{"timestamp":"2023-08-23T12:36:37.187172+0000","flow_id":903006245578527,"in_iface":"ens5","event_type":"flow","src_ip":"2.1.2.3","src_port":12346,"dest_ip":"10.2.2.2","dest_port":10080,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":6,"pkts_toclient":5,"bytes_toserver":710,"bytes_toclient":665,"start":"2023-08-23T12:35:23.341319+0000","end":"2023-08-23T12:35:36.887625+0000","age":13,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}} {"timestamp":"2023-08-23T12:36:20.617562+0000","flow_id":2096924156281705,"in_iface":"ens5","event_type":"flow","src_ip":"2.1.2.3","src_port":13806,"dest_ip":"10.2.5.1","dest_port":10080,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":7,"pkts_toclient":6,"bytes_toserver":1710,"bytes_toclient":696,"start":"2023-08-23T12:35:11.946980+0000","end":"2023-08-23T12:35:19.439957+0000","age":8,"state":"closed","reason":"timeout","alerted":true},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}} {"timestamp":"2023-08-23T12:35:27.772473+0000","flow_id":903006245578527,"in_iface":"ens5","event_type":"http","src_ip":"2.1.2.3","src_port":12346,"dest_ip":"10.2.2.2","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.com","url":"/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/2UNxYJCZWSX1eaADgl24CU6QFT1.jsp","http_user_agent":"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/2UNxYJCZWSX1eaADgl24CU6QFT1.jsp","length":0}} {"timestamp":"2023-08-23T12:35:15.695157+0000","flow_id":2096924156281705,"in_iface":"ens5","event_type":"http","src_ip":"2.1.2.3","src_port":13806,"dest_ip":"10.2.5.1","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.com","url":"/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm","length":0}} {"timestamp":"2023-08-23T12:35:15.695157+0000","flow_id":2096924156281705,"in_iface":"ens5","event_type":"fileinfo","src_ip":"2.1.2.3","src_port":13806,"dest_ip":"10.2.5.1","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"example.com","url":"/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm","length":0},"app_proto":"http","fileinfo":{"filename":"2UNxYJCZWSX1eaADgl24CU6QFT1.jsp","gaps":false,"state":"CLOSED","stored":false,"size":514,"tx_id":0}} {"timestamp":"2023-08-23T12:35:15.695157+0000","flow_id":2096924156281705,"in_iface":"ens5","event_type":"alert","src_ip":"2.1.2.3","src_port":13806,"dest_ip":"10.2.5.1","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017260,"rev":12,"signature":"ET WEB_SERVER WebShell Generic - ASP File Uploaded","category":"A Network Trojan was detected","severity":1,"metadata":{"created_at":["2013_07_31"],"updated_at":["2020_04_24"]}},"http":{"hostname":"example.com","url":"/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm","length":0},"files":[{"filename":"2UNxYJCZWSX1eaADgl24CU6QFT1.jsp","gaps":false,"state":"CLOSED","stored":false,"size":514,"tx_id":0}],"app_proto":"http","direction":"to_server","flow":{"pkts_toserver":5,"pkts_toclient":4,"bytes_toserver":1578,"bytes_toclient":564,"start":"2023-08-23T12:35:11.946980+0000","src_ip":"2.1.2.3","dest_ip":"10.2.5.1","src_port":13806,"dest_port":10080}}