{"timestamp":"2023-10-10T23:17:19.607277+0000","flow_id":2134872759636519,"in_iface":"ens5","event_type":"fileinfo","src_ip":"192.0.2.1","src_port":80,"dest_ip":"203.0.113.1","dest_port":3251,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"198.51.100.1","url":"/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WamBeJMU3zJ0Cdgjl8bm76KFHi","http_user_agent":"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://198.51.100.1/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WamBeJMU3zJ0Cdgjl8bm76KFHi","length":162},"app_proto":"http","fileinfo":{"filename":"/server-info.action","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":0}} {"timestamp":"2023-10-10T23:17:19.607180+0000","flow_id":2134872759636519,"in_iface":"ens5","event_type":"http","src_ip":"203.0.113.1","src_port":3251,"dest_ip":"192.0.2.1","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"198.51.100.1","url":"/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WamBeJMU3zJ0Cdgjl8bm76KFHi","http_user_agent":"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36","http_content_type":"text/html","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://198.51.100.1/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WamBeJMU3zJ0Cdgjl8bm76KFHi","length":162}} {"timestamp":"2023-10-10T22:06:24.048269+0000","flow_id":2184051676101618,"in_iface":"ens5","event_type":"http","src_ip":"198.51.100.2","src_port":17584,"dest_ip":"192.0.2.2","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.org","url":"/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WaXZ5PDI2HcPvEX9fdqFkIGuvP","http_user_agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.org/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WaXZ5PDI2HcPvEX9fdqFkIGuvP","length":0}} {"timestamp":"2023-10-10T22:06:24.048269+0000","flow_id":2184051676101618,"in_iface":"ens5","event_type":"alert","src_ip":"198.51.100.2","src_port":17584,"dest_ip":"192.0.2.2","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2048470,"rev":1,"signature":"ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity","category":"Attempted Information Leak","severity":2,"source":{"ip":"198.51.100.2","port":17584},"target":{"ip":"192.0.2.2","port":10080},"metadata":{"affected_product":["Atlassian_Confluence"],"attack_target":["Web_Server"],"created_at":["2023_10_06"],"cve":["CVE_2023_22515"],"deployment":["SSLDecrypt","Internal","Perimeter"],"former_category":["CURRENT_EVENTS"],"performance_impact":["Low"],"reviewed_at":["2023_10_06"],"signature_severity":["Informational"],"updated_at":["2023_10_06"]}},"http":{"hostname":"example.org","url":"/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WaXZ5PDI2HcPvEX9fdqFkIGuvP","http_user_agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.org/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WaXZ5PDI2HcPvEX9fdqFkIGuvP","length":0},"app_proto":"http","direction":"to_server","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":596,"bytes_toclient":544,"start":"2023-10-10T22:06:23.836194+0000","src_ip":"198.51.100.2","dest_ip":"192.0.2.2","src_port":17584,"dest_port":10080}} {"timestamp":"2023-10-10T14:41:05.079455+0000","flow_id":80086160674337,"in_iface":"ens5","event_type":"http","src_ip":"203.0.113.2","src_port":39844,"dest_ip":"192.0.2.3","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.org","url":"/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WZnElk7wFNLDbc4gpYvzTbb8DK","http_user_agent":"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.org/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WZnElk7wFNLDbc4gpYvzTbb8DK","length":0}} {"timestamp":"2023-10-10T14:41:05.079455+0000","flow_id":80086160674337,"in_iface":"ens5","event_type":"alert","src_ip":"203.0.113.2","src_port":39844,"dest_ip":"192.0.2.3","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2048470,"rev":1,"signature":"ET CURRENT_EVENTS Possible Atlassian Confluence CVE-2023-22515 Scan Activity","category":"Attempted Information Leak","severity":2,"source":{"ip":"203.0.113.2","port":39844},"target":{"ip":"192.0.2.3","port":10080},"metadata":{"affected_product":["Atlassian_Confluence"],"attack_target":["Web_Server"],"created_at":["2023_10_06"],"cve":["CVE_2023_22515"],"deployment":["SSLDecrypt","Internal","Perimeter"],"former_category":["CURRENT_EVENTS"],"performance_impact":["Low"],"reviewed_at":["2023_10_06"],"signature_severity":["Informational"],"updated_at":["2023_10_06"]}},"http":{"hostname":"example.org","url":"/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WZnElk7wFNLDbc4gpYvzTbb8DK","http_user_agent":"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36","http_method":"GET","protocol":"HTTP/1.1","status":200,"redirect":"https://example.org/server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache2WZnElk7wFNLDbc4gpYvzTbb8DK","length":0},"app_proto":"http","direction":"to_server","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":579,"bytes_toclient":533,"start":"2023-10-10T14:41:04.870614+0000","src_ip":"203.0.113.2","dest_ip":"192.0.2.3","src_port":39844,"dest_port":10080}}