 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:38:00.998760 | 198.51.100.10 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:38:01.113744 | 198.51.100.213 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:38:01.230434 | 198.51.100.36 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:38:01.345484 | 198.51.100.62 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:38:01.459604 | 198.51.100.199 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:38:01.573445 | 198.51.100.71 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:38:01.587372 | 198.51.100.15 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:38:01.703303 | 198.51.100.200 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:38:01.817162 | 198.51.100.187 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:38:01.931129 | 198.51.100.161 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:38:02.044724 | 198.51.100.223 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:38:02.158475 | 198.51.100.163 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:38:02.273730 | 198.51.100.249 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:38:02.287742 | 198.51.100.34 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:38:02.401115 | 198.51.100.201 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:38:02.519609 | 198.51.100.224 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:38:02.634357 | 198.51.100.218 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:38:02.750050 | 198.51.100.84 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:38:02.864857 | 198.51.100.20 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:38:02.978790 | 198.51.100.66 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:38:02.993898 | 198.51.100.212 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:38:03.108432 | 198.51.100.187 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:38:03.228008 | 198.51.100.232 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:38:03.343833 | 198.51.100.20 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:38:03.459382 | 198.51.100.68 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:38:03.573583 | 198.51.100.192 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:38:03.588359 | 198.51.100.99 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:38:03.702087 | 198.51.100.13 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:38:03.816583 | 198.51.100.158 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:38:03.930743 | 198.51.100.70 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:38:04.046946 | 198.51.100.59 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:38:04.161050 | 198.51.100.236 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:38:04.275801 | 198.51.100.91 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:38:04.389399 | 198.51.100.182 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:38:04.403685 | 198.51.100.13 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:38:04.519116 | 198.51.100.227 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:38:04.635178 | 198.51.100.124 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:38:04.754557 | 198.51.100.176 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:38:04.870559 | 198.51.100.23 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:38:04.990147 | 198.51.100.57 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:38:05.005649 | 198.51.100.33 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:38:05.122456 | 198.51.100.199 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:38:05.243652 | 198.51.100.65 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:38:05.358688 | 198.51.100.12 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:38:05.472561 | 198.51.100.99 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:38:05.586575 | 198.51.100.90 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:38:05.601707 | 198.51.100.135 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:38:05.717479 | 198.51.100.221 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:38:05.833676 | 198.51.100.200 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:38:05.949352 | 198.51.100.68 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:38:06.065931 | 198.51.100.201 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:39:07.936949 | 198.51.100.52 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=portal +2025-11-12T22:39:07.964139 | 198.51.100.233 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=portal +2025-11-12T22:39:49.729469 | 198.51.100.21 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=portal +2025-11-12T22:39:49.856848 | 198.51.100.115 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=portal +2025-11-12T22:39:49.869495 | 198.51.100.168 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=portal +2025-11-12T22:39:49.981397 | 198.51.100.38 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=portal +2025-11-12T22:39:50.092558 | 198.51.100.116 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=portal +2025-11-12T22:39:50.203388 | 198.51.100.15 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=portal +2025-11-12T22:39:50.345642 | 198.51.100.93 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=shield +2025-11-12T22:39:50.456779 | 198.51.100.221 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=shield +2025-11-12T22:39:50.467530 | 198.51.100.181 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=shield +2025-11-12T22:39:50.578037 | 198.51.100.54 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=shield +2025-11-12T22:39:50.710723 | 198.51.100.171 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:50.823219 | 198.51.100.48 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:39:50.933366 | 198.51.100.92 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:39:51.043771 | 198.51.100.89 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:39:51.154125 | 198.51.100.25 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:39:51.264686 | 198.51.100.250 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:39:51.275666 | 198.51.100.112 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:39:51.387174 | 198.51.100.25 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:39:51.497532 | 198.51.100.131 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:39:51.608566 | 198.51.100.239 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:51.719349 | 198.51.100.19 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:39:51.829950 | 198.51.100.238 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:39:51.940813 | 198.51.100.245 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:39:52.051802 | 198.51.100.220 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:39:52.162936 | 198.51.100.97 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:39:52.175758 | 198.51.100.144 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:39:52.288031 | 198.51.100.114 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:39:52.399045 | 198.51.100.212 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:52.510335 | 198.51.100.133 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:39:52.621394 | 198.51.100.245 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:39:52.733182 | 198.51.100.157 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:39:52.844396 | 198.51.100.91 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:39:52.955396 | 198.51.100.57 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:39:53.065795 | 198.51.100.135 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:53.076860 | 198.51.100.50 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:39:53.187878 | 198.51.100.124 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:39:53.299586 | 198.51.100.135 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:53.411373 | 198.51.100.139 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:39:53.521859 | 198.51.100.45 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:39:53.633082 | 198.51.100.134 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:39:53.743786 | 198.51.100.110 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:39:53.854564 | 198.51.100.224 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:53.965478 | 198.51.100.202 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:53.976390 | 198.51.100.113 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:39:54.087679 | 198.51.100.127 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:39:54.199187 | 198.51.100.129 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:39:54.309800 | 198.51.100.156 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:39:54.421030 | 198.51.100.126 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:39:54.531589 | 198.51.100.69 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:39:54.642421 | 198.51.100.34 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:39:54.757615 | 198.51.100.73 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:39:54.871536 | 198.51.100.154 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:39:54.886213 | 198.51.100.204 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:39:55.000657 | 198.51.100.211 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:55.113548 | 198.51.100.16 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:39:55.229035 | 198.51.100.133 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:55.344045 | 198.51.100.143 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:39:55.458251 | 198.51.100.54 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:39:55.572405 | 198.51.100.148 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:39:55.586936 | 198.51.100.173 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:39:55.701031 | 198.51.100.210 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:39:55.814546 | 198.51.100.6 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:39:55.928710 | 198.51.100.85 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:39:56.042997 | 198.51.100.177 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:39:56.157302 | 198.51.100.116 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:39:56.274301 | 198.51.100.190 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:39:56.287397 | 198.51.100.178 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:39:56.399997 | 198.51.100.45 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:39:56.514188 | 198.51.100.19 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:56.628656 | 198.51.100.122 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:39:56.743240 | 198.51.100.163 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:39:56.857839 | 198.51.100.203 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:56.971932 | 198.51.100.87 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:39:56.985669 | 198.51.100.20 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:39:57.099962 | 198.51.100.83 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:39:57.214139 | 198.51.100.13 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:39:57.329484 | 198.51.100.222 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:39:57.444373 | 198.51.100.224 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:39:57.559916 | 198.51.100.190 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:39:57.673941 | 198.51.100.46 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:39:57.691940 | 198.51.100.135 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:39:57.807184 | 198.51.100.162 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:39:57.920804 | 198.51.100.174 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:39:58.035935 | 198.51.100.51 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:39:58.152643 | 198.51.100.231 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:39:58.267067 | 198.51.100.105 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:39:58.381228 | 198.51.100.250 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:39:58.394848 | 198.51.100.204 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:39:58.509337 | 198.51.100.179 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:39:58.622600 | 198.51.100.28 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:39:58.736465 | 198.51.100.71 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:58.851480 | 198.51.100.239 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:39:58.966780 | 198.51.100.97 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:39:59.080482 | 198.51.100.201 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:39:59.097461 | 198.51.100.33 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:39:59.214745 | 198.51.100.165 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:39:59.328287 | 198.51.100.234 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:39:59.442307 | 198.51.100.169 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:39:59.556770 | 198.51.100.12 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:39:59.670479 | 198.51.100.192 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:39:59.784996 | 198.51.100.166 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:39:59.799030 | 198.51.100.208 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:39:59.915338 | 198.51.100.93 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:00.029714 | 198.51.100.194 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:40:00.144287 | 198.51.100.184 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:40:00.258709 | 198.51.100.63 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:40:00.373159 | 198.51.100.250 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:00.486792 | 198.51.100.104 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:00.500433 | 198.51.100.220 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:40:00.614730 | 198.51.100.18 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:40:00.727930 | 198.51.100.107 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:40:00.842853 | 198.51.100.139 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:00.957000 | 198.51.100.15 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:01.071255 | 198.51.100.96 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:40:01.186025 | 198.51.100.175 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:40:01.201114 | 198.51.100.208 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:40:01.320880 | 198.51.100.93 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:40:01.436788 | 198.51.100.140 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:40:01.551156 | 198.51.100.119 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:40:01.666652 | 198.51.100.46 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:40:01.781416 | 198.51.100.85 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:40:01.796529 | 198.51.100.67 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:40:01.911219 | 198.51.100.202 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:40:02.024532 | 198.51.100.214 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:40:02.138812 | 198.51.100.81 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:40:02.256307 | 198.51.100.228 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:40:02.371178 | 198.51.100.132 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:40:02.486974 | 198.51.100.211 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:40:02.501392 | 198.51.100.45 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:40:02.617418 | 198.51.100.139 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:40:02.732793 | 198.51.100.235 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:40:02.851038 | 198.51.100.30 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:40:02.964833 | 198.51.100.59 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:40:03.079826 | 198.51.100.38 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:40:03.193736 | 198.51.100.80 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:40:03.208179 | 198.51.100.118 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:40:03.322269 | 198.51.100.113 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:40:03.436071 | 198.51.100.101 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:40:03.550548 | 198.51.100.31 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:40:03.665084 | 198.51.100.238 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:40:03.778941 | 198.51.100.182 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:40:03.893613 | 198.51.100.66 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:40:03.909038 | 198.51.100.36 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:40:04.026503 | 198.51.100.94 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:40:04.140537 | 198.51.100.144 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:40:04.255436 | 198.51.100.10 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:40:04.370492 | 198.51.100.199 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:40:04.484536 | 198.51.100.212 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:40:04.598807 | 198.51.100.62 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:40:04.612998 | 198.51.100.165 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:40:04.726730 | 198.51.100.72 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:40:04.841571 | 198.51.100.80 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:40:04.955744 | 198.51.100.230 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:40:05.070430 | 198.51.100.136 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:40:05.185427 | 198.51.100.74 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:40:05.299205 | 198.51.100.247 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:05.313273 | 198.51.100.65 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:05.438102 | 198.51.100.144 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:40:05.551385 | 198.51.100.136 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:40:05.662149 | 198.51.100.223 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:05.773299 | 198.51.100.205 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:40:05.883691 | 198.51.100.118 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:40:05.994232 | 198.51.100.60 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:40:06.104947 | 198.51.100.114 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:40:06.115411 | 198.51.100.192 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:40:06.226756 | 198.51.100.166 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:40:06.337549 | 198.51.100.125 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:40:06.448515 | 198.51.100.181 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:40:06.559497 | 198.51.100.61 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:40:06.670306 | 198.51.100.20 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:40:06.781613 | 198.51.100.137 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:06.892034 | 198.51.100.43 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:07.002343 | 198.51.100.114 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:40:07.012935 | 198.51.100.112 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:40:07.123747 | 198.51.100.166 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:40:07.233890 | 198.51.100.33 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:40:07.344917 | 198.51.100.160 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:40:07.455735 | 198.51.100.230 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:40:07.566195 | 198.51.100.14 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:40:07.676720 | 198.51.100.145 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:40:07.789057 | 198.51.100.22 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:40:07.899694 | 198.51.100.82 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:08.010656 | 198.51.100.143 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:40:08.021147 | 198.51.100.127 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:40:08.132186 | 198.51.100.25 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:40:08.242454 | 198.51.100.47 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:40:08.352881 | 198.51.100.16 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:40:08.463193 | 198.51.100.16 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:08.573402 | 198.51.100.109 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:40:08.683761 | 198.51.100.246 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:40:08.795317 | 198.51.100.95 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:40:08.906355 | 198.51.100.67 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:40:08.917040 | 198.51.100.196 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:40:09.029145 | 198.51.100.99 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:40:09.139607 | 198.51.100.74 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:40:09.249910 | 198.51.100.115 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:40:09.364324 | 198.51.100.201 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:40:09.474880 | 198.51.100.99 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:40:09.586396 | 198.51.100.26 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:40:09.697473 | 198.51.100.56 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:42:44.946515 | 198.51.100.237 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=portal +2025-11-12T22:42:44.977958 | 198.51.100.216 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=portal +2025-11-12T22:42:44.994416 | 198.51.100.231 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=portal +2025-11-12T22:42:45.007847 | 198.51.100.53 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=portal +2025-11-12T22:45:33.521032 | 198.51.100.250 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=portal +2025-11-12T22:45:33.552305 | 198.51.100.8 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=portal +2025-11-12T22:45:33.566246 | 198.51.100.136 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=portal +2025-11-12T22:45:33.612517 | 198.51.100.88 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=shield +2025-11-12T22:46:54.589652 | 198.51.100.180 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=portal +2025-11-12T22:46:54.619785 | 198.51.100.127 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=portal +2025-11-12T22:47:53.381987 | 198.51.100.40 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=portal +2025-11-12T22:47:53.513824 | 198.51.100.31 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=portal +2025-11-12T22:47:53.629550 | 198.51.100.231 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=portal +2025-11-12T22:47:53.678253 | 198.51.100.162 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=shield +2025-11-12T22:47:53.794059 | 198.51.100.144 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=shield +2025-11-12T22:47:53.908884 | 198.51.100.175 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=shield +2025-11-12T22:47:54.023831 | 198.51.100.229 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=shield +2025-11-12T22:47:54.137853 | 198.51.100.51 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=shield +2025-11-12T22:47:54.151853 | 198.51.100.122 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=shield +2025-11-12T22:47:54.288150 | 198.51.100.44 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:47:54.406785 | 198.51.100.150 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:47:54.521302 | 198.51.100.167 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:47:54.636255 | 198.51.100.233 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:47:54.650397 | 198.51.100.197 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:47:54.765441 | 198.51.100.66 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:47:54.880129 | 198.51.100.180 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:47:54.995004 | 198.51.100.64 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:47:55.108911 | 198.51.100.200 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:47:55.222952 | 198.51.100.162 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:47:55.337389 | 198.51.100.175 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:47:55.353829 | 198.51.100.203 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:47:55.467842 | 198.51.100.183 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:47:55.585127 | 198.51.100.88 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:47:55.699839 | 198.51.100.45 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:47:55.814497 | 198.51.100.225 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:47:55.929088 | 198.51.100.98 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:47:56.043622 | 198.51.100.9 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:47:56.058056 | 198.51.100.152 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:47:56.173654 | 198.51.100.139 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:47:56.288159 | 198.51.100.156 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:47:56.403113 | 198.51.100.177 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:47:56.517880 | 198.51.100.153 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:47:56.632501 | 198.51.100.167 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:47:56.650075 | 198.51.100.94 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:47:56.767165 | 198.51.100.200 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:47:56.881627 | 198.51.100.64 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:47:56.995878 | 198.51.100.115 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:47:57.111888 | 198.51.100.228 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:47:57.226666 | 198.51.100.216 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:47:57.340966 | 198.51.100.79 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:47:57.355505 | 198.51.100.163 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:47:57.469407 | 198.51.100.243 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:47:57.583803 | 198.51.100.237 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:47:57.698241 | 198.51.100.137 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:47:57.812381 | 198.51.100.86 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:47:57.928814 | 198.51.100.79 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:47:58.042881 | 198.51.100.100 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:47:58.056991 | 198.51.100.51 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:47:58.170990 | 198.51.100.172 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:47:58.285886 | 198.51.100.143 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:47:58.400467 | 198.51.100.205 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:47:58.521290 | 198.51.100.221 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:47:58.640372 | 198.51.100.211 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:47:58.659025 | 198.51.100.236 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:47:58.780684 | 198.51.100.157 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:47:58.902238 | 198.51.100.166 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:47:59.023258 | 198.51.100.13 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:47:59.137690 | 198.51.100.129 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:47:59.158321 | 198.51.100.175 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:47:59.276260 | 198.51.100.36 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:47:59.390364 | 198.51.100.39 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:47:59.504764 | 198.51.100.250 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:47:59.619420 | 198.51.100.60 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:47:59.733534 | 198.51.100.96 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:47:59.847611 | 198.51.100.143 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:47:59.867016 | 198.51.100.58 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:47:59.982969 | 198.51.100.151 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:48:00.098771 | 198.51.100.171 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:00.214315 | 198.51.100.221 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:00.328875 | 198.51.100.80 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:00.447672 | 198.51.100.91 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:48:00.462730 | 198.51.100.113 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:00.577107 | 198.51.100.139 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:48:00.691835 | 198.51.100.154 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:00.805863 | 198.51.100.54 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:00.919744 | 198.51.100.2 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:48:01.039920 | 198.51.100.176 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:48:01.154492 | 198.51.100.135 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:48:01.169232 | 198.51.100.146 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:01.283745 | 198.51.100.146 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:01.398123 | 198.51.100.41 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:01.512214 | 198.51.100.16 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:01.630478 | 198.51.100.49 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:48:01.746163 | 198.51.100.152 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:48:01.760718 | 198.51.100.68 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:01.876567 | 198.51.100.219 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:01.991505 | 198.51.100.69 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:02.106596 | 198.51.100.25 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:02.221655 | 198.51.100.246 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:48:02.336163 | 198.51.100.35 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:02.453005 | 198.51.100.175 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:02.467309 | 198.51.100.126 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:02.581902 | 198.51.100.86 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:48:02.695947 | 198.51.100.47 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:02.811183 | 198.51.100.34 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:48:02.926211 | 198.51.100.13 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:03.040517 | 198.51.100.234 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:03.154804 | 198.51.100.180 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:48:03.169061 | 198.51.100.239 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:48:03.283601 | 198.51.100.142 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:03.398098 | 198.51.100.42 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:03.512378 | 198.51.100.69 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:48:03.627191 | 198.51.100.131 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:48:03.741936 | 198.51.100.107 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:48:03.855941 | 198.51.100.219 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:03.870279 | 198.51.100.97 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:48:03.984410 | 198.51.100.34 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:04.103797 | 198.51.100.111 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:48:04.223660 | 198.51.100.191 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:04.342069 | 198.51.100.77 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:48:04.461852 | 198.51.100.232 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:48:04.482082 | 198.51.100.92 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:48:04.606736 | 198.51.100.176 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:04.723908 | 198.51.100.144 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:04.843226 | 198.51.100.126 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:04.966315 | 198.51.100.63 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:48:04.987165 | 198.51.100.160 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:05.106509 | 198.51.100.186 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:05.224842 | 198.51.100.72 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:05.347695 | 198.51.100.213 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:05.370602 | 198.51.100.57 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:48:05.489812 | 198.51.100.26 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:48:05.608577 | 198.51.100.239 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:05.728513 | 198.51.100.172 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:48:05.846744 | 198.51.100.183 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:05.968149 | 198.51.100.208 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:05.988248 | 198.51.100.70 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:06.110779 | 198.51.100.73 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:06.230039 | 198.51.100.141 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:06.349800 | 198.51.100.125 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:48:06.469904 | 198.51.100.159 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:06.492332 | 198.51.100.23 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:06.618128 | 198.51.100.136 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:06.737517 | 198.51.100.139 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:06.857278 | 198.51.100.98 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:48:06.877850 | 198.51.100.162 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:48:07.001385 | 198.51.100.223 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:48:07.121357 | 198.51.100.88 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:07.241907 | 198.51.100.145 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:48:07.360951 | 198.51.100.53 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:07.380582 | 198.51.100.15 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:48:07.502257 | 198.51.100.136 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:48:07.620254 | 198.51.100.114 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:07.743202 | 198.51.100.6 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:07.863643 | 198.51.100.235 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:48:07.884239 | 198.51.100.59 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:08.005566 | 198.51.100.119 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:48:08.126260 | 198.51.100.208 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:08.246625 | 198.51.100.29 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:48:08.366058 | 198.51.100.51 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:08.385064 | 198.51.100.180 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:08.508196 | 198.51.100.72 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:08.626795 | 198.51.100.199 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:48:08.746100 | 198.51.100.81 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:48:08.866332 | 198.51.100.48 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:08.884455 | 198.51.100.140 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:09.006650 | 198.51.100.4 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:48:09.125587 | 198.51.100.180 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:09.245710 | 198.51.100.209 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:09.365465 | 198.51.100.154 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:48:09.384112 | 198.51.100.26 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:09.504229 | 198.51.100.204 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:09.624783 | 198.51.100.216 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:09.743509 | 198.51.100.174 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:48:09.863741 | 198.51.100.32 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:09.982779 | 198.51.100.31 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:10.002554 | 198.51.100.153 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:10.124165 | 198.51.100.153 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:48:10.241837 | 198.51.100.98 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:10.361971 | 198.51.100.152 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:10.480503 | 198.51.100.99 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:48:10.499507 | 198.51.100.124 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:48:10.619388 | 198.51.100.225 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:48:10.738185 | 198.51.100.31 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:48:10.858649 | 198.51.100.136 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:10.979206 | 198.51.100.5 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:48:10.999618 | 198.51.100.230 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:11.119450 | 198.51.100.109 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:48:11.239361 | 198.51.100.160 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:11.360395 | 198.51.100.238 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:48:11.478707 | 198.51.100.5 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:11.497960 | 198.51.100.100 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:48:11.617408 | 198.51.100.158 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:48:11.736518 | 198.51.100.125 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:11.856554 | 198.51.100.149 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:11.976201 | 198.51.100.70 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:48:11.995688 | 198.51.100.126 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:48:12.115761 | 198.51.100.153 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:12.238035 | 198.51.100.69 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:48:12.356932 | 198.51.100.22 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:48:12.477857 | 198.51.100.86 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:12.497337 | 198.51.100.222 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:12.615821 | 198.51.100.208 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:48:12.734552 | 198.51.100.92 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:12.854380 | 198.51.100.143 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:48:12.982183 | 198.51.100.125 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:48:13.000490 | 198.51.100.146 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:13.119237 | 198.51.100.140 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:48:13.234771 | 198.51.100.134 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:48:13.349551 | 198.51.100.129 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:19.146832 | 198.51.100.221 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=portal +2025-11-12T22:53:19.182208 | 198.51.100.58 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=portal +2025-11-12T22:53:43.433588 | 198.51.100.189 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=portal +2025-11-12T22:53:43.563478 | 198.51.100.113 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=portal +2025-11-12T22:53:43.636148 | 198.51.100.250 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=shield +2025-11-12T22:53:43.751387 | 198.51.100.118 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=shield +2025-11-12T22:53:43.865397 | 198.51.100.6 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=shield +2025-11-12T22:53:43.886611 | 198.51.100.248 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=shield +2025-11-12T22:53:44.006520 | 198.51.100.157 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=shield +2025-11-12T22:53:44.125764 | 198.51.100.241 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=shield +2025-11-12T22:53:44.246773 | 198.51.100.226 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=shield +2025-11-12T22:53:44.366108 | 198.51.100.6 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=shield +2025-11-12T22:53:44.386319 | 198.51.100.26 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=shield +2025-11-12T22:53:44.505982 | 198.51.100.7 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=shield +2025-11-12T22:53:44.637431 | 198.51.100.92 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=shield +2025-11-12T22:53:44.720783 | 198.51.100.112 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:44.854003 | 198.51.100.124 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:53:44.902395 | 198.51.100.93 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:45.057023 | 198.51.100.75 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:45.171434 | 198.51.100.130 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:45.186111 | 198.51.100.77 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:45.301513 | 198.51.100.187 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:45.416453 | 198.51.100.182 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:45.530734 | 198.51.100.64 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:45.645584 | 198.51.100.39 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:45.760030 | 198.51.100.103 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:45.775026 | 198.51.100.61 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:53:45.889158 | 198.51.100.196 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:46.003201 | 198.51.100.238 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:46.117487 | 198.51.100.207 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:46.232291 | 198.51.100.162 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:46.346434 | 198.51.100.53 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:46.462049 | 198.51.100.185 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:46.576425 | 198.51.100.232 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:46.590719 | 198.51.100.19 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:46.706670 | 198.51.100.186 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:46.821116 | 198.51.100.60 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:46.936572 | 198.51.100.221 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:47.050446 | 198.51.100.77 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:53:47.164581 | 198.51.100.125 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:47.180284 | 198.51.100.244 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:47.296804 | 198.51.100.195 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:47.412025 | 198.51.100.250 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:53:47.526352 | 198.51.100.100 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:47.640225 | 198.51.100.21 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:47.754465 | 198.51.100.67 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:47.868646 | 198.51.100.37 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:53:47.882891 | 198.51.100.25 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:47.997576 | 198.51.100.129 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:48.111857 | 198.51.100.203 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:48.226027 | 198.51.100.179 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:48.340476 | 198.51.100.182 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:48.454213 | 198.51.100.73 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:48.569005 | 198.51.100.63 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:48.586759 | 198.51.100.224 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:48.701485 | 198.51.100.211 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:53:48.815951 | 198.51.100.214 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:53:48.930089 | 198.51.100.18 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:49.044236 | 198.51.100.83 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:49.158591 | 198.51.100.245 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:49.274039 | 198.51.100.82 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:53:49.288181 | 198.51.100.228 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:49.403300 | 198.51.100.232 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:49.517835 | 198.51.100.114 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:53:49.632573 | 198.51.100.167 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:49.752342 | 198.51.100.208 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:49.875966 | 198.51.100.132 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:53:49.896484 | 198.51.100.29 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:50.024509 | 198.51.100.26 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:50.146152 | 198.51.100.116 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:50.266764 | 198.51.100.127 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:50.286561 | 198.51.100.224 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:50.405930 | 198.51.100.7 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:53:50.524994 | 198.51.100.5 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:50.645647 | 198.51.100.160 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:50.764567 | 198.51.100.94 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:50.887374 | 198.51.100.137 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:50.905330 | 198.51.100.108 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:53:51.024940 | 198.51.100.148 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:51.144164 | 198.51.100.59 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:53:51.262723 | 198.51.100.167 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:51.382365 | 198.51.100.134 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:53:51.405895 | 198.51.100.90 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:51.527621 | 198.51.100.143 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:51.649018 | 198.51.100.215 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:51.769593 | 198.51.100.110 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:53:51.890704 | 198.51.100.98 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:51.914418 | 198.51.100.33 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:52.034441 | 198.51.100.133 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:52.154552 | 198.51.100.234 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:52.277810 | 198.51.100.192 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:52.296969 | 198.51.100.205 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:52.416165 | 198.51.100.166 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:52.537351 | 198.51.100.170 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:52.656714 | 198.51.100.55 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:52.777571 | 198.51.100.170 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:52.798030 | 198.51.100.119 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:52.917367 | 198.51.100.37 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:53:53.039309 | 198.51.100.117 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:53.182173 | 198.51.100.83 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:53.235175 | 198.51.100.148 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:53.376375 | 198.51.100.95 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:53.499801 | 198.51.100.246 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:53.521828 | 198.51.100.197 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:53.638173 | 198.51.100.109 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:53.753344 | 198.51.100.38 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:53.868180 | 198.51.100.135 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:53.982613 | 198.51.100.70 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:54.099770 | 198.51.100.141 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:54.128236 | 198.51.100.152 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:53:54.260135 | 198.51.100.136 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:54.395553 | 198.51.100.230 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:54.454911 | 198.51.100.117 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:54.577632 | 198.51.100.238 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:53:54.693320 | 198.51.100.98 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:54.707154 | 198.51.100.249 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:54.822427 | 198.51.100.65 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:53:54.936382 | 198.51.100.249 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:55.053306 | 198.51.100.30 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:55.169303 | 198.51.100.40 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:55.284912 | 198.51.100.44 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:55.400019 | 198.51.100.204 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:55.414557 | 198.51.100.235 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:55.528829 | 198.51.100.75 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:55.644316 | 198.51.100.195 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:55.758737 | 198.51.100.249 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:55.874311 | 198.51.100.163 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:53:55.989689 | 198.51.100.91 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:56.104240 | 198.51.100.119 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:56.118695 | 198.51.100.177 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:56.233768 | 198.51.100.190 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:56.347845 | 198.51.100.245 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:56.461910 | 198.51.100.239 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:56.576515 | 198.51.100.231 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:53:56.690656 | 198.51.100.201 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:53:56.804827 | 198.51.100.213 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:56.822601 | 198.51.100.203 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:56.939802 | 198.51.100.131 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:53:57.054857 | 198.51.100.170 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:57.169987 | 198.51.100.102 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:57.289175 | 198.51.100.59 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:57.404094 | 198.51.100.103 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:57.418002 | 198.51.100.49 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:57.532750 | 198.51.100.66 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:57.646887 | 198.51.100.117 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:53:57.762723 | 198.51.100.187 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:53:57.877014 | 198.51.100.150 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:57.991312 | 198.51.100.60 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:58.105887 | 198.51.100.120 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:58.120272 | 198.51.100.219 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:58.241955 | 198.51.100.203 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:58.361493 | 198.51.100.93 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:53:58.482564 | 198.51.100.200 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:53:58.602740 | 198.51.100.105 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:58.621147 | 198.51.100.42 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:58.740617 | 198.51.100.52 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:53:58.860866 | 198.51.100.182 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:58.981424 | 198.51.100.16 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:53:59.102902 | 198.51.100.3 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T22:53:59.121799 | 198.51.100.6 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:53:59.241311 | 198.51.100.30 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:59.359406 | 198.51.100.10 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:53:59.479382 | 198.51.100.125 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:53:59.599535 | 198.51.100.154 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:53:59.718273 | 198.51.100.100 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:59.739072 | 198.51.100.214 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:53:59.864057 | 198.51.100.186 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:53:59.984779 | 198.51.100.35 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:54:00.105772 | 198.51.100.120 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:54:00.124583 | 198.51.100.210 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:54:00.243864 | 198.51.100.124 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:54:00.363291 | 198.51.100.137 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:54:00.482271 | 198.51.100.58 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T22:54:00.602423 | 198.51.100.39 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:54:00.721104 | 198.51.100.222 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:54:00.740605 | 198.51.100.163 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:54:00.862244 | 198.51.100.12 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:54:00.983992 | 198.51.100.19 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:54:01.103975 | 198.51.100.193 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:54:01.222452 | 198.51.100.83 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:54:01.242860 | 198.51.100.152 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:54:01.363708 | 198.51.100.166 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:54:01.483029 | 198.51.100.87 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:54:01.607783 | 198.51.100.79 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:54:01.632546 | 198.51.100.62 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:54:01.753774 | 198.51.100.66 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T22:54:01.868710 | 198.51.100.74 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T22:54:01.987623 | 198.51.100.202 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:54:02.103241 | 198.51.100.71 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:54:02.217601 | 198.51.100.201 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-12T22:54:02.231764 | 198.51.100.117 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:54:02.346742 | 198.51.100.136 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:54:02.461488 | 198.51.100.226 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T22:54:02.577808 | 198.51.100.45 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:54:02.693256 | 198.51.100.121 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-12T22:54:02.807848 | 198.51.100.3 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:54:02.921839 | 198.51.100.170 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:54:02.936345 | 198.51.100.9 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-12T22:54:03.050687 | 198.51.100.142 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-12T22:54:03.164737 | 198.51.100.168 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T22:54:03.279511 | 198.51.100.63 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-12T22:54:03.394170 | 198.51.100.62 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T23:04:35.006792 | 198.51.100.69 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=portal +2025-11-12T23:04:35.038315 | 198.51.100.20 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=portal +2025-11-12T23:04:35.053965 | 198.51.100.139 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=portal +2025-11-12T23:04:35.067824 | 198.51.100.237 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=portal +2025-11-12T23:04:35.082342 | 198.51.100.68 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=portal +2025-11-12T23:04:35.131475 | 198.51.100.99 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=shield +2025-11-12T23:04:35.146841 | 198.51.100.178 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=shield +2025-11-12T23:04:35.162695 | 198.51.100.159 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=shield +2025-11-12T23:04:35.176783 | 198.51.100.68 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=shield +2025-11-12T23:04:35.190641 | 198.51.100.236 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=shield +2025-11-12T23:04:35.204730 | 198.51.100.30 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=shield +2025-11-12T23:04:35.241071 | 198.51.100.79 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-12T23:04:35.255133 | 198.51.100.122 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-12T23:04:35.292612 | 198.51.100.2 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-12T23:04:35.307916 | 198.51.100.54 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T23:04:35.322083 | 198.51.100.182 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-12T23:04:35.337514 | 198.51.100.4 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T23:04:35.352439 | 198.51.100.39 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-12T23:04:35.366387 | 198.51.100.25 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-12T23:04:35.380512 | 198.51.100.182 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=lockdown +2025-11-13T18:48:41.177460 | 198.51.100.82 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=portal +2025-11-13T18:48:41.225264 | 198.51.100.31 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=portal +2025-11-13T18:48:41.241644 | 198.51.100.229 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=portal +2025-11-13T18:48:41.360030 | 198.51.100.202 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=portal +2025-11-13T18:48:41.374730 | 198.51.100.15 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=portal +2025-11-13T18:48:41.428360 | 198.51.100.236 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=shield +2025-11-13T18:48:41.442797 | 198.51.100.99 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=shield +2025-11-13T18:48:41.557854 | 198.51.100.124 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=shield +2025-11-13T18:48:41.571885 | 198.51.100.132 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=shield +2025-11-13T18:48:41.588053 | 198.51.100.208 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=shield +2025-11-13T18:51:16.987820 | 198.51.100.183 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=portal +2025-11-13T18:51:17.021357 | 198.51.100.123 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=2 | mode=portal +2025-11-13T18:51:17.042627 | 198.51.100.129 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=portal +2025-11-13T18:51:17.090084 | 198.51.100.110 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=shield +2025-11-13T18:51:17.105991 | 198.51.100.206 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=shield +2025-11-13T18:51:17.120742 | 198.51.100.3 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=shield +2025-11-13T18:51:17.135470 | 198.51.100.62 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=shield +2025-11-13T18:51:17.149536 | 198.51.100.165 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=shield +2025-11-13T18:51:17.188133 | 198.51.100.121 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-13T18:51:17.205149 | 198.51.100.240 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-13T18:51:17.220703 | 198.51.100.5 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=3 | mode=lockdown +2025-11-13T18:51:17.238372 | 198.51.100.47 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=3 | mode=lockdown +2025-11-13T18:51:17.255006 | 198.51.100.13 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-13T18:51:17.271084 | 198.51.100.210 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-13T18:51:17.287837 | 198.51.100.6 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-13T18:51:17.304151 | 198.51.100.230 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-13T18:51:17.319092 | 198.51.100.81 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-13T18:51:17.335944 | 198.51.100.202 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-13T18:51:17.351074 | 198.51.100.91 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=4 | mode=lockdown +2025-11-13T18:51:17.367574 | 198.51.100.207 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-13T18:51:17.382176 | 198.51.100.65 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-13T18:51:17.399085 | 198.51.100.54 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=3 | mode=lockdown +2025-11-13T18:51:17.414593 | 198.51.100.10 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-13T18:51:17.429397 | 198.51.100.192 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=5 | mode=lockdown +2025-11-13T18:51:17.445028 | 198.51.100.129 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown +2025-11-13T18:51:17.459422 | 198.51.100.17 -> 172.16.0.10 | ET SCAN Potential scan detected (NMAP) | risk=4 | mode=lockdown +2025-11-13T18:51:17.474502 | 198.51.100.73 -> 172.16.0.10 | ET BRUTEFORCE SSH Brute force attempt | risk=2 | mode=lockdown +2025-11-13T18:51:17.489643 | 198.51.100.250 -> 172.16.0.10 | ET EXPLOIT Possible buffer overflow | risk=4 | mode=lockdown +2025-11-13T18:51:17.507107 | 198.51.100.100 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=4 | mode=lockdown +2025-11-13T18:51:17.521946 | 198.51.100.195 -> 172.16.0.10 | ET DOS Possible DDoS amplification | risk=2 | mode=lockdown diff --git a/runtime/demo_eve.json b/runtime/demo_eve.json index 9f304a0..d40f2c7 100644 --- a/runtime/demo_eve.json +++ b/runtime/demo_eve.json @@ -98,3 +98,881 @@ {"event_type":"alert","timestamp":"2025-11-11T12:52:20.977426+00:00","src_ip":"198.51.100.77","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} {"event_type":"alert","timestamp":"2025-11-11T12:52:21.077699+00:00","src_ip":"198.51.100.121","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} {"event_type":"alert","timestamp":"2025-11-11T12:52:21.177966+00:00","src_ip":"198.51.100.178","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:34:47.599480+00:00","src_ip":"198.51.100.62","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:34:47.609695+00:00","src_ip":"198.51.100.220","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:36:07.455207+00:00","src_ip":"198.51.100.81","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:36:07.465512+00:00","src_ip":"198.51.100.218","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:46.032778+00:00","src_ip":"198.51.100.143","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:46.132997+00:00","src_ip":"198.51.100.22","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:46.233232+00:00","src_ip":"198.51.100.29","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:46.333494+00:00","src_ip":"198.51.100.218","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:46.433745+00:00","src_ip":"198.51.100.25","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:46.533971+00:00","src_ip":"198.51.100.173","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:46.634231+00:00","src_ip":"198.51.100.93","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:46.734475+00:00","src_ip":"198.51.100.205","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:46.834807+00:00","src_ip":"198.51.100.192","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:46.935341+00:00","src_ip":"198.51.100.8","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:47.035585+00:00","src_ip":"198.51.100.86","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:47.135826+00:00","src_ip":"198.51.100.47","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:47.236094+00:00","src_ip":"198.51.100.218","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:47.336335+00:00","src_ip":"198.51.100.190","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:47.436579+00:00","src_ip":"198.51.100.38","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:47.536816+00:00","src_ip":"198.51.100.205","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:47.637036+00:00","src_ip":"198.51.100.65","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:47.737257+00:00","src_ip":"198.51.100.58","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:47.837500+00:00","src_ip":"198.51.100.124","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:47.937718+00:00","src_ip":"198.51.100.224","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:48.037978+00:00","src_ip":"198.51.100.237","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:48.138227+00:00","src_ip":"198.51.100.202","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:48.238473+00:00","src_ip":"198.51.100.61","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:48.338716+00:00","src_ip":"198.51.100.94","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:48.438960+00:00","src_ip":"198.51.100.157","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:48.539233+00:00","src_ip":"198.51.100.130","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:48.639480+00:00","src_ip":"198.51.100.36","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:48.739717+00:00","src_ip":"198.51.100.158","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:48.839960+00:00","src_ip":"198.51.100.236","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:48.940186+00:00","src_ip":"198.51.100.61","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:49.040433+00:00","src_ip":"198.51.100.242","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:49.140672+00:00","src_ip":"198.51.100.149","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:49.240961+00:00","src_ip":"198.51.100.130","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:49.341251+00:00","src_ip":"198.51.100.109","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:49.441528+00:00","src_ip":"198.51.100.13","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:49.541802+00:00","src_ip":"198.51.100.127","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:49.642086+00:00","src_ip":"198.51.100.205","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:49.742379+00:00","src_ip":"198.51.100.191","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:49.842663+00:00","src_ip":"198.51.100.31","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:49.942947+00:00","src_ip":"198.51.100.40","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:50.043250+00:00","src_ip":"198.51.100.137","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:50.143488+00:00","src_ip":"198.51.100.47","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:50.243764+00:00","src_ip":"198.51.100.99","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:50.344041+00:00","src_ip":"198.51.100.193","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:50.444344+00:00","src_ip":"198.51.100.196","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:50.544627+00:00","src_ip":"198.51.100.243","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:50.644926+00:00","src_ip":"198.51.100.32","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:50.745341+00:00","src_ip":"198.51.100.238","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:50.845624+00:00","src_ip":"198.51.100.154","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:50.945908+00:00","src_ip":"198.51.100.144","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:51.046194+00:00","src_ip":"198.51.100.61","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:51.146922+00:00","src_ip":"198.51.100.191","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:51.247242+00:00","src_ip":"198.51.100.231","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:51.347504+00:00","src_ip":"198.51.100.166","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:51.447795+00:00","src_ip":"198.51.100.236","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:51.548069+00:00","src_ip":"198.51.100.8","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:51.648343+00:00","src_ip":"198.51.100.31","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:51.748634+00:00","src_ip":"198.51.100.10","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:51.848934+00:00","src_ip":"198.51.100.72","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:51.949221+00:00","src_ip":"198.51.100.169","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:52.049494+00:00","src_ip":"198.51.100.247","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:52.149884+00:00","src_ip":"198.51.100.158","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:52.250162+00:00","src_ip":"198.51.100.49","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:52.350443+00:00","src_ip":"198.51.100.127","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:52.450727+00:00","src_ip":"198.51.100.69","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:52.551032+00:00","src_ip":"198.51.100.155","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:52.651329+00:00","src_ip":"198.51.100.176","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:52.751601+00:00","src_ip":"198.51.100.53","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:52.851825+00:00","src_ip":"198.51.100.239","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:52.952108+00:00","src_ip":"198.51.100.174","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:53.052401+00:00","src_ip":"198.51.100.170","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:53.152697+00:00","src_ip":"198.51.100.143","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:53.252961+00:00","src_ip":"198.51.100.192","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:53.353244+00:00","src_ip":"198.51.100.37","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:53.453511+00:00","src_ip":"198.51.100.198","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:53.553745+00:00","src_ip":"198.51.100.98","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:53.654013+00:00","src_ip":"198.51.100.81","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:53.754303+00:00","src_ip":"198.51.100.62","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:53.854656+00:00","src_ip":"198.51.100.117","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:53.954907+00:00","src_ip":"198.51.100.186","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:54.055162+00:00","src_ip":"198.51.100.85","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:54.155415+00:00","src_ip":"198.51.100.230","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:54.255656+00:00","src_ip":"198.51.100.37","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:54.355903+00:00","src_ip":"198.51.100.50","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:54.456157+00:00","src_ip":"198.51.100.214","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:54.556395+00:00","src_ip":"198.51.100.126","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:54.657133+00:00","src_ip":"198.51.100.8","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:54.757547+00:00","src_ip":"198.51.100.195","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:54.857799+00:00","src_ip":"198.51.100.69","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:54.958047+00:00","src_ip":"198.51.100.70","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:55.058303+00:00","src_ip":"198.51.100.20","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:55.158541+00:00","src_ip":"198.51.100.221","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:55.258810+00:00","src_ip":"198.51.100.139","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:55.359049+00:00","src_ip":"198.51.100.240","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:55.459306+00:00","src_ip":"198.51.100.240","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:55.559549+00:00","src_ip":"198.51.100.107","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:55.659791+00:00","src_ip":"198.51.100.189","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:55.760036+00:00","src_ip":"198.51.100.40","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:55.860287+00:00","src_ip":"198.51.100.148","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:55.960535+00:00","src_ip":"198.51.100.215","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:56.060774+00:00","src_ip":"198.51.100.4","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:56.160973+00:00","src_ip":"198.51.100.150","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:56.261308+00:00","src_ip":"198.51.100.221","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:56.361540+00:00","src_ip":"198.51.100.119","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:56.461794+00:00","src_ip":"198.51.100.119","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:56.561989+00:00","src_ip":"198.51.100.166","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:56.662222+00:00","src_ip":"198.51.100.134","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:56.762459+00:00","src_ip":"198.51.100.25","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:56.862708+00:00","src_ip":"198.51.100.226","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:56.962957+00:00","src_ip":"198.51.100.243","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:57.066792+00:00","src_ip":"198.51.100.240","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:57.167135+00:00","src_ip":"198.51.100.202","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:57.267400+00:00","src_ip":"198.51.100.160","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:57.367619+00:00","src_ip":"198.51.100.241","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:57.467874+00:00","src_ip":"198.51.100.19","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:57.568114+00:00","src_ip":"198.51.100.45","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:57.668371+00:00","src_ip":"198.51.100.170","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:57.768619+00:00","src_ip":"198.51.100.143","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:57.868867+00:00","src_ip":"198.51.100.206","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:57.969105+00:00","src_ip":"198.51.100.88","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:58.069356+00:00","src_ip":"198.51.100.35","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:58.169595+00:00","src_ip":"198.51.100.138","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:58.269850+00:00","src_ip":"198.51.100.5","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:58.370096+00:00","src_ip":"198.51.100.85","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:58.470351+00:00","src_ip":"198.51.100.83","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:58.570593+00:00","src_ip":"198.51.100.38","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:58.670840+00:00","src_ip":"198.51.100.177","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:58.771093+00:00","src_ip":"198.51.100.148","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:58.871407+00:00","src_ip":"198.51.100.137","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:58.971692+00:00","src_ip":"198.51.100.118","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:59.071983+00:00","src_ip":"198.51.100.132","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:59.172252+00:00","src_ip":"198.51.100.220","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:59.272502+00:00","src_ip":"198.51.100.220","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:59.372766+00:00","src_ip":"198.51.100.191","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:59.473057+00:00","src_ip":"198.51.100.195","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:59.573339+00:00","src_ip":"198.51.100.206","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:59.673583+00:00","src_ip":"198.51.100.140","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:59.773848+00:00","src_ip":"198.51.100.33","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:59.874136+00:00","src_ip":"198.51.100.223","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:37:59.974414+00:00","src_ip":"198.51.100.23","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:00.074700+00:00","src_ip":"198.51.100.172","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:00.174992+00:00","src_ip":"198.51.100.126","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:00.275306+00:00","src_ip":"198.51.100.142","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:00.375575+00:00","src_ip":"198.51.100.118","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:00.475855+00:00","src_ip":"198.51.100.179","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:00.576127+00:00","src_ip":"198.51.100.134","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:00.676410+00:00","src_ip":"198.51.100.154","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:00.776675+00:00","src_ip":"198.51.100.158","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:00.876909+00:00","src_ip":"198.51.100.166","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:00.977204+00:00","src_ip":"198.51.100.10","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:01.077486+00:00","src_ip":"198.51.100.213","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:01.177748+00:00","src_ip":"198.51.100.36","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:01.278028+00:00","src_ip":"198.51.100.62","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:01.378300+00:00","src_ip":"198.51.100.199","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:01.478580+00:00","src_ip":"198.51.100.71","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:01.578872+00:00","src_ip":"198.51.100.15","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:01.679101+00:00","src_ip":"198.51.100.200","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:01.779367+00:00","src_ip":"198.51.100.187","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:01.879648+00:00","src_ip":"198.51.100.161","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:01.979922+00:00","src_ip":"198.51.100.223","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:02.080199+00:00","src_ip":"198.51.100.163","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:02.183106+00:00","src_ip":"198.51.100.249","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:02.283394+00:00","src_ip":"198.51.100.34","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:02.383670+00:00","src_ip":"198.51.100.201","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:02.484095+00:00","src_ip":"198.51.100.224","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:02.584357+00:00","src_ip":"198.51.100.218","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:02.684636+00:00","src_ip":"198.51.100.84","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:02.784873+00:00","src_ip":"198.51.100.20","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:02.885141+00:00","src_ip":"198.51.100.66","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:02.985494+00:00","src_ip":"198.51.100.212","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:03.085828+00:00","src_ip":"198.51.100.187","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:03.186130+00:00","src_ip":"198.51.100.232","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:03.286413+00:00","src_ip":"198.51.100.20","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:03.386685+00:00","src_ip":"198.51.100.68","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:03.486960+00:00","src_ip":"198.51.100.192","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:03.587253+00:00","src_ip":"198.51.100.99","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:03.687541+00:00","src_ip":"198.51.100.13","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:03.787814+00:00","src_ip":"198.51.100.158","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:03.888101+00:00","src_ip":"198.51.100.70","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:03.988385+00:00","src_ip":"198.51.100.59","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:04.088678+00:00","src_ip":"198.51.100.236","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:04.188956+00:00","src_ip":"198.51.100.91","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:04.289246+00:00","src_ip":"198.51.100.182","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:04.389540+00:00","src_ip":"198.51.100.13","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:04.489783+00:00","src_ip":"198.51.100.227","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:04.590062+00:00","src_ip":"198.51.100.124","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:04.690333+00:00","src_ip":"198.51.100.176","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:04.790609+00:00","src_ip":"198.51.100.23","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:04.890905+00:00","src_ip":"198.51.100.57","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:04.991228+00:00","src_ip":"198.51.100.33","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:05.091480+00:00","src_ip":"198.51.100.199","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:05.191832+00:00","src_ip":"198.51.100.65","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:05.292091+00:00","src_ip":"198.51.100.12","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:05.392382+00:00","src_ip":"198.51.100.99","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:05.492654+00:00","src_ip":"198.51.100.90","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:05.592947+00:00","src_ip":"198.51.100.135","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:05.693266+00:00","src_ip":"198.51.100.221","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:05.793540+00:00","src_ip":"198.51.100.200","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:05.893792+00:00","src_ip":"198.51.100.68","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:38:05.994072+00:00","src_ip":"198.51.100.201","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:07.868574+00:00","src_ip":"198.51.100.52","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:07.878790+00:00","src_ip":"198.51.100.233","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:49.662498+00:00","src_ip":"198.51.100.21","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:49.762733+00:00","src_ip":"198.51.100.115","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:49.862994+00:00","src_ip":"198.51.100.168","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:49.963264+00:00","src_ip":"198.51.100.38","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:50.063509+00:00","src_ip":"198.51.100.116","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:50.163733+00:00","src_ip":"198.51.100.15","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:50.264002+00:00","src_ip":"198.51.100.93","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:50.364252+00:00","src_ip":"198.51.100.221","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:50.464501+00:00","src_ip":"198.51.100.181","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:50.564751+00:00","src_ip":"198.51.100.54","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:50.664964+00:00","src_ip":"198.51.100.171","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:50.765214+00:00","src_ip":"198.51.100.48","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:50.865498+00:00","src_ip":"198.51.100.92","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:50.965730+00:00","src_ip":"198.51.100.89","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:51.065972+00:00","src_ip":"198.51.100.25","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:51.166188+00:00","src_ip":"198.51.100.250","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:51.267099+00:00","src_ip":"198.51.100.112","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:51.367299+00:00","src_ip":"198.51.100.25","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:51.467543+00:00","src_ip":"198.51.100.131","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:51.567786+00:00","src_ip":"198.51.100.239","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:51.668005+00:00","src_ip":"198.51.100.19","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:51.768198+00:00","src_ip":"198.51.100.238","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:51.868445+00:00","src_ip":"198.51.100.245","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:51.968685+00:00","src_ip":"198.51.100.220","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:52.068933+00:00","src_ip":"198.51.100.97","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:52.169172+00:00","src_ip":"198.51.100.144","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:52.269424+00:00","src_ip":"198.51.100.114","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:52.369615+00:00","src_ip":"198.51.100.212","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:52.469854+00:00","src_ip":"198.51.100.133","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:52.570064+00:00","src_ip":"198.51.100.245","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:52.670295+00:00","src_ip":"198.51.100.157","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:52.770535+00:00","src_ip":"198.51.100.91","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:52.870778+00:00","src_ip":"198.51.100.57","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:52.971013+00:00","src_ip":"198.51.100.135","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:53.071234+00:00","src_ip":"198.51.100.50","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:53.171500+00:00","src_ip":"198.51.100.124","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:53.271737+00:00","src_ip":"198.51.100.135","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:53.371958+00:00","src_ip":"198.51.100.139","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:53.472194+00:00","src_ip":"198.51.100.45","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:53.572411+00:00","src_ip":"198.51.100.134","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:53.672628+00:00","src_ip":"198.51.100.110","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:53.772866+00:00","src_ip":"198.51.100.224","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:53.873109+00:00","src_ip":"198.51.100.202","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:53.973352+00:00","src_ip":"198.51.100.113","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:54.073591+00:00","src_ip":"198.51.100.127","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:54.173805+00:00","src_ip":"198.51.100.129","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:54.274047+00:00","src_ip":"198.51.100.156","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:54.374288+00:00","src_ip":"198.51.100.126","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:54.474536+00:00","src_ip":"198.51.100.69","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:54.574773+00:00","src_ip":"198.51.100.34","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:54.675045+00:00","src_ip":"198.51.100.73","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:54.775338+00:00","src_ip":"198.51.100.154","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:54.875618+00:00","src_ip":"198.51.100.204","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:54.975863+00:00","src_ip":"198.51.100.211","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:55.076131+00:00","src_ip":"198.51.100.16","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:55.176379+00:00","src_ip":"198.51.100.133","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:55.276684+00:00","src_ip":"198.51.100.143","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:55.376940+00:00","src_ip":"198.51.100.54","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:55.477224+00:00","src_ip":"198.51.100.148","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:55.577508+00:00","src_ip":"198.51.100.173","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:55.677749+00:00","src_ip":"198.51.100.210","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:55.778005+00:00","src_ip":"198.51.100.6","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:55.878286+00:00","src_ip":"198.51.100.85","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:55.978547+00:00","src_ip":"198.51.100.177","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:56.078814+00:00","src_ip":"198.51.100.116","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:56.179068+00:00","src_ip":"198.51.100.190","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:56.279380+00:00","src_ip":"198.51.100.178","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:56.379610+00:00","src_ip":"198.51.100.45","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:56.479877+00:00","src_ip":"198.51.100.19","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:56.580141+00:00","src_ip":"198.51.100.122","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:56.680413+00:00","src_ip":"198.51.100.163","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:56.780807+00:00","src_ip":"198.51.100.203","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:56.881067+00:00","src_ip":"198.51.100.87","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:56.981341+00:00","src_ip":"198.51.100.20","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:57.081626+00:00","src_ip":"198.51.100.83","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:57.181882+00:00","src_ip":"198.51.100.13","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:57.282147+00:00","src_ip":"198.51.100.222","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:57.382421+00:00","src_ip":"198.51.100.224","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:57.482711+00:00","src_ip":"198.51.100.190","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:57.583014+00:00","src_ip":"198.51.100.46","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:57.683358+00:00","src_ip":"198.51.100.135","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:57.783624+00:00","src_ip":"198.51.100.162","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:57.883894+00:00","src_ip":"198.51.100.174","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:57.984234+00:00","src_ip":"198.51.100.51","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:58.084504+00:00","src_ip":"198.51.100.231","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:58.184907+00:00","src_ip":"198.51.100.105","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:58.285177+00:00","src_ip":"198.51.100.250","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:58.385450+00:00","src_ip":"198.51.100.204","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:58.485694+00:00","src_ip":"198.51.100.179","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:58.586034+00:00","src_ip":"198.51.100.28","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:58.686304+00:00","src_ip":"198.51.100.71","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:58.786585+00:00","src_ip":"198.51.100.239","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:58.886978+00:00","src_ip":"198.51.100.97","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:58.987269+00:00","src_ip":"198.51.100.201","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:59.087593+00:00","src_ip":"198.51.100.33","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:59.187899+00:00","src_ip":"198.51.100.165","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:59.288172+00:00","src_ip":"198.51.100.234","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:59.388430+00:00","src_ip":"198.51.100.169","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:59.488704+00:00","src_ip":"198.51.100.12","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:59.588985+00:00","src_ip":"198.51.100.192","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:59.689268+00:00","src_ip":"198.51.100.166","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:59.789545+00:00","src_ip":"198.51.100.208","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:59.889784+00:00","src_ip":"198.51.100.93","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:39:59.990044+00:00","src_ip":"198.51.100.194","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:00.090320+00:00","src_ip":"198.51.100.184","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:00.190609+00:00","src_ip":"198.51.100.63","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:00.290896+00:00","src_ip":"198.51.100.250","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:00.391214+00:00","src_ip":"198.51.100.104","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:00.491478+00:00","src_ip":"198.51.100.220","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:00.591703+00:00","src_ip":"198.51.100.18","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:00.691948+00:00","src_ip":"198.51.100.107","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:00.792204+00:00","src_ip":"198.51.100.139","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:00.892476+00:00","src_ip":"198.51.100.15","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:00.992762+00:00","src_ip":"198.51.100.96","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:01.093041+00:00","src_ip":"198.51.100.175","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:01.193374+00:00","src_ip":"198.51.100.208","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:01.293646+00:00","src_ip":"198.51.100.93","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:01.393931+00:00","src_ip":"198.51.100.140","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:01.494214+00:00","src_ip":"198.51.100.119","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:01.594478+00:00","src_ip":"198.51.100.46","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:01.694749+00:00","src_ip":"198.51.100.85","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:01.795047+00:00","src_ip":"198.51.100.67","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:01.895376+00:00","src_ip":"198.51.100.202","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:01.995624+00:00","src_ip":"198.51.100.214","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:02.095903+00:00","src_ip":"198.51.100.81","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:02.196187+00:00","src_ip":"198.51.100.228","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:02.296464+00:00","src_ip":"198.51.100.132","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:02.396744+00:00","src_ip":"198.51.100.211","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:02.497061+00:00","src_ip":"198.51.100.45","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:02.597385+00:00","src_ip":"198.51.100.139","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:02.697662+00:00","src_ip":"198.51.100.235","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:02.797975+00:00","src_ip":"198.51.100.30","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:02.898261+00:00","src_ip":"198.51.100.59","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:02.998536+00:00","src_ip":"198.51.100.38","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:03.098810+00:00","src_ip":"198.51.100.80","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:03.199096+00:00","src_ip":"198.51.100.118","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:03.299335+00:00","src_ip":"198.51.100.113","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:03.399616+00:00","src_ip":"198.51.100.101","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:03.499895+00:00","src_ip":"198.51.100.31","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:03.600185+00:00","src_ip":"198.51.100.238","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:03.700457+00:00","src_ip":"198.51.100.182","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:03.800768+00:00","src_ip":"198.51.100.66","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:03.901432+00:00","src_ip":"198.51.100.36","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:04.001716+00:00","src_ip":"198.51.100.94","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:04.101978+00:00","src_ip":"198.51.100.144","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:04.202276+00:00","src_ip":"198.51.100.10","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:04.302552+00:00","src_ip":"198.51.100.199","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:04.402832+00:00","src_ip":"198.51.100.212","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:04.503115+00:00","src_ip":"198.51.100.62","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:04.603401+00:00","src_ip":"198.51.100.165","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:04.703640+00:00","src_ip":"198.51.100.72","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:04.803931+00:00","src_ip":"198.51.100.80","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:04.904196+00:00","src_ip":"198.51.100.230","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:05.004457+00:00","src_ip":"198.51.100.136","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:05.104722+00:00","src_ip":"198.51.100.74","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:05.204994+00:00","src_ip":"198.51.100.247","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:05.305283+00:00","src_ip":"198.51.100.65","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:05.405552+00:00","src_ip":"198.51.100.144","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:05.505802+00:00","src_ip":"198.51.100.136","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:05.606029+00:00","src_ip":"198.51.100.223","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:05.706277+00:00","src_ip":"198.51.100.205","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:05.806492+00:00","src_ip":"198.51.100.118","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:05.906732+00:00","src_ip":"198.51.100.60","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:06.006978+00:00","src_ip":"198.51.100.114","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:06.107234+00:00","src_ip":"198.51.100.192","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:06.207432+00:00","src_ip":"198.51.100.166","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:06.307673+00:00","src_ip":"198.51.100.125","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:06.407919+00:00","src_ip":"198.51.100.181","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:06.508156+00:00","src_ip":"198.51.100.61","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:06.608388+00:00","src_ip":"198.51.100.20","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:06.708630+00:00","src_ip":"198.51.100.137","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:06.808877+00:00","src_ip":"198.51.100.43","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:06.909120+00:00","src_ip":"198.51.100.114","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:07.009369+00:00","src_ip":"198.51.100.112","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:07.109612+00:00","src_ip":"198.51.100.166","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:07.209821+00:00","src_ip":"198.51.100.33","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:07.310053+00:00","src_ip":"198.51.100.160","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:07.410302+00:00","src_ip":"198.51.100.230","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:07.510538+00:00","src_ip":"198.51.100.14","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:07.610786+00:00","src_ip":"198.51.100.145","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:07.711019+00:00","src_ip":"198.51.100.22","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:07.811252+00:00","src_ip":"198.51.100.82","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:07.911497+00:00","src_ip":"198.51.100.143","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:08.011738+00:00","src_ip":"198.51.100.127","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:08.111951+00:00","src_ip":"198.51.100.25","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:08.212175+00:00","src_ip":"198.51.100.47","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:08.312423+00:00","src_ip":"198.51.100.16","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:08.412654+00:00","src_ip":"198.51.100.16","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:08.512901+00:00","src_ip":"198.51.100.109","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:08.613152+00:00","src_ip":"198.51.100.246","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:08.713396+00:00","src_ip":"198.51.100.95","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:08.813644+00:00","src_ip":"198.51.100.67","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:08.913900+00:00","src_ip":"198.51.100.196","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:09.014144+00:00","src_ip":"198.51.100.99","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:09.114385+00:00","src_ip":"198.51.100.74","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:09.214627+00:00","src_ip":"198.51.100.115","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:09.314866+00:00","src_ip":"198.51.100.201","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:09.415132+00:00","src_ip":"198.51.100.99","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:09.515373+00:00","src_ip":"198.51.100.26","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:40:09.615613+00:00","src_ip":"198.51.100.56","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:42:44.883387+00:00","src_ip":"198.51.100.237","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:42:44.893645+00:00","src_ip":"198.51.100.216","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:42:44.903821+00:00","src_ip":"198.51.100.231","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:42:44.913942+00:00","src_ip":"198.51.100.53","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:45:33.459170+00:00","src_ip":"198.51.100.250","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:45:33.469376+00:00","src_ip":"198.51.100.8","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:45:33.479574+00:00","src_ip":"198.51.100.136","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:45:33.489702+00:00","src_ip":"198.51.100.88","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:46:54.522454+00:00","src_ip":"198.51.100.180","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:46:54.532677+00:00","src_ip":"198.51.100.127","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:53.338719+00:00","src_ip":"198.51.100.40","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:53.438996+00:00","src_ip":"198.51.100.31","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:53.539277+00:00","src_ip":"198.51.100.231","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:53.639513+00:00","src_ip":"198.51.100.162","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:53.739889+00:00","src_ip":"198.51.100.144","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:53.840128+00:00","src_ip":"198.51.100.175","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:53.940382+00:00","src_ip":"198.51.100.229","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:54.040611+00:00","src_ip":"198.51.100.51","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:54.140837+00:00","src_ip":"198.51.100.122","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:54.241030+00:00","src_ip":"198.51.100.44","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:54.341277+00:00","src_ip":"198.51.100.150","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:54.441500+00:00","src_ip":"198.51.100.167","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:54.541778+00:00","src_ip":"198.51.100.233","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:54.642025+00:00","src_ip":"198.51.100.197","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:54.742414+00:00","src_ip":"198.51.100.66","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:54.842643+00:00","src_ip":"198.51.100.180","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:54.942900+00:00","src_ip":"198.51.100.64","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:55.043169+00:00","src_ip":"198.51.100.200","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:55.143408+00:00","src_ip":"198.51.100.162","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:55.243644+00:00","src_ip":"198.51.100.175","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:55.343872+00:00","src_ip":"198.51.100.203","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:55.444129+00:00","src_ip":"198.51.100.183","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:55.544369+00:00","src_ip":"198.51.100.88","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:55.644618+00:00","src_ip":"198.51.100.45","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:55.744870+00:00","src_ip":"198.51.100.225","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:55.845118+00:00","src_ip":"198.51.100.98","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:55.945358+00:00","src_ip":"198.51.100.9","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:56.045595+00:00","src_ip":"198.51.100.152","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:56.145808+00:00","src_ip":"198.51.100.139","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:56.246042+00:00","src_ip":"198.51.100.156","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:56.346246+00:00","src_ip":"198.51.100.177","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:56.446499+00:00","src_ip":"198.51.100.153","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:56.546727+00:00","src_ip":"198.51.100.167","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:56.646974+00:00","src_ip":"198.51.100.94","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:56.747318+00:00","src_ip":"198.51.100.200","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:56.847559+00:00","src_ip":"198.51.100.64","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:56.947805+00:00","src_ip":"198.51.100.115","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:57.048052+00:00","src_ip":"198.51.100.228","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:57.148306+00:00","src_ip":"198.51.100.216","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:57.248559+00:00","src_ip":"198.51.100.79","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:57.348789+00:00","src_ip":"198.51.100.163","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:57.449042+00:00","src_ip":"198.51.100.243","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:57.549279+00:00","src_ip":"198.51.100.237","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:57.649521+00:00","src_ip":"198.51.100.137","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:57.749768+00:00","src_ip":"198.51.100.86","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:57.850021+00:00","src_ip":"198.51.100.79","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:57.950267+00:00","src_ip":"198.51.100.100","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:58.050520+00:00","src_ip":"198.51.100.51","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:58.150762+00:00","src_ip":"198.51.100.172","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:58.251032+00:00","src_ip":"198.51.100.143","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:58.351310+00:00","src_ip":"198.51.100.205","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:58.451557+00:00","src_ip":"198.51.100.221","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:58.551826+00:00","src_ip":"198.51.100.211","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:58.652095+00:00","src_ip":"198.51.100.236","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:58.752386+00:00","src_ip":"198.51.100.157","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:58.852675+00:00","src_ip":"198.51.100.166","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:58.952955+00:00","src_ip":"198.51.100.13","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:59.053231+00:00","src_ip":"198.51.100.129","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:59.153464+00:00","src_ip":"198.51.100.175","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:59.253708+00:00","src_ip":"198.51.100.36","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:59.353952+00:00","src_ip":"198.51.100.39","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:59.454188+00:00","src_ip":"198.51.100.250","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:59.554423+00:00","src_ip":"198.51.100.60","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:59.654668+00:00","src_ip":"198.51.100.96","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:59.754919+00:00","src_ip":"198.51.100.143","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:59.855167+00:00","src_ip":"198.51.100.58","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:47:59.955446+00:00","src_ip":"198.51.100.151","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:00.055635+00:00","src_ip":"198.51.100.171","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:00.155877+00:00","src_ip":"198.51.100.221","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:00.256120+00:00","src_ip":"198.51.100.80","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:00.356361+00:00","src_ip":"198.51.100.91","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:00.456610+00:00","src_ip":"198.51.100.113","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:00.556920+00:00","src_ip":"198.51.100.139","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:00.657131+00:00","src_ip":"198.51.100.154","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:00.757369+00:00","src_ip":"198.51.100.54","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:00.857590+00:00","src_ip":"198.51.100.2","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:00.957828+00:00","src_ip":"198.51.100.176","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:01.058072+00:00","src_ip":"198.51.100.135","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:01.158363+00:00","src_ip":"198.51.100.146","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:01.258566+00:00","src_ip":"198.51.100.146","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:01.358828+00:00","src_ip":"198.51.100.41","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:01.459059+00:00","src_ip":"198.51.100.16","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:01.559304+00:00","src_ip":"198.51.100.49","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:01.659552+00:00","src_ip":"198.51.100.152","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:01.759778+00:00","src_ip":"198.51.100.68","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:01.860016+00:00","src_ip":"198.51.100.219","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:01.960230+00:00","src_ip":"198.51.100.69","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:02.060467+00:00","src_ip":"198.51.100.25","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:02.160724+00:00","src_ip":"198.51.100.246","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:02.260972+00:00","src_ip":"198.51.100.35","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:02.361209+00:00","src_ip":"198.51.100.175","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:02.461444+00:00","src_ip":"198.51.100.126","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:02.561706+00:00","src_ip":"198.51.100.86","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:02.661933+00:00","src_ip":"198.51.100.47","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:02.762163+00:00","src_ip":"198.51.100.34","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:02.862410+00:00","src_ip":"198.51.100.13","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:02.962661+00:00","src_ip":"198.51.100.234","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:03.062888+00:00","src_ip":"198.51.100.180","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:03.163132+00:00","src_ip":"198.51.100.239","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:03.263386+00:00","src_ip":"198.51.100.142","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:03.363667+00:00","src_ip":"198.51.100.42","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:03.463925+00:00","src_ip":"198.51.100.69","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:03.564174+00:00","src_ip":"198.51.100.131","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:03.664429+00:00","src_ip":"198.51.100.107","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:03.764678+00:00","src_ip":"198.51.100.219","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:03.864925+00:00","src_ip":"198.51.100.97","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:03.965179+00:00","src_ip":"198.51.100.34","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:04.065456+00:00","src_ip":"198.51.100.111","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:04.165744+00:00","src_ip":"198.51.100.191","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:04.266031+00:00","src_ip":"198.51.100.77","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:04.366314+00:00","src_ip":"198.51.100.232","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:04.466595+00:00","src_ip":"198.51.100.92","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:04.566845+00:00","src_ip":"198.51.100.176","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:04.667116+00:00","src_ip":"198.51.100.144","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:04.767391+00:00","src_ip":"198.51.100.126","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:04.867655+00:00","src_ip":"198.51.100.63","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:04.967903+00:00","src_ip":"198.51.100.160","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:05.068137+00:00","src_ip":"198.51.100.186","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:05.168416+00:00","src_ip":"198.51.100.72","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:05.268707+00:00","src_ip":"198.51.100.213","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:05.369140+00:00","src_ip":"198.51.100.57","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:05.469421+00:00","src_ip":"198.51.100.26","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:05.569701+00:00","src_ip":"198.51.100.239","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:05.669979+00:00","src_ip":"198.51.100.172","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:05.770273+00:00","src_ip":"198.51.100.183","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:05.870575+00:00","src_ip":"198.51.100.208","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:05.971128+00:00","src_ip":"198.51.100.70","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:06.071413+00:00","src_ip":"198.51.100.73","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:06.171697+00:00","src_ip":"198.51.100.141","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:06.272014+00:00","src_ip":"198.51.100.125","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:06.372291+00:00","src_ip":"198.51.100.159","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:06.472573+00:00","src_ip":"198.51.100.23","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:06.572889+00:00","src_ip":"198.51.100.136","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:06.673183+00:00","src_ip":"198.51.100.139","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:06.773438+00:00","src_ip":"198.51.100.98","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:06.873730+00:00","src_ip":"198.51.100.162","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:06.974006+00:00","src_ip":"198.51.100.223","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:07.074289+00:00","src_ip":"198.51.100.88","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:07.174583+00:00","src_ip":"198.51.100.145","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:07.274855+00:00","src_ip":"198.51.100.53","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:07.375306+00:00","src_ip":"198.51.100.15","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:07.475732+00:00","src_ip":"198.51.100.136","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:07.576023+00:00","src_ip":"198.51.100.114","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:07.676312+00:00","src_ip":"198.51.100.6","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:07.776585+00:00","src_ip":"198.51.100.235","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:07.876900+00:00","src_ip":"198.51.100.59","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:07.977185+00:00","src_ip":"198.51.100.119","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:08.077469+00:00","src_ip":"198.51.100.208","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:08.177761+00:00","src_ip":"198.51.100.29","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:08.278122+00:00","src_ip":"198.51.100.51","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:08.378397+00:00","src_ip":"198.51.100.180","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:08.478814+00:00","src_ip":"198.51.100.72","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:08.579102+00:00","src_ip":"198.51.100.199","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:08.679378+00:00","src_ip":"198.51.100.81","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:08.779662+00:00","src_ip":"198.51.100.48","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:08.879972+00:00","src_ip":"198.51.100.140","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:08.980243+00:00","src_ip":"198.51.100.4","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:09.080634+00:00","src_ip":"198.51.100.180","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:09.180914+00:00","src_ip":"198.51.100.209","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:09.281231+00:00","src_ip":"198.51.100.154","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:09.381560+00:00","src_ip":"198.51.100.26","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:09.481864+00:00","src_ip":"198.51.100.204","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:09.582176+00:00","src_ip":"198.51.100.216","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:09.682464+00:00","src_ip":"198.51.100.174","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:09.782759+00:00","src_ip":"198.51.100.32","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:09.883057+00:00","src_ip":"198.51.100.31","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:09.983320+00:00","src_ip":"198.51.100.153","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:10.083555+00:00","src_ip":"198.51.100.153","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:10.183845+00:00","src_ip":"198.51.100.98","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:10.284255+00:00","src_ip":"198.51.100.152","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:10.384551+00:00","src_ip":"198.51.100.99","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:10.484798+00:00","src_ip":"198.51.100.124","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:10.585062+00:00","src_ip":"198.51.100.225","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:10.685370+00:00","src_ip":"198.51.100.31","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:10.785661+00:00","src_ip":"198.51.100.136","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:10.885928+00:00","src_ip":"198.51.100.5","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:10.986195+00:00","src_ip":"198.51.100.230","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:11.086467+00:00","src_ip":"198.51.100.109","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:11.186749+00:00","src_ip":"198.51.100.160","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:11.287066+00:00","src_ip":"198.51.100.238","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:11.387341+00:00","src_ip":"198.51.100.5","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:11.487609+00:00","src_ip":"198.51.100.100","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:11.587924+00:00","src_ip":"198.51.100.158","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:11.688193+00:00","src_ip":"198.51.100.125","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:11.788473+00:00","src_ip":"198.51.100.149","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:11.888739+00:00","src_ip":"198.51.100.70","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:11.989033+00:00","src_ip":"198.51.100.126","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:12.089325+00:00","src_ip":"198.51.100.153","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:12.189599+00:00","src_ip":"198.51.100.69","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:12.289875+00:00","src_ip":"198.51.100.22","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:12.390187+00:00","src_ip":"198.51.100.86","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:12.490466+00:00","src_ip":"198.51.100.222","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:12.591040+00:00","src_ip":"198.51.100.208","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:12.691271+00:00","src_ip":"198.51.100.92","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:12.791550+00:00","src_ip":"198.51.100.143","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:12.895136+00:00","src_ip":"198.51.100.125","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:12.996279+00:00","src_ip":"198.51.100.146","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:13.096565+00:00","src_ip":"198.51.100.140","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:13.196908+00:00","src_ip":"198.51.100.134","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:48:13.297233+00:00","src_ip":"198.51.100.129","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:19.088547+00:00","src_ip":"198.51.100.221","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:19.098771+00:00","src_ip":"198.51.100.58","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:43.366258+00:00","src_ip":"198.51.100.189","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:43.466496+00:00","src_ip":"198.51.100.113","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:43.566760+00:00","src_ip":"198.51.100.250","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:43.666959+00:00","src_ip":"198.51.100.118","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:43.767320+00:00","src_ip":"198.51.100.6","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:43.867499+00:00","src_ip":"198.51.100.248","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:43.967943+00:00","src_ip":"198.51.100.157","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:44.068211+00:00","src_ip":"198.51.100.241","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:44.168503+00:00","src_ip":"198.51.100.226","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:44.268797+00:00","src_ip":"198.51.100.6","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:44.369068+00:00","src_ip":"198.51.100.26","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:44.469318+00:00","src_ip":"198.51.100.7","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:44.571134+00:00","src_ip":"198.51.100.92","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:44.671512+00:00","src_ip":"198.51.100.112","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:44.771816+00:00","src_ip":"198.51.100.124","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:44.872126+00:00","src_ip":"198.51.100.93","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:44.972510+00:00","src_ip":"198.51.100.75","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:45.072822+00:00","src_ip":"198.51.100.130","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:45.173108+00:00","src_ip":"198.51.100.77","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:45.273379+00:00","src_ip":"198.51.100.187","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:45.373630+00:00","src_ip":"198.51.100.182","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:45.473832+00:00","src_ip":"198.51.100.64","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:45.574075+00:00","src_ip":"198.51.100.39","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:45.674316+00:00","src_ip":"198.51.100.103","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:45.774571+00:00","src_ip":"198.51.100.61","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:45.874809+00:00","src_ip":"198.51.100.196","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:45.975044+00:00","src_ip":"198.51.100.238","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:46.075286+00:00","src_ip":"198.51.100.207","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:46.175536+00:00","src_ip":"198.51.100.162","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:46.275767+00:00","src_ip":"198.51.100.53","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:46.376012+00:00","src_ip":"198.51.100.185","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:46.476249+00:00","src_ip":"198.51.100.232","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:46.576454+00:00","src_ip":"198.51.100.19","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:46.676647+00:00","src_ip":"198.51.100.186","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:46.776896+00:00","src_ip":"198.51.100.60","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:46.877113+00:00","src_ip":"198.51.100.221","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:46.977356+00:00","src_ip":"198.51.100.77","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:47.077601+00:00","src_ip":"198.51.100.125","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:47.177852+00:00","src_ip":"198.51.100.244","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:47.278081+00:00","src_ip":"198.51.100.195","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:47.378324+00:00","src_ip":"198.51.100.250","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:47.478559+00:00","src_ip":"198.51.100.100","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:47.578794+00:00","src_ip":"198.51.100.21","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:47.679011+00:00","src_ip":"198.51.100.67","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:47.779263+00:00","src_ip":"198.51.100.37","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:47.879515+00:00","src_ip":"198.51.100.25","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:47.979787+00:00","src_ip":"198.51.100.129","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:48.080003+00:00","src_ip":"198.51.100.203","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:48.180245+00:00","src_ip":"198.51.100.179","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:48.280495+00:00","src_ip":"198.51.100.182","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:48.380746+00:00","src_ip":"198.51.100.73","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:48.480997+00:00","src_ip":"198.51.100.63","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:48.581237+00:00","src_ip":"198.51.100.224","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:48.681553+00:00","src_ip":"198.51.100.211","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:48.781788+00:00","src_ip":"198.51.100.214","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:48.882003+00:00","src_ip":"198.51.100.18","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:48.982235+00:00","src_ip":"198.51.100.83","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:49.082456+00:00","src_ip":"198.51.100.245","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:49.182697+00:00","src_ip":"198.51.100.82","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:49.282925+00:00","src_ip":"198.51.100.228","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:49.383200+00:00","src_ip":"198.51.100.232","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:49.483444+00:00","src_ip":"198.51.100.114","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:49.583694+00:00","src_ip":"198.51.100.167","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:49.683922+00:00","src_ip":"198.51.100.208","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:49.784194+00:00","src_ip":"198.51.100.132","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:49.884464+00:00","src_ip":"198.51.100.29","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:49.984836+00:00","src_ip":"198.51.100.26","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:50.085092+00:00","src_ip":"198.51.100.116","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:50.185368+00:00","src_ip":"198.51.100.127","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:50.285625+00:00","src_ip":"198.51.100.224","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:50.385876+00:00","src_ip":"198.51.100.7","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:50.486146+00:00","src_ip":"198.51.100.5","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:50.586424+00:00","src_ip":"198.51.100.160","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:50.686691+00:00","src_ip":"198.51.100.94","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:50.787135+00:00","src_ip":"198.51.100.137","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:50.887427+00:00","src_ip":"198.51.100.108","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:50.987641+00:00","src_ip":"198.51.100.148","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:51.087901+00:00","src_ip":"198.51.100.59","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:51.188203+00:00","src_ip":"198.51.100.167","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:51.288482+00:00","src_ip":"198.51.100.134","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:51.388768+00:00","src_ip":"198.51.100.90","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:51.489013+00:00","src_ip":"198.51.100.143","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:51.589280+00:00","src_ip":"198.51.100.215","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:51.689546+00:00","src_ip":"198.51.100.110","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:51.791138+00:00","src_ip":"198.51.100.98","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:51.891429+00:00","src_ip":"198.51.100.33","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:51.991670+00:00","src_ip":"198.51.100.133","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:52.091944+00:00","src_ip":"198.51.100.234","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:52.192232+00:00","src_ip":"198.51.100.192","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:52.292541+00:00","src_ip":"198.51.100.205","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:52.392814+00:00","src_ip":"198.51.100.166","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:52.493067+00:00","src_ip":"198.51.100.170","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:52.593375+00:00","src_ip":"198.51.100.55","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:52.693664+00:00","src_ip":"198.51.100.170","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:52.793941+00:00","src_ip":"198.51.100.119","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:52.894221+00:00","src_ip":"198.51.100.37","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:52.994499+00:00","src_ip":"198.51.100.117","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:53.098372+00:00","src_ip":"198.51.100.83","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:53.198707+00:00","src_ip":"198.51.100.148","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:53.299019+00:00","src_ip":"198.51.100.95","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:53.399543+00:00","src_ip":"198.51.100.246","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:53.499891+00:00","src_ip":"198.51.100.197","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:53.600171+00:00","src_ip":"198.51.100.109","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:53.700416+00:00","src_ip":"198.51.100.38","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:53.800659+00:00","src_ip":"198.51.100.135","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:53.900883+00:00","src_ip":"198.51.100.70","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:54.001126+00:00","src_ip":"198.51.100.141","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:54.103165+00:00","src_ip":"198.51.100.152","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:54.203477+00:00","src_ip":"198.51.100.136","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:54.303816+00:00","src_ip":"198.51.100.230","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:54.404183+00:00","src_ip":"198.51.100.117","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:54.504522+00:00","src_ip":"198.51.100.238","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:54.604766+00:00","src_ip":"198.51.100.98","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:54.706521+00:00","src_ip":"198.51.100.249","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:54.806772+00:00","src_ip":"198.51.100.65","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:54.907030+00:00","src_ip":"198.51.100.249","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:55.007631+00:00","src_ip":"198.51.100.30","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:55.107895+00:00","src_ip":"198.51.100.40","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:55.208154+00:00","src_ip":"198.51.100.44","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:55.308406+00:00","src_ip":"198.51.100.204","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:55.408709+00:00","src_ip":"198.51.100.235","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:55.508957+00:00","src_ip":"198.51.100.75","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:55.609190+00:00","src_ip":"198.51.100.195","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:55.709448+00:00","src_ip":"198.51.100.249","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:55.809693+00:00","src_ip":"198.51.100.163","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:55.909961+00:00","src_ip":"198.51.100.91","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:56.010221+00:00","src_ip":"198.51.100.119","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:56.110469+00:00","src_ip":"198.51.100.177","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:56.210709+00:00","src_ip":"198.51.100.190","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:56.310938+00:00","src_ip":"198.51.100.245","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:56.411193+00:00","src_ip":"198.51.100.239","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:56.511459+00:00","src_ip":"198.51.100.231","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:56.611686+00:00","src_ip":"198.51.100.201","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:56.711932+00:00","src_ip":"198.51.100.213","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:56.813292+00:00","src_ip":"198.51.100.203","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:56.913547+00:00","src_ip":"198.51.100.131","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:57.013775+00:00","src_ip":"198.51.100.170","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:57.114015+00:00","src_ip":"198.51.100.102","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:57.214250+00:00","src_ip":"198.51.100.59","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:57.314503+00:00","src_ip":"198.51.100.103","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:57.414748+00:00","src_ip":"198.51.100.49","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:57.514994+00:00","src_ip":"198.51.100.66","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:57.615251+00:00","src_ip":"198.51.100.117","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:57.715502+00:00","src_ip":"198.51.100.187","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:57.815746+00:00","src_ip":"198.51.100.150","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:57.916003+00:00","src_ip":"198.51.100.60","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:58.016252+00:00","src_ip":"198.51.100.120","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:58.116497+00:00","src_ip":"198.51.100.219","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:58.216743+00:00","src_ip":"198.51.100.203","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:58.317062+00:00","src_ip":"198.51.100.93","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:58.417331+00:00","src_ip":"198.51.100.200","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:58.517633+00:00","src_ip":"198.51.100.105","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:58.617909+00:00","src_ip":"198.51.100.42","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:58.718177+00:00","src_ip":"198.51.100.52","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:58.818479+00:00","src_ip":"198.51.100.182","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:58.918765+00:00","src_ip":"198.51.100.16","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:59.019067+00:00","src_ip":"198.51.100.3","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:59.119352+00:00","src_ip":"198.51.100.6","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:59.219654+00:00","src_ip":"198.51.100.30","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:59.319976+00:00","src_ip":"198.51.100.10","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:59.420264+00:00","src_ip":"198.51.100.125","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:59.520585+00:00","src_ip":"198.51.100.154","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:59.620863+00:00","src_ip":"198.51.100.100","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:59.721148+00:00","src_ip":"198.51.100.214","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:59.821440+00:00","src_ip":"198.51.100.186","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:53:59.921764+00:00","src_ip":"198.51.100.35","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:00.022026+00:00","src_ip":"198.51.100.120","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:00.122326+00:00","src_ip":"198.51.100.210","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:00.222597+00:00","src_ip":"198.51.100.124","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:00.322892+00:00","src_ip":"198.51.100.137","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:00.423193+00:00","src_ip":"198.51.100.58","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:00.523517+00:00","src_ip":"198.51.100.39","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:00.623802+00:00","src_ip":"198.51.100.222","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:00.724071+00:00","src_ip":"198.51.100.163","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:00.824347+00:00","src_ip":"198.51.100.12","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:00.924670+00:00","src_ip":"198.51.100.19","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:01.024941+00:00","src_ip":"198.51.100.193","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:01.125223+00:00","src_ip":"198.51.100.83","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:01.225493+00:00","src_ip":"198.51.100.152","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:01.325728+00:00","src_ip":"198.51.100.166","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:01.426024+00:00","src_ip":"198.51.100.87","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:01.526310+00:00","src_ip":"198.51.100.79","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:01.627127+00:00","src_ip":"198.51.100.62","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:01.727423+00:00","src_ip":"198.51.100.66","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:01.827709+00:00","src_ip":"198.51.100.74","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:01.927953+00:00","src_ip":"198.51.100.202","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:02.028203+00:00","src_ip":"198.51.100.71","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:02.128456+00:00","src_ip":"198.51.100.201","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:02.228689+00:00","src_ip":"198.51.100.117","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:02.328927+00:00","src_ip":"198.51.100.136","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:02.429160+00:00","src_ip":"198.51.100.226","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:02.529408+00:00","src_ip":"198.51.100.45","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:02.629642+00:00","src_ip":"198.51.100.121","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:02.729886+00:00","src_ip":"198.51.100.3","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:02.830127+00:00","src_ip":"198.51.100.170","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:02.930357+00:00","src_ip":"198.51.100.9","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:03.030611+00:00","src_ip":"198.51.100.142","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:03.130857+00:00","src_ip":"198.51.100.168","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:03.231114+00:00","src_ip":"198.51.100.63","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T13:54:03.331628+00:00","src_ip":"198.51.100.62","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:34.938723+00:00","src_ip":"198.51.100.69","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:34.948998+00:00","src_ip":"198.51.100.20","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:34.959195+00:00","src_ip":"198.51.100.139","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:34.969331+00:00","src_ip":"198.51.100.237","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:34.979472+00:00","src_ip":"198.51.100.68","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:34.989611+00:00","src_ip":"198.51.100.99","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:34.999744+00:00","src_ip":"198.51.100.178","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.009886+00:00","src_ip":"198.51.100.159","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.020022+00:00","src_ip":"198.51.100.68","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.030196+00:00","src_ip":"198.51.100.236","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.040422+00:00","src_ip":"198.51.100.30","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.050637+00:00","src_ip":"198.51.100.79","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.060874+00:00","src_ip":"198.51.100.122","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.071101+00:00","src_ip":"198.51.100.2","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.081302+00:00","src_ip":"198.51.100.54","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.091530+00:00","src_ip":"198.51.100.182","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.101786+00:00","src_ip":"198.51.100.4","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.112008+00:00","src_ip":"198.51.100.39","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.122245+00:00","src_ip":"198.51.100.25","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-12T14:04:35.132488+00:00","src_ip":"198.51.100.182","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:48:41.114545+00:00","src_ip":"198.51.100.82","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:48:41.165304+00:00","src_ip":"198.51.100.31","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:48:41.215562+00:00","src_ip":"198.51.100.229","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:48:41.265816+00:00","src_ip":"198.51.100.202","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:48:41.316051+00:00","src_ip":"198.51.100.15","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:48:41.366334+00:00","src_ip":"198.51.100.236","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:48:41.416865+00:00","src_ip":"198.51.100.99","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:48:41.467111+00:00","src_ip":"198.51.100.124","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:48:41.517363+00:00","src_ip":"198.51.100.132","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:48:41.567558+00:00","src_ip":"198.51.100.208","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:16.925821+00:00","src_ip":"198.51.100.183","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:16.946045+00:00","src_ip":"198.51.100.123","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:16.966231+00:00","src_ip":"198.51.100.129","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:16.986438+00:00","src_ip":"198.51.100.110","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.006610+00:00","src_ip":"198.51.100.206","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.026812+00:00","src_ip":"198.51.100.3","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.047125+00:00","src_ip":"198.51.100.62","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.067372+00:00","src_ip":"198.51.100.165","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.087685+00:00","src_ip":"198.51.100.121","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.107950+00:00","src_ip":"198.51.100.240","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.128199+00:00","src_ip":"198.51.100.5","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.148587+00:00","src_ip":"198.51.100.47","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.169064+00:00","src_ip":"198.51.100.13","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.189319+00:00","src_ip":"198.51.100.210","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.209553+00:00","src_ip":"198.51.100.6","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.230199+00:00","src_ip":"198.51.100.230","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.250490+00:00","src_ip":"198.51.100.81","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.270891+00:00","src_ip":"198.51.100.202","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.291275+00:00","src_ip":"198.51.100.91","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.311522+00:00","src_ip":"198.51.100.207","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.331767+00:00","src_ip":"198.51.100.65","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.352094+00:00","src_ip":"198.51.100.54","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.372302+00:00","src_ip":"198.51.100.10","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.392545+00:00","src_ip":"198.51.100.192","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.412814+00:00","src_ip":"198.51.100.129","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.433045+00:00","src_ip":"198.51.100.17","dest_ip":"172.16.0.10","proto":"ICMP","dest_port":null,"alert":{"signature":"ET SCAN Potential scan detected (NMAP)","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.453309+00:00","src_ip":"198.51.100.73","dest_ip":"172.16.0.10","proto":"TCP","dest_port":22,"alert":{"signature":"ET BRUTEFORCE SSH Brute force attempt","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.473553+00:00","src_ip":"198.51.100.250","dest_ip":"172.16.0.10","proto":"TCP","dest_port":80,"alert":{"signature":"ET EXPLOIT Possible buffer overflow","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.493786+00:00","src_ip":"198.51.100.100","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} +{"event_type":"alert","timestamp":"2025-11-13T09:51:17.514025+00:00","src_ip":"198.51.100.195","dest_ip":"172.16.0.10","proto":"UDP","dest_port":0,"alert":{"signature":"ET DOS Possible DDoS amplification","severity":80}} diff --git a/runtime/events.json b/runtime/events.json new file mode 100644 index 0000000..4ff974f --- /dev/null +++ b/runtime/events.json @@ -0,0 +1,24 @@ +{"timestamp": "2025-11-12T13:46:54.522454+00:00", "src_ip": "198.51.100.180", "dest_ip": "172.16.0.10", "proto": "UDP", "alert": {"signature": "ET DOS Possible DDoS amplification", "severity": 80}} +{"timestamp": "2025-11-12T13:46:54.532677+00:00", "src_ip": "198.51.100.127", "dest_ip": "172.16.0.10", "proto": "UDP", "alert": {"signature": "ET DOS Possible DDoS amplification", "severity": 80}} +{"timestamp": "2025-11-12T13:53:19.088547+00:00", "src_ip": "198.51.100.221", "dest_ip": "172.16.0.10", "proto": "TCP", "alert": {"signature": "ET EXPLOIT Possible buffer overflow", "severity": 80}} +{"timestamp": "2025-11-12T13:53:19.098771+00:00", "src_ip": "198.51.100.58", "dest_ip": "172.16.0.10", "proto": "TCP", "alert": {"signature": "ET BRUTEFORCE SSH Brute force attempt", "severity": 80}} +{"timestamp": "2025-11-12T14:04:34.938723+00:00", "src_ip": "198.51.100.69", "dest_ip": "172.16.0.10", "proto": "ICMP", "alert": {"signature": "ET SCAN Potential scan detected (NMAP)", "severity": 80}} +{"timestamp": "2025-11-12T14:04:34.948998+00:00", "src_ip": "198.51.100.20", "dest_ip": "172.16.0.10", "proto": "UDP", "alert": {"signature": "ET DOS Possible DDoS amplification", "severity": 80}} +{"timestamp": "2025-11-12T14:04:34.959195+00:00", "src_ip": "198.51.100.139", "dest_ip": "172.16.0.10", "proto": "TCP", "alert": {"signature": "ET EXPLOIT Possible buffer overflow", "severity": 80}} +{"timestamp": "2025-11-12T14:04:34.969331+00:00", "src_ip": "198.51.100.237", "dest_ip": "172.16.0.10", "proto": "ICMP", "alert": {"signature": "ET SCAN Potential scan detected (NMAP)", "severity": 80}} +{"timestamp": "2025-11-12T14:04:34.979472+00:00", "src_ip": "198.51.100.68", "dest_ip": "172.16.0.10", "proto": "TCP", "alert": {"signature": "ET BRUTEFORCE SSH Brute force attempt", "severity": 80}} +{"timestamp": "2025-11-12T14:04:34.989611+00:00", "src_ip": "198.51.100.99", "dest_ip": "172.16.0.10", "proto": "ICMP", "alert": {"signature": "ET SCAN Potential scan detected (NMAP)", "severity": 80}} +{"timestamp": "2025-11-12T14:04:34.999744+00:00", "src_ip": "198.51.100.178", "dest_ip": "172.16.0.10", "proto": "TCP", "alert": {"signature": "ET EXPLOIT Possible buffer overflow", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.009886+00:00", "src_ip": "198.51.100.159", "dest_ip": "172.16.0.10", "proto": "UDP", "alert": {"signature": "ET DOS Possible DDoS amplification", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.020022+00:00", "src_ip": "198.51.100.68", "dest_ip": "172.16.0.10", "proto": "UDP", "alert": {"signature": "ET DOS Possible DDoS amplification", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.030196+00:00", "src_ip": "198.51.100.236", "dest_ip": "172.16.0.10", "proto": "TCP", "alert": {"signature": "ET BRUTEFORCE SSH Brute force attempt", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.040422+00:00", "src_ip": "198.51.100.30", "dest_ip": "172.16.0.10", "proto": "UDP", "alert": {"signature": "ET DOS Possible DDoS amplification", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.050637+00:00", "src_ip": "198.51.100.79", "dest_ip": "172.16.0.10", "proto": "TCP", "alert": {"signature": "ET BRUTEFORCE SSH Brute force attempt", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.060874+00:00", "src_ip": "198.51.100.122", "dest_ip": "172.16.0.10", "proto": "UDP", "alert": {"signature": "ET DOS Possible DDoS amplification", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.071101+00:00", "src_ip": "198.51.100.2", "dest_ip": "172.16.0.10", "proto": "UDP", "alert": {"signature": "ET DOS Possible DDoS amplification", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.081302+00:00", "src_ip": "198.51.100.54", "dest_ip": "172.16.0.10", "proto": "TCP", "alert": {"signature": "ET EXPLOIT Possible buffer overflow", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.091530+00:00", "src_ip": "198.51.100.182", "dest_ip": "172.16.0.10", "proto": "TCP", "alert": {"signature": "ET BRUTEFORCE SSH Brute force attempt", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.101786+00:00", "src_ip": "198.51.100.4", "dest_ip": "172.16.0.10", "proto": "TCP", "alert": {"signature": "ET EXPLOIT Possible buffer overflow", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.112008+00:00", "src_ip": "198.51.100.39", "dest_ip": "172.16.0.10", "proto": "ICMP", "alert": {"signature": "ET SCAN Potential scan detected (NMAP)", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.122245+00:00", "src_ip": "198.51.100.25", "dest_ip": "172.16.0.10", "proto": "TCP", "alert": {"signature": "ET EXPLOIT Possible buffer overflow", "severity": 80}} +{"timestamp": "2025-11-12T14:04:35.132488+00:00", "src_ip": "198.51.100.182", "dest_ip": "172.16.0.10", "proto": "ICMP", "alert": {"signature": "ET SCAN Potential scan detected (NMAP)", "severity": 80}} diff --git a/scripts/azazel_update_dnat.sh b/scripts/azazel_update_dnat.sh new file mode 100644 index 0000000..fc20a21 --- /dev/null +++ b/scripts/azazel_update_dnat.sh @@ -0,0 +1,139 @@ +#!/usr/bin/env bash +# Safe helper to update nft DNAT rules for Azazel -> redirect SSH (tcp dport 22) +# to OpenCanary IP and port (default 192.168.1.100:2222). +# Usage (recommended): edit CANARY_IP / CANARY_PORT below if needed, then: +# sudo cp scripts/azazel_update_dnat.sh /usr/local/sbin/azazel_update_dnat.sh +# sudo bash /usr/local/sbin/azazel_update_dnat.sh --apply +# Or run interactively (no --apply runs in dry-run mode printing actions). + +set -euo pipefail +SCRIPT_NAME=$(basename "$0") +BACKUP_DIR=/tmp/azazel_backup_$(date +%s) +SRC_IP_FILE="$BACKUP_DIR/src_ips.txt" +NFT_BACKUP="$BACKUP_DIR/nft_ruleset_backup.conf" + +# Default values (edit this file or pass via env) +CANARY_IP=${CANARY_IP:-192.168.1.100} +CANARY_PORT=${CANARY_PORT:-2222} +NFT_TABLE=${NFT_TABLE:-inet azazel} +PREROUTING_CHAIN=${PREROUTING_CHAIN:-prerouting} + +usage(){ + cat < CANARY_IP:CANARY_PORT + - print resulting nft table and suggest tcpdump / ss checks + +To rollback, run: + sudo nft -f $NFT_BACKUP + +EOF +} + +if [ "${1:-}" = "--help" ]; then + usage + exit 0 +fi + +APPLY=false +while [ $# -gt 0 ]; do + case "$1" in + --apply) APPLY=true; shift ;; + --canary) + shift; if [ -z "${1:-}" ]; then echo "--canary needs argument"; exit 1; fi + CANARY_IP=$(echo "$1" | cut -d: -f1) + CANARY_PORT=$(echo "$1" | cut -s -d: -f2 || echo "$CANARY_PORT") + shift ;; + --canary=*) + arg=${1#--canary=} ; CANARY_IP=$(echo "$arg" | cut -d: -f1) ; CANARY_PORT=$(echo "$arg" | cut -s -d: -f2 || echo "$CANARY_PORT") ; shift ;; + --help) usage; exit 0 ;; + *) echo "Unknown arg: $1"; usage; exit 1 ;; + esac +done + +echo "Script mode: ${APPLY:+APPLY=true}${APPLY:-DRY-RUN}" + +# helper to run or echo commands +run(){ + if [ "$APPLY" = true ]; then + echo "+ $*" + bash -c "$*" + else + echo "DRY-RUN: $*" + fi +} + +# Create backup dir +run "mkdir -p '$BACKUP_DIR' && chmod 700 '$BACKUP_DIR'" + +# Backup full nft ruleset +run "nft list ruleset > '$NFT_BACKUP' 2> '$BACKUP_DIR/nft_backup.err' || true" + +echo "Backup will be stored in $BACKUP_DIR" + +# Check table/chain existence +if ! nft list table inet azazel >/dev/null 2>&1; then + echo "Warning: nft table 'inet azazel' not present. Trying 'ip nat' fallback." >&2 +fi + +# Extract src IPs from prerouting chain +# Use list chain which is safer than list table in some setups +if nft list chain inet azazel $PREROUTING_CHAIN >/dev/null 2>&1; then + CMD_EXTRACT="nft list chain inet azazel $PREROUTING_CHAIN | grep -oP 'ip saddr \\K[^ ]+' | sort -u | sed '/^\s*$/d' > '$SRC_IP_FILE'" + run "$CMD_EXTRACT" +else + echo "Prerouting chain not found in inet azazel; trying 'nft list table inet azazel' to search rules." >&2 + CMD_EXTRACT2="nft list table inet azazel | grep -oP 'ip saddr \\K[^ ]+' | sort -u | sed '/^\s*$/d' > '$SRC_IP_FILE'" + run "$CMD_EXTRACT2" +fi + +# Show saved src IPs +if [ -f "$SRC_IP_FILE" ]; then + echo "Saved src IPs:"; run "cat '$SRC_IP_FILE' || true" +else + echo "No src IPs file created - proceeding but there may be nothing to add."; +fi + +# Flush prerouting chain +run "nft flush chain inet azazel $PREROUTING_CHAIN || nft flush chain ip nat $PREROUTING_CHAIN || true" + +echo "Prerouting chain flushed (dry-run shows command)." + +# If src IP file exists and not empty, add single test rule for first IP +if [ -s "$SRC_IP_FILE" ]; then + FIRST=$(head -n1 "$SRC_IP_FILE") + echo "Will attempt single test DNAT for $FIRST -> $CANARY_IP:$CANARY_PORT" + run "nft add rule inet azazel $PREROUTING_CHAIN ip saddr $FIRST tcp dport 22 dnat to $CANARY_IP:$CANARY_PORT || echo 'add failed'" + echo "Show chain after test add:"; run "nft list chain inet azazel $PREROUTING_CHAIN || true" + + # If apply mode, then add for all + if [ "$APPLY" = true ]; then + echo "Adding DNAT entries for all saved src IPs..." + while read -r src; do + [ -z "$src" ] && continue + run "nft add rule inet azazel $PREROUTING_CHAIN ip saddr $src tcp dport 22 dnat to $CANARY_IP:$CANARY_PORT || echo 'failed for $src'" + done < "$SRC_IP_FILE" + else + echo "Dry-run mode: skip bulk add. Rerun with --apply to apply changes." + fi +else + echo "No src IPs found. If you want to add a single test rule, run with --canary and --apply and supply an IP manually in the script or alter src file." >&2 +fi + +# Final view +echo "Final nft table (prerouting chain):"; run "nft list chain inet azazel $PREROUTING_CHAIN || nft list table inet azazel || true" + +echo "Check OpenCanary listener (ss):"; run "ss -ltnp | egrep ':$CANARY_PORT\\s' || ss -ltnp | grep $CANARY_PORT || echo 'no listener on $CANARY_PORT detected'" + +echo "Done. If you applied changes and want to rollback use: sudo nft -f $NFT_BACKUP" diff --git a/scripts/demo_showcase.py b/scripts/demo_showcase.py new file mode 100644 index 0000000..d54227e --- /dev/null +++ b/scripts/demo_showcase.py @@ -0,0 +1,379 @@ +#!/usr/bin/env python3 +"""Demo orchestrator for Azazel-Pi + +Runs a small showcase that: +- optionally starts the demo_injector to append Suricata-like alerts to a file +- monitors the alert file and evaluates alerts via Mock-LLM (and optionally ollama) +- applies traffic-control actions through TrafficControlEngine (or simulates them) +- updates a simple TUI (rich) and writes a lightweight EPD-like output file +- sends Mattermost notifications via existing util when enabled + +Designed to run in "simulate" mode by default (no privileged tc/nft calls). +Run with sudo/appropriate privileges and --no-simulate to execute real system commands. +""" +from __future__ import annotations + +import argparse +import json +import subprocess +import sys +import threading +import time +from datetime import datetime +from pathlib import Path +from typing import Any, Dict + +from rich.live import Live +from rich.table import Table +from rich.panel import Panel +from rich.layout import Layout +from rich.console import Console + +try: + from azazel_pi.core.enforcer.traffic_control import get_traffic_control_engine, TrafficControlEngine + from azazel_pi.core.mock_llm import simulate_llm_request + from azazel_pi.utils.mattermost import send_alert_to_mattermost, send_simple_message +except ModuleNotFoundError: + # If the package isn't installed (running script directly from repo), + # add repo root to sys.path so imports work when running via system python. + import sys + repo_root = Path(__file__).resolve().parents[1] + if str(repo_root) not in sys.path: + sys.path.insert(0, str(repo_root)) + from azazel_pi.core.enforcer.traffic_control import get_traffic_control_engine, TrafficControlEngine + from azazel_pi.core.mock_llm import simulate_llm_request + from azazel_pi.utils.mattermost import send_alert_to_mattermost, send_simple_message + +SCRIPT_DIR = Path(__file__).resolve().parent +DEFAULT_EVE = Path("runtime/demo_eve.json") +DEFAULT_EPD_OUT = Path("runtime/demo_epd_output.txt") + + +def make_fake_runner(log_file: Path = Path("/tmp/demo_cmds.log")): + def runner(cmd, capture_output=True, text=True, timeout=None, check=False, **kw): + try: + s = ' '.join(map(str, cmd)) if isinstance(cmd, (list, tuple)) else str(cmd) + except Exception: + s = str(cmd) + with open(log_file, 'a') as fh: + fh.write(f"[{datetime.now().isoformat()}] {s}\n") + # return a subprocess.CompletedProcess-like object + return subprocess.CompletedProcess(cmd, 0, stdout="", stderr="") + return runner + + +class DemoOrchestrator: + def __init__( + self, + eve_path: Path, + epd_out: Path, + simulate: bool = True, + notify: bool = False, + decisions_log: Path | None = None, + events_log: Path | None = None, + ): + self.eve_path = eve_path + self.epd_out = epd_out + self.simulate = simulate + self.notify = notify + self.decisions_log = decisions_log or Path("/var/log/azazel/decisions.log") + self.events_log = events_log or Path("/var/log/azazel/events.json") + + self.console = Console() + self._stop = threading.Event() + self.engine: TrafficControlEngine = get_traffic_control_engine() + if simulate: + self.engine.set_subprocess_runner(make_fake_runner()) + + # internal state + self.mode = "portal" + self.score = 0 + self.alerts_processed = 0 + # simulated service statuses for display + self.services = { + "Suricata": "ON", + "OpenCanary": "ON" if simulate else "OFF", + } + # score decay parameters (per second) + self._decay_rate = 1.0 # points per second + self._decay_interval = 1.0 + + def notify_mattermost(self, title: str, alert: Dict[str, Any]): + if self.notify: + send_alert_to_mattermost(title, alert) + else: + # fallback print + send_simple_message(f"[Demo] {title}", level="info") + + def _append_event_log(self, alert: Dict[str, Any]): + """Append the processed alert to the events log (if writable). + + This is a best-effort operation: if the demo isn't running as root + or the path isn't writable we silently skip with a console message. + """ + try: + p = self.events_log + # Ensure parent exists for local demo paths + p.parent.mkdir(parents=True, exist_ok=True) + with p.open("a") as fh: + # Keep the canonical fields for downstream consumers + fh.write(json.dumps(alert, default=str) + "\n") + except Exception as e: + # Not fatal — just log for operator visibility + self.console.log(f"Could not append to events log {self.events_log}: {e}") + + def _append_decision_log(self): + """Append a lightweight decision line to the decisions.log so the + system TUI / EPD can pick up the current mode and average score. + + The entry mirrors what the real daemon writes: one JSON object per line. + """ + try: + p = self.decisions_log + p.parent.mkdir(parents=True, exist_ok=True) + # Normalize the written 'average' to a 0-100 display scale so that + # other components (StateMachine, EPD/TUI) that expect 0-100 do not + # see arbitrarily large demo accumulations. Keep raw_score for + # debugging and diagnostics. + raw_score = float(self.score) + # Simple clamp: if raw_score is huge, cap to 0-100 for the display + display_avg = max(0.0, min(100.0, raw_score)) + entry = { + "timestamp": datetime.now().isoformat(), + "mode": self.mode, + "average": float(display_avg), + "raw_demo_score": float(raw_score), + "history": [], + "note": "demo_orchestrator", + } + with p.open("a") as fh: + fh.write(json.dumps(entry, default=str) + "\n") + except Exception as e: + self.console.log(f"Could not append to decisions log {self.decisions_log}: {e}") + + def _update_mode(self, score_delta: int): + self.score += score_delta + prev = self.mode + if self.score < 30: + self.mode = "portal" + elif self.score < 70: + self.mode = "shield" + else: + self.mode = "lockdown" + + if self.mode != prev: + msg = f"Mode changed: {prev} -> {self.mode} (score={self.score})" + self.console.log(msg) + self.notify_mattermost("Mode Change", {"signature": msg, "severity": 2, "src_ip": "-", "dest_ip": "-", "proto": "-", "details": msg, "confidence": "High", "timestamp": datetime.now().isoformat()}) + # apply higher-level actions when entering shield/lockdown + if self.mode in ("shield", "lockdown"): + # apply combined action via engine (in simulate mode this is a noop but recorded) + try: + self.engine.apply_combined_action("198.51.100.200", "shield" if self.mode == "shield" else "normal") + except Exception as e: + self.console.log(f"Failed to apply combined action: {e}") + # Always write a decisions.log entry on mode/score update so external + # displays (TUI/EPD) that rely on the file see the authoritative + # state. Best-effort: if write fails we log and continue. + try: + self._append_decision_log() + except Exception as e: + self.console.log(f"Could not update decisions.log: {e}") + + def _process_alert(self, alert: Dict[str, Any]): + # Evaluate alert with Mock-LLM (and optionally ollama) + prompt = json.dumps(alert) + try: + resp = simulate_llm_request(prompt) + data = json.loads(resp) + risk = int(data.get('risk', 3)) + except Exception: + risk = alert.get('alert', {}).get('severity', 3) + + # Map risk to score delta + delta = (risk - 2) * 5 # simple mapping + self._update_mode(delta) + + # persist a lightweight EPD-like line (for visual display) + epd_line = f"{datetime.now().isoformat()} | {alert.get('src_ip')} -> {alert.get('dest_ip')} | {alert.get('alert',{}).get('signature')} | risk={risk} | mode={self.mode}\n" + with open(self.epd_out, 'a') as fh: + fh.write(epd_line) + + # Append to system events log so the EPD daemon and other services + # observing events.json see the incoming alert (best-effort). + try: + self._append_event_log(alert) + except Exception: + pass + + # mattermost notify + self.notify_mattermost("Alert Processed", {"signature": alert.get('alert',{}).get('signature'), "severity": risk, "src_ip": alert.get('src_ip'), "dest_ip": alert.get('dest_ip'), "proto": alert.get('proto'), "details": "Processed by demo orchestrator", "confidence": "Simulated", "timestamp": datetime.now().isoformat()}) + + self.alerts_processed += 1 + # debug log for visibility + self.console.log(f"Processed alert from {alert.get('src_ip')} risk={risk} -> score={self.score} mode={self.mode}") + + # Write a decisions.log entry so the TUI/EPD display updates. + try: + self._append_decision_log() + except Exception: + pass + + def _decay_loop(self): + # Gradually reduce score towards zero so modes can recover + while not self._stop.is_set(): + time.sleep(self._decay_interval) + if self.score > 0: + old = self.score + self.score = max(0, self.score - int(self._decay_rate * self._decay_interval)) + if int(self.score) != int(old): + # update mode on decay + self._update_mode(0) + + def tail_eve(self): + # simple tail-follow implementation + p = self.eve_path + if not p.exists(): + p.parent.mkdir(parents=True, exist_ok=True) + p.write_text("") + + with p.open('r') as fh: + # seek end + fh.seek(0, 2) + while not self._stop.is_set(): + line = fh.readline() + if not line: + time.sleep(0.1) + continue + try: + obj = json.loads(line) + except Exception: + continue + # normalize fields + alert = { + 'timestamp': obj.get('timestamp') or datetime.now().isoformat(), + 'src_ip': obj.get('src_ip') or obj.get('src') or 'unknown', + 'dest_ip': obj.get('dest_ip') or obj.get('dest') or 'unknown', + 'proto': obj.get('proto') or 'unknown', + 'alert': obj.get('alert', {'signature': obj.get('signature','demo'), 'severity': obj.get('severity',3)}) + } + self._process_alert(alert) + + def run_tui(self): + layout = Layout() + layout.split_column( + Layout(name="upper", ratio=3), + Layout(name="lower", ratio=1) + ) + + def make_table(): + t = Table.grid(expand=True) + t.add_column(justify="left") + t.add_column(justify="right") + t.add_row(f"Mode: [bold magenta]{self.mode}[/]", f"Score: [bold cyan]{self.score}[/]") + t.add_row(f"Alerts processed: {self.alerts_processed}", f"Simulate: {self.simulate}") + # services + svc_text = ", ".join([f"{k}: {v}" for k, v in self.services.items()]) + t.add_row(f"Services", svc_text) + return Panel(t, title="Azazel-Pi Demo Status") + + def make_lower(): + # show last lines of epd_out + lines = [] + if self.epd_out.exists(): + try: + with self.epd_out.open('r') as fh: + lines = fh.readlines()[-5:] + except Exception: + lines = [] + text = "".join(lines) or "(no events yet)" + return Panel(text, title="EPD Preview") + + with Live(layout, refresh_per_second=2, console=self.console): + while not self._stop.is_set(): + layout["upper"].update(make_table()) + layout["lower"].update(make_lower()) + time.sleep(0.2) + + def start(self, injector_count: int = 100, injector_interval: float = 0.2, injector_burst: bool = False, exit_after_injector: bool = False): + # start tail thread + t = threading.Thread(target=self.tail_eve, daemon=True) + t.start() + + # start tui thread + tui_thread = threading.Thread(target=self.run_tui, daemon=True) + tui_thread.start() + + # start decay thread so the system can return to portal over time + decay_thread = threading.Thread(target=self._decay_loop, daemon=True) + decay_thread.start() + + # optionally start injector + injector_proc = None + if injector_count > 0: + cmd = [sys.executable, str(SCRIPT_DIR / 'demo_injector.py'), '--path', str(self.eve_path), '--count', str(injector_count), '--interval', str(injector_interval)] + if injector_burst: + cmd.append('--burst') + injector_proc = subprocess.Popen(cmd) + + try: + # Wait for injector to finish (if started) + while injector_proc and injector_proc.poll() is None: + time.sleep(0.5) + + if exit_after_injector: + # give a small grace period for tail processor to consume remaining lines + grace = 2.0 + t0 = time.time() + last_count = self.alerts_processed + while time.time() - t0 < grace: + if self.alerts_processed != last_count: + # reset timer when new alerts are processed + last_count = self.alerts_processed + t0 = time.time() + time.sleep(0.2) + # set stop to exit cleanly + self._stop.set() + else: + # wait until user interrupts + while not self._stop.is_set(): + time.sleep(0.5) + except KeyboardInterrupt: + self.console.log("Stopping demo...") + finally: + self._stop.set() + if injector_proc and injector_proc.poll() is None: + try: + injector_proc.terminate() + except Exception: + pass + + +def main() -> int: + p = argparse.ArgumentParser(description="Azazel-Pi demo orchestrator") + p.add_argument('--eve', type=Path, default=DEFAULT_EVE, help='Path to eve.json to monitor') + p.add_argument('--epd-out', type=Path, default=DEFAULT_EPD_OUT, help='Path to write lightweight EPD preview output') + p.add_argument('--count', type=int, default=200, help='Number of demo events to inject (0 to skip injector)') + p.add_argument('--interval', type=float, default=0.1, help='Injector interval (seconds)') + p.add_argument('--burst', action='store_true', help='Injector burst mode') + p.add_argument('--no-simulate', dest='simulate', action='store_false', help='Do not simulate system commands; run real tc/nft') + p.add_argument('--notify', action='store_true', help='Enable Mattermost notifications (requires config)') + p.add_argument('--exit-after-injector', dest='exit_after_injector', action='store_true', help='Exit after injector finishes and remaining events are consumed') + p.add_argument('--decisions-log', type=Path, default=None, help='Path to decisions.log to write (default system /var/log/azazel/decisions.log)') + p.add_argument('--events-log', type=Path, default=None, help='Path to events.json to write (default system /var/log/azazel/events.json)') + args = p.parse_args() + + orchestrator = DemoOrchestrator( + args.eve, + args.epd_out, + simulate=args.simulate, + notify=args.notify, + decisions_log=args.decisions_log, + events_log=args.events_log, + ) + orchestrator.start(injector_count=args.count, injector_interval=args.interval, injector_burst=args.burst, exit_after_injector=args.exit_after_injector) + return 0 + + +if __name__ == '__main__': + raise SystemExit(main()) diff --git a/scripts/install_azazel.sh b/scripts/install_azazel.sh index 47ae678..1dbadfb 100755 --- a/scripts/install_azazel.sh +++ b/scripts/install_azazel.sh @@ -371,46 +371,16 @@ UNIT fi fi -if ! command -v opencanaryd >/dev/null 2>&1; then - log "Installing OpenCanary in dedicated venv to avoid system pip conflicts" - - VENV_DIR="/opt/opencanary-venv" - mkdir -p "$(dirname "$VENV_DIR")" - python3 -m venv "$VENV_DIR" - - # Upgrade pip inside the venv only - "$VENV_DIR/bin/python" -m pip install --upgrade pip - # Install OpenCanary and dependencies inside the venv - "$VENV_DIR/bin/python" -m pip install opencanary scapy - - # Create required directories for OpenCanary - mkdir -p /etc/azazel/opencanary /var/log/azazel - chmod 755 /var/log/azazel - - # Make opencanaryd visible system-wide without touching system pip - install -d /usr/local/bin - ln -sf "$VENV_DIR/bin/opencanaryd" /usr/local/bin/opencanaryd - - # Provide a minimal systemd unit for OpenCanary if missing - if [[ ! -f /etc/systemd/system/opencanary.service ]]; then - cat >/etc/systemd/system/opencanary.service <<'UNIT' -[Unit] -Description=OpenCanary honeypot (venv) -After=network-online.target -Wants=network-online.target - -[Service] -Type=simple -Environment=OPENCANARY_CONFIG=/etc/azazel/opencanary/opencanary.conf -ExecStart=/opt/opencanary-venv/bin/opencanaryd --dev --uid nobody --gid nogroup -Restart=always -RestartSec=2 - -[Install] -WantedBy=multi-user.target -UNIT - log "Installed systemd unit for OpenCanary." - fi +log "Configuring OpenCanary Docker deployment" +OPEN_CANARY_CONFIG_DIR="/opt/azazel/config" +mkdir -p "$OPEN_CANARY_CONFIG_DIR" /opt/azazel/logs +chmod 755 /opt/azazel/logs || true + +if [[ -f "$REPO_ROOT/deploy/opencanary.conf" ]]; then + install -m 0644 "$REPO_ROOT/deploy/opencanary.conf" "$OPEN_CANARY_CONFIG_DIR/opencanary.conf" + log "Installed OpenCanary config at $OPEN_CANARY_CONFIG_DIR/opencanary.conf" +else + warn "deploy/opencanary.conf not found; create $OPEN_CANARY_CONFIG_DIR/opencanary.conf manually" fi log "Staging Azazel runtime under $TARGET_ROOT" @@ -492,7 +462,7 @@ if (( START_SERVICES )); then fi log "Next steps:" -log " * Adjust Suricata, Vector, OpenCanary, and Mattermost configs under /etc/azazel and /opt/mattermost" +log " * Adjust Suricata, Vector, and Mattermost configs under /etc/azazel and /opt/mattermost; edit /opt/azazel/config/opencanary.conf for honeypot settings" log " * Configure Mattermost webhooks at http://172.16.0.254:8065 (internal network gateway)" log " * Update webhook URLs in /etc/azazel/monitoring/notify.yaml to match your Mattermost setup" log " * Run 'systemctl restart azctl-unified.service' after making Azazel changes" diff --git a/scripts/install_azazel_complete.sh b/scripts/install_azazel_complete.sh index 2b4f5fd..9a06d3d 100755 --- a/scripts/install_azazel_complete.sh +++ b/scripts/install_azazel_complete.sh @@ -312,10 +312,12 @@ chown -R root:root /var/lib/vector chmod 755 /var/lib/vector chmod 644 /etc/azazel/vector/vector.toml -# Copy OpenCanary configuration -mkdir -p /etc/opencanaryd +# Copy OpenCanary configuration for Docker deployment +OPEN_CANARY_CONFIG_DIR="/opt/azazel/config" +mkdir -p "$OPEN_CANARY_CONFIG_DIR" /opt/azazel/logs +chmod 755 /opt/azazel/logs || true if [[ -f "deploy/opencanary.conf" ]]; then - cp deploy/opencanary.conf /etc/opencanaryd/opencanary.conf + install -m 0644 deploy/opencanary.conf "$OPEN_CANARY_CONFIG_DIR/opencanary.conf" fi success "Configuration files deployed" @@ -326,10 +328,18 @@ log "Step 4/9: Enhanced Docker configuration and services (PostgreSQL + Ollama)" # Configure Docker with optimized settings for Raspberry Pi DOCKER_CONFIG_FILE="/etc/docker/daemon.json" log "Configuring Docker daemon for optimal performance..." -cat > "$DOCKER_CONFIG_FILE" <<'EOF' +# If the system config is symlinked to the repository, avoid overwriting it +# so that repo-managed config remains authoritative. +if /bin/bash "${PWD}/scripts/prevent_installer_overwrite.sh" >/dev/null 2>&1; then + if /bin/bash -c "source ${PWD}/scripts/prevent_installer_overwrite.sh; prevent_overwrite '$DOCKER_CONFIG_FILE'"; then + warn "Leaving $DOCKER_CONFIG_FILE intact (managed by repo symlink)" + else + # NOTE: avoid registering a runtime named 'runc' here because Docker treats + # the name 'runc' as reserved; adding it manually causes dockerd to fail. + # Keep a minimal, safe configuration that can be extended if a custom OCI + # runtime is required. + cat > "$DOCKER_CONFIG_FILE" <<'EOF' { - "default-runtime": "runc", - "runtimes": {"runc": {"path": "runc"}}, "storage-driver": "overlay2", "log-driver": "json-file", "log-opts": {"max-size": "10m", "max-file": "3"}, @@ -339,8 +349,25 @@ cat > "$DOCKER_CONFIG_FILE" <<'EOF' "experimental": false } EOF -chown root:root "$DOCKER_CONFIG_FILE" -chmod 644 "$DOCKER_CONFIG_FILE" + chown root:root "$DOCKER_CONFIG_FILE" + chmod 644 "$DOCKER_CONFIG_FILE" + fi +else + # Fallback if helper missing: write safe config + cat > "$DOCKER_CONFIG_FILE" <<'EOF' +{ + "storage-driver": "overlay2", + "log-driver": "json-file", + "log-opts": {"max-size": "10m", "max-file": "3"}, + "default-ulimits": {"memlock": {"Name": "memlock", "Hard": 524288000, "Soft": 524288000}}, + "max-concurrent-downloads": 2, + "max-concurrent-uploads": 2, + "experimental": false +} +EOF + chown root:root "$DOCKER_CONFIG_FILE" + chmod 644 "$DOCKER_CONFIG_FILE" +fi # Ensure Docker is running with new configuration systemctl enable --now docker || error "Failed to enable Docker" @@ -355,7 +382,7 @@ cd .. # Wait for services to be ready with better health checking log "Waiting for Docker services to initialize..." for i in {1..30}; do - if docker ps | grep -q "azazel_postgres.*Up" && docker ps | grep -q "azazel_ollama.*Up"; then + if docker ps | grep -q "azazel_postgres.*Up" && docker ps | grep -q "azazel_ollama.*Up" && docker ps | grep -q "azazel_opencanary.*Up"; then success "Docker services are running" break fi @@ -530,7 +557,6 @@ log "Step 5b/9: Configuring systemd services" systemctl enable azctl-unified.service || warn "Failed to enable azctl-unified.service" systemctl enable suricata.service || warn "Failed to enable suricata.service" systemctl enable vector.service || warn "Failed to enable vector.service" -systemctl enable opencanary.service || warn "Failed to enable opencanary.service" systemctl enable mattermost.service || warn "Failed to enable mattermost.service" systemctl enable nginx.service || warn "Failed to enable nginx.service" @@ -627,7 +653,6 @@ if [[ $START_SERVICES -eq 1 ]]; then # Start services in order systemctl start vector.service || warn "Vector service may have issues" - systemctl start opencanary.service || warn "OpenCanary service may have issues" systemctl start azctl-unified.service || warn "Azctl-unified service may have issues" systemctl start nginx.service || warn "Nginx service may have issues" @@ -639,7 +664,7 @@ if [[ $START_SERVICES -eq 1 ]]; then systemctl start azazel-suricata-update.timer || warn "Failed to start Suricata auto-update timer" log "Service status check:" - services=("azctl-unified" "suricata" "vector" "opencanary" "nginx" "docker") + services=("azctl-unified" "suricata" "vector" "nginx" "docker") for service in "${services[@]}"; do if systemctl is-active --quiet "$service.service"; then success "✓ $service: running" @@ -648,6 +673,12 @@ if [[ $START_SERVICES -eq 1 ]]; then fi done + if docker ps --format '{{.Names}} {{.Status}}' | grep -q '^azazel_opencanary '; then + success "✓ azazel_opencanary: running" + else + warn "✗ azazel_opencanary: container not running" + fi + # Check Suricata auto-update timer if systemctl is-active --quiet "azazel-suricata-update.timer"; then success "✓ suricata-auto-update: timer active" @@ -672,7 +703,7 @@ cat < "$DOCKER_CONFIG_FILE" <<'EOF' +# If system config is symlinked to repo, avoid overwriting it +if /bin/bash "${PWD}/scripts/prevent_installer_overwrite.sh" >/dev/null 2>&1; then + if /bin/bash -c "source ${PWD}/scripts/prevent_installer_overwrite.sh; prevent_overwrite '$DOCKER_CONFIG_FILE'"; then + echo "Skipping $DOCKER_CONFIG_FILE (managed by repo symlink)" + else + cat > "$DOCKER_CONFIG_FILE" <<'EOF' { - "default-runtime": "runc", - "runtimes": {"runc": {"path": "runc"}}, "storage-driver": "overlay2", "log-driver": "json-file", "log-opts": {"max-size": "10m", "max-file": "3"}, "default-ulimits": {"memlock": {"Name": "memlock", "Hard": 524288000, "Soft": 524288000}} } EOF -chown root:root "$DOCKER_CONFIG_FILE" -chmod 644 "$DOCKER_CONFIG_FILE" + chown root:root "$DOCKER_CONFIG_FILE" + chmod 644 "$DOCKER_CONFIG_FILE" + fi +else + cat > "$DOCKER_CONFIG_FILE" <<'EOF' +{ + "storage-driver": "overlay2", + "log-driver": "json-file", + "log-opts": {"max-size": "10m", "max-file": "3"}, + "default-ulimits": {"memlock": {"Name": "memlock", "Hard": 524288000, "Soft": 524288000}} +} +EOF + chown root:root "$DOCKER_CONFIG_FILE" + chmod 644 "$DOCKER_CONFIG_FILE" +fi if systemctl list-unit-files | grep -q '^docker.service'; then systemctl restart docker.service || true fi diff --git a/scripts/link_opt_to_repo.sh b/scripts/link_opt_to_repo.sh new file mode 100755 index 0000000..3db52b0 --- /dev/null +++ b/scripts/link_opt_to_repo.sh @@ -0,0 +1,73 @@ +#!/usr/bin/env bash +# Create safe symlinks from /opt/azazel/config to files in the repository +# Usage: sudo ./scripts/link_opt_to_repo.sh +set -euo pipefail + +REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)" +MAP=( + "/opt/azazel/config/docker-compose.yml:$REPO_ROOT/deploy/docker-compose.yml" + "/opt/azazel/config/opencanary.conf:$REPO_ROOT/deploy/opencanary.conf" +) + +# Additionally link every regular file under deploy/ into /opt/azazel/config +# if a file with the same basename doesn't already have an explicit mapping. +for f in "$REPO_ROOT"/deploy/*; do + [[ -f "$f" ]] || continue + base=$(basename "$f") + target="/opt/azazel/config/$base" + # Skip if already in MAP + skip=0 + for m in "${MAP[@]}"; do + if [[ "${m#*:}" == "$f" ]]; then + skip=1 + break + fi + done + if [[ $skip -eq 0 ]]; then + MAP+=("$target:$f") + fi +done + +timestamp() { date +%s; } + +if [[ $(id -u) -ne 0 ]]; then + echo "This script requires root. Run with sudo." >&2 + exit 2 +fi + +echo "Using repo root: $REPO_ROOT" + +for entry in "${MAP[@]}"; do + target_opt=${entry%%:*} + source_repo=${entry#*:} + + if [[ ! -e "$source_repo" ]]; then + echo "Skipping $target_opt -> $source_repo : source not found in repo" + continue + fi + + # Ensure directory exists + dir=$(dirname "$target_opt") + mkdir -p "$dir" + + # If already a symlink to the desired source, skip + if [[ -L "$target_opt" && "$(readlink -f "$target_opt")" == "$(readlink -f "$source_repo")" ]]; then + echo "OK: $target_opt already symlinked to repo" + continue + fi + + # Backup existing file if present + if [[ -e "$target_opt" || -L "$target_opt" ]]; then + bak="$target_opt.bak.$(timestamp)" + echo "Backing up $target_opt -> $bak" + mv -f "$target_opt" "$bak" + fi + + # Create symlink + echo "Linking $target_opt -> $source_repo" + ln -s "$source_repo" "$target_opt" + chmod 644 "$source_repo" || true + chown root:root "$source_repo" || true +done + +echo "Done. Review backups (*.bak.*) if you need to restore original files." diff --git a/scripts/prevent_installer_overwrite.sh b/scripts/prevent_installer_overwrite.sh new file mode 100644 index 0000000..7068afa --- /dev/null +++ b/scripts/prevent_installer_overwrite.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +# Lightweight guard to be sourced by install scripts to avoid overwriting +# configuration files that are symlinked to the repository. +is_symlinked() { + local file="$1" + if [[ -L "$file" ]]; then + # Resolve link target and check if it lives under the repo + local target + target=$(readlink -f "$file") + case "$target" in + $(cd "$(dirname "$0")/.." && pwd)/*) + return 0 + ;; + *) return 1 ;; + esac + fi + return 1 +} + +# Usage: prevent_overwrite /path/to/file +prevent_overwrite() { + local file="$1" + if is_symlinked "$file"; then + echo "Detected that $file is symlinked to the repository; skipping overwrite." >&2 + return 0 + fi + return 1 +} + +exit 0 diff --git a/scripts/sanity_check.sh b/scripts/sanity_check.sh index 3d8235d..87c1c50 100644 --- a/scripts/sanity_check.sh +++ b/scripts/sanity_check.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -euo pipefail -REQUIRED=(suricata vector opencanary) +REQUIRED=(suricata vector) for svc in "${REQUIRED[@]}"; do if ! systemctl is-enabled --quiet "$svc"; then @@ -11,3 +11,11 @@ for svc in "${REQUIRED[@]}"; do echo "[azazel] warning: service $svc is not running" >&2 fi done + +if command -v docker >/dev/null 2>&1; then + if ! docker ps --format '{{.Names}} {{.Status}}' | grep -q '^azazel_opencanary '; then + echo "[azazel] warning: container azazel_opencanary is not running" >&2 + fi +else + echo "[azazel] warning: docker not found; unable to verify azazel_opencanary" >&2 +fi diff --git a/systemd/azctl-unified.service b/systemd/azctl-unified.service index c52d4b3..e281ed1 100644 --- a/systemd/azctl-unified.service +++ b/systemd/azctl-unified.service @@ -1,7 +1,7 @@ [Unit] Description=Azazel Unified Control Daemon with AI Edge Computing Documentation=https://github.com/01rabbit/Azazel-Pi -After=network-online.target suricata.service opencanary.service azazel-ai-services.service azazel-wan-manager.service +After=network-online.target suricata.service azazel-ai-services.service azazel-wan-manager.service Wants=network-online.target azazel-ai-services.service azazel-wan-manager.service Requires=suricata.service @@ -32,4 +32,4 @@ TimeoutStopSec=30 [Install] WantedBy=multi-user.target -Also=suricata.service opencanary.service vector.service +Also=suricata.service vector.service diff --git a/systemd/link-opt.service b/systemd/link-opt.service new file mode 100644 index 0000000..d2000af --- /dev/null +++ b/systemd/link-opt.service @@ -0,0 +1,11 @@ +[Unit] +Description=Link /opt/azazel/config files to repository +After=network.target + +[Service] +Type=oneshot +ExecStart=/home/azazel/Azazel-Pi/scripts/link_opt_to_repo.sh +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/systemd/opencanary.service b/systemd/opencanary.service deleted file mode 100644 index d71ffa9..0000000 --- a/systemd/opencanary.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=OpenCanary honeypot (venv) -After=network-online.target -Wants=network-online.target - -[Service] -Type=simple -Environment=OPENCANARY_CONFIG=/etc/azazel/opencanary/opencanary.conf -ExecStart=/opt/opencanary-venv/bin/opencanaryd --dev --uid nobody --gid nogroup -Restart=always -RestartSec=2 - -[Install] -WantedBy=azctl.target