add example

2020-06-21 00:57:46 -07:00 · 2020-06-21 00:57:46 -07:00 · 8e20a5038d
parent dfb514c278
commit 8e20a5038d
1 changed files with 86 additions and 0 deletions
--- a/core/unifi/examples/events.json
+++ b/core/unifi/examples/events.json
@ -0,0 +1,86 @@
+{
+  "_id": "5ee9e572453d4e00f3c04a7c",
+  "user": "d8:4c:90:9f:82:5a",
+  "ssid": "Extra Fast",
+  "ap": "b4:fb:e4:d2:74:39",
+  "radio": "na",
+  "channel": "36",
+  "key": "EVT_WU_Connected",
+  "subsystem": "wlan",
+  "site_id": "574e86994566ffb914a2683c",
+  "time": 1592386923851,
+  "datetime": "2020-06-17T09:42:03Z",
+  "msg": "User[d8:4c:90:9f:82:5a] has connected to AP[b4:fb:e4:d2:74:39] with SSID \"Extra Fast\" on \"channel 36(na)\""
+},
+{
+  "_id": "5ee9e56b453d4e00f3c04a7a",
+  "user": "d8:4c:90:9f:82:5a",
+  "ssid": "Extra Fast",
+  "hostname": "dns-ipp",
+  "ap": "74:83:c2:d4:11:3d",
+  "duration": 1084,
+  "bytes": 846171,
+  "key": "EVT_WU_Disconnected",
+  "subsystem": "wlan",
+  "site_id": "574e86994566ffb914a2683c",
+  "time": 1592386923000,
+  "datetime": "2020-06-17T09:42:03Z",
+  "msg": "User[d8:4c:90:9f:82:5a] disconnected from \"Extra Fast\" (18m 4s connected, 826.34K bytes, last AP[74:83:c2:d4:11:3d])"
+},
+{
+  "_id": "5ee9f7ca453d4e00f3c04b57",
+  "timestamp": 1592391625,
+  "flow_id": 1510453960799559,
+  "in_iface": "eth0",
+  "event_type": "alert",
+  "src_ip": "192.168.1.199",
+  "src_mac": "00:50:b6:96:76:6e",
+  "src_port": 50447,
+  "dest_ip": "54.36.xxx.xxx",
+  "dst_mac": "74:83:c2:1a:35:39",
+  "dest_port": 80,
+  "proto": "TCP",
+  "tx_id": 0,
+  "app_proto": "http",
+  "host": "usg-sensor",
+  "usgip": "67.181.75.120",
+  "unique_alertid": "1603112333-2020-06-17T04:00:25.225809-0700",
+  "srcipGeo": [],
+  "dstipGeo": {
+    "continent_code": "EU",
+    "country_code": "FR",
+    "country_name": "France",
+    "latitude": 48.8582,
+    "longitude": 2.3387,
+    "asn": 16276,
+    "organization": "OVH SAS"
+  },
+  "dstipCountry": "FR",
+  "dstipASN": "16276 OVH SAS",
+  "usgipGeo": {
+    "continent_code": "NA",
+    "country_code": "US",
+    "country_name": "United States",
+    "city": "Lodi",
+    "latitude": 38.1228,
+    "longitude": -121.2543,
+    "asn": 7922,
+    "organization": "COMCAST-7922"
+  },
+  "usgipCountry": "US",
+  "usgipASN": "7922 COMCAST-7922",
+  "catname": "emerging-malware",
+  "inner_alert_action": "allowed",
+  "inner_alert_gid": 1,
+  "inner_alert_signature_id": 2003337,
+  "inner_alert_rev": 21,
+  "inner_alert_signature": "ET MALWARE Suspicious User Agent (Autoupdate)",
+  "inner_alert_category": "A Network Trojan was Detected",
+  "inner_alert_severity": 1,
+  "key": "EVT_IPS_IpsAlert",
+  "subsystem": "www",
+  "site_id": "574e86994566ffb914a2683c",
+  "time": 1592391625000,
+  "datetime": "2020-06-17T11:00:25Z",
+  "msg": "IPS Alert 1: A Network Trojan was Detected. Signature ET MALWARE Suspicious User Agent (Autoupdate). From: 192.168.1.199:50447, to: 54.36.xxx.xxx:80, protocol: TCP"
+},