diff --git a/core/unifi/examples/events.json b/core/unifi/examples/events.json new file mode 100644 index 00000000..1fec2a99 --- /dev/null +++ b/core/unifi/examples/events.json @@ -0,0 +1,86 @@ +{ + "_id": "5ee9e572453d4e00f3c04a7c", + "user": "d8:4c:90:9f:82:5a", + "ssid": "Extra Fast", + "ap": "b4:fb:e4:d2:74:39", + "radio": "na", + "channel": "36", + "key": "EVT_WU_Connected", + "subsystem": "wlan", + "site_id": "574e86994566ffb914a2683c", + "time": 1592386923851, + "datetime": "2020-06-17T09:42:03Z", + "msg": "User[d8:4c:90:9f:82:5a] has connected to AP[b4:fb:e4:d2:74:39] with SSID \"Extra Fast\" on \"channel 36(na)\"" +}, +{ + "_id": "5ee9e56b453d4e00f3c04a7a", + "user": "d8:4c:90:9f:82:5a", + "ssid": "Extra Fast", + "hostname": "dns-ipp", + "ap": "74:83:c2:d4:11:3d", + "duration": 1084, + "bytes": 846171, + "key": "EVT_WU_Disconnected", + "subsystem": "wlan", + "site_id": "574e86994566ffb914a2683c", + "time": 1592386923000, + "datetime": "2020-06-17T09:42:03Z", + "msg": "User[d8:4c:90:9f:82:5a] disconnected from \"Extra Fast\" (18m 4s connected, 826.34K bytes, last AP[74:83:c2:d4:11:3d])" +}, +{ + "_id": "5ee9f7ca453d4e00f3c04b57", + "timestamp": 1592391625, + "flow_id": 1510453960799559, + "in_iface": "eth0", + "event_type": "alert", + "src_ip": "192.168.1.199", + "src_mac": "00:50:b6:96:76:6e", + "src_port": 50447, + "dest_ip": "54.36.xxx.xxx", + "dst_mac": "74:83:c2:1a:35:39", + "dest_port": 80, + "proto": "TCP", + "tx_id": 0, + "app_proto": "http", + "host": "usg-sensor", + "usgip": "67.181.75.120", + "unique_alertid": "1603112333-2020-06-17T04:00:25.225809-0700", + "srcipGeo": [], + "dstipGeo": { + "continent_code": "EU", + "country_code": "FR", + "country_name": "France", + "latitude": 48.8582, + "longitude": 2.3387, + "asn": 16276, + "organization": "OVH SAS" + }, + "dstipCountry": "FR", + "dstipASN": "16276 OVH SAS", + "usgipGeo": { + "continent_code": "NA", + "country_code": "US", + "country_name": "United States", + "city": "Lodi", + "latitude": 38.1228, + "longitude": -121.2543, + "asn": 7922, + "organization": "COMCAST-7922" + }, + "usgipCountry": "US", + "usgipASN": "7922 COMCAST-7922", + "catname": "emerging-malware", + "inner_alert_action": "allowed", + "inner_alert_gid": 1, + "inner_alert_signature_id": 2003337, + "inner_alert_rev": 21, + "inner_alert_signature": "ET MALWARE Suspicious User Agent (Autoupdate)", + "inner_alert_category": "A Network Trojan was Detected", + "inner_alert_severity": 1, + "key": "EVT_IPS_IpsAlert", + "subsystem": "www", + "site_id": "574e86994566ffb914a2683c", + "time": 1592391625000, + "datetime": "2020-06-17T11:00:25Z", + "msg": "IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE Suspicious User Agent (Autoupdate). From: 192.168.1.199:50447, to: 54.36.xxx.xxx:80, protocol: TCP" +},