unpoller_unpoller/core/unifi/examples/ids.json

{
  "_id": "5d2416c78f0385ccf1c6df44",
  "archived": false,
  "timestamp": 1562646211,
  "flow_id": 1591464006222389,
  "in_iface": "eth1",
  "event_type": "alert",
  "src_ip": "196.196.244.84",
  "src_mac": "f0:9f:c2:c4:bb:f1",
  "src_port": 51413,
  "dest_ip": "192.168.3.2",
  "dst_mac": "40:a8:f0:68:c3:58",
  "dest_port": 36881,
  "proto": "UDP",
  "app_proto": "failed",
  "host": "f0:22:22:22:22:22",
  "usgip": "11.22.33.44",
  "unique_alertid": "1341902566-2019-07-08T21:23:31.229941-0700",
  "srcipCountry": "SE",
  "dstipCountry": false,
  "usgipCountry": "US",
  "srcipGeo": {
    "continent_code": "EU",
    "country_code": "SE",
    "country_code3": "SWE",
    "country_name": "Sweden",
    "region": "26",
    "city": "Stockholm",
    "postal_code": "168 65",
    "latitude": 59.349998474121094,
    "longitude": 17.91670036315918,
    "dma_code": 0,
    "area_code": 0
  },
  "dstipGeo": false,
  "usgipGeo": {
    "continent_code": "NA",
    "country_code": "US",
    "country_code3": "USA",
    "country_name": "United States",
    "region": "CA",
    "city": "Other",
    "postal_code": "99999",
    "latitude": 99.139400482177734,
    "longitude": -99.39669799804688,
    "dma_code": 862,
    "area_code": 999
  },
  "srcipASN": "AS42607 Internet Carrier Limited",
  "dstipASN": "",
  "usgipASN": "AS7922 Comcast Cable Communications, LLC",
  "catname": "spamhaus",
  "inner_alert_action": "allowed",
  "inner_alert_gid": 1,
  "inner_alert_signature_id": 2400022,
  "inner_alert_rev": 2673,
  "inner_alert_signature": "ET DROP Spamhaus DROP Listed Traffic Inbound group 23",
  "inner_alert_category": "Misc Attack",
  "inner_alert_severity": 2,
  "key": "EVT_IPS_IpsAlert",
  "subsystem": "www",
  "site_id": "574e86994566ffb914a2683c",
  "time": 1562646211000,
  "datetime": "2019-07-09T04:23:31Z",
  "msg": "IPS Alert 2: Misc Attack. Signature ET DROP Spamhaus DROP Listed Traffic Inbound group 23. From: 196.196.244.84:51413, to: 192.168.3.2:36881, protocol: UDP"
},