bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/pkg/apiserver/tests/alert_ssh-bf.json (about) 1 [ 2 { 3 "capacity": 5, 4 "decisions": null, 5 "events": [ 6 { 7 "meta": [ 8 { 9 "key": "ASNOrg", 10 "value": "OVH SAS" 11 }, 12 { 13 "key": "target_user", 14 "value": "root" 15 }, 16 { 17 "key": "service", 18 "value": "ssh" 19 }, 20 { 21 "key": "log_type", 22 "value": "ssh_failed-auth" 23 }, 24 { 25 "key": "IsoCode", 26 "value": "FR" 27 }, 28 { 29 "key": "ASNNumber", 30 "value": "16276" 31 }, 32 { 33 "key": "source_ip", 34 "value": "91.121.79.195" 35 }, 36 { 37 "key": "IsInEU", 38 "value": "true" 39 }, 40 { 41 "key": "SourceRange", 42 "value": "91.121.72.0/21" 43 } 44 ], 45 "timestamp": "2020-10-02T17:09:08Z" 46 }, 47 { 48 "meta": [ 49 { 50 "key": "ASNOrg", 51 "value": "OVH SAS" 52 }, 53 { 54 "key": "target_user", 55 "value": "root" 56 }, 57 { 58 "key": "service", 59 "value": "ssh" 60 }, 61 { 62 "key": "source_ip", 63 "value": "91.121.79.195" 64 }, 65 { 66 "key": "ASNNumber", 67 "value": "16276" 68 }, 69 { 70 "key": "SourceRange", 71 "value": "91.121.72.0/21" 72 }, 73 { 74 "key": "log_type", 75 "value": "ssh_failed-auth" 76 }, 77 { 78 "key": "IsoCode", 79 "value": "FR" 80 }, 81 { 82 "key": "IsInEU", 83 "value": "true" 84 } 85 ], 86 "timestamp": "2020-10-02T17:09:08Z" 87 }, 88 { 89 "meta": [ 90 { 91 "key": "service", 92 "value": "ssh" 93 }, 94 { 95 "key": "log_type", 96 "value": "ssh_failed-auth" 97 }, 98 { 99 "key": "IsInEU", 100 "value": "true" 101 }, 102 { 103 "key": "ASNOrg", 104 "value": "OVH SAS" 105 }, 106 { 107 "key": "target_user", 108 "value": "root" 109 }, 110 { 111 "key": "source_ip", 112 "value": "91.121.79.195" 113 }, 114 { 115 "key": "IsoCode", 116 "value": "FR" 117 }, 118 { 119 "key": "ASNNumber", 120 "value": "16276" 121 }, 122 { 123 "key": "SourceRange", 124 "value": "91.121.72.0/21" 125 } 126 ], 127 "timestamp": "2020-10-02T17:09:08Z" 128 }, 129 { 130 "meta": [ 131 { 132 "key": "SourceRange", 133 "value": "91.121.72.0/21" 134 }, 135 { 136 "key": "target_user", 137 "value": "root" 138 }, 139 { 140 "key": "IsoCode", 141 "value": "FR" 142 }, 143 { 144 "key": "ASNNumber", 145 "value": "16276" 146 }, 147 { 148 "key": "ASNOrg", 149 "value": "OVH SAS" 150 }, 151 { 152 "key": "service", 153 "value": "ssh" 154 }, 155 { 156 "key": "log_type", 157 "value": "ssh_failed-auth" 158 }, 159 { 160 "key": "source_ip", 161 "value": "91.121.79.195" 162 }, 163 { 164 "key": "IsInEU", 165 "value": "true" 166 } 167 ], 168 "timestamp": "2020-10-02T17:09:08Z" 169 }, 170 { 171 "meta": [ 172 { 173 "key": "target_user", 174 "value": "root" 175 }, 176 { 177 "key": "log_type", 178 "value": "ssh_failed-auth" 179 }, 180 { 181 "key": "service", 182 "value": "ssh" 183 }, 184 { 185 "key": "source_ip", 186 "value": "91.121.79.195" 187 }, 188 { 189 "key": "IsoCode", 190 "value": "FR" 191 }, 192 { 193 "key": "IsInEU", 194 "value": "true" 195 }, 196 { 197 "key": "ASNNumber", 198 "value": "16276" 199 }, 200 { 201 "key": "ASNOrg", 202 "value": "OVH SAS" 203 }, 204 { 205 "key": "SourceRange", 206 "value": "91.121.72.0/21" 207 } 208 ], 209 "timestamp": "2020-10-02T17:09:08Z" 210 }, 211 { 212 "meta": [ 213 { 214 "key": "IsoCode", 215 "value": "FR" 216 }, 217 { 218 "key": "ASNNumber", 219 "value": "16276" 220 }, 221 { 222 "key": "ASNOrg", 223 "value": "OVH SAS" 224 }, 225 { 226 "key": "SourceRange", 227 "value": "91.121.72.0/21" 228 }, 229 { 230 "key": "target_user", 231 "value": "root" 232 }, 233 { 234 "key": "service", 235 "value": "ssh" 236 }, 237 { 238 "key": "log_type", 239 "value": "ssh_failed-auth" 240 }, 241 { 242 "key": "source_ip", 243 "value": "91.121.79.195" 244 }, 245 { 246 "key": "IsInEU", 247 "value": "true" 248 } 249 ], 250 "timestamp": "2020-10-02T17:09:08Z" 251 } 252 ], 253 "events_count": 6, 254 "labels": null, 255 "leakspeed": "10s", 256 "message": "Ip 91.121.79.195 performed 'breakteam/ssh-bf' (6 events over 30.18165ms) at 2020-10-26 09:50:32.055535505 +0100 CET m=+6.235529150", 257 "remediation": true, 258 "scenario": "breakteam/ssh-bf", 259 "scenario_hash": "4441dcff07020f6690d998b7101e642359ba405c2abb83565bbbdcee36de280f", 260 "scenario_version": "0.1", 261 "simulated": false, 262 "source": { 263 "as_name": "OVH SAS", 264 "cn": "FR", 265 "ip": "91.121.79.195", 266 "latitude": 50.646, 267 "longitude": 3.0758, 268 "range": "91.121.72.0/21", 269 "scope": "Ip", 270 "value": "91.121.79.195" 271 }, 272 "start_at": "2020-10-26T09:50:32.025353849+01:00", 273 "stop_at": "2020-10-26T09:50:32.055534398+01:00" 274 } 275 ]