{"timestamp":"2023-10-30T15:28:21.661425+0000","flow_id":1472773946692718,"in_iface":"ens5","event_type":"flow","src_ip":"192.0.2.1","src_port":43739,"dest_ip":"192.0.2.2","dest_port":80,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":6,"pkts_toclient":6,"bytes_toserver":774,"bytes_toclient":790,"start":"2023-10-30T15:27:17.146298+0000","end":"2023-10-30T15:27:17.148029+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}}
{"timestamp":"2023-10-30T15:27:17.148029+0000","flow_id":1472773946692718,"in_iface":"ens5","event_type":"fileinfo","src_ip":"192.0.2.2","src_port":80,"dest_ip":"192.0.2.1","dest_port":43739,"proto":"TCP","pkt_src":"wire/pcap","http":{"hostname":"example.com","url":"/mgmt/tm/auth/user/xlccd","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36","http_content_type":"text/html","http_method":"PATCH","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/mgmt/tm/auth/user/xlccd","length":162},"app_proto":"http","fileinfo":{"filename":"/mgmt/tm/auth/user/xlccd","gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":0}}
{"timestamp":"2023-10-30T15:27:17.147791+0000","flow_id":1472773946692718,"in_iface":"ens5","event_type":"http","src_ip":"192.0.2.1","src_port":43739,"dest_ip":"192.0.2.2","dest_port":80,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"example.com","url":"/mgmt/tm/auth/user/xlccd","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36","http_content_type":"text/html","http_method":"PATCH","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/mgmt/tm/auth/user/xlccd","length":162}}
{"timestamp":"2023-10-30T11:53:16.589354+0000","flow_id":1374228869028194,"in_iface":"ens5","event_type":"flow","src_ip":"192.0.2.3","src_port":41876,"dest_ip":"192.0.2.4","dest_port":80,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":10,"pkts_toclient":8,"bytes_toserver":1582,"bytes_toclient":1324,"start":"2023-10-30T11:46:28.661858+0000","end":"2023-10-30T11:48:18.662673+0000","age":110,"state":"closed","reason":"timeout","alerted":true},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed"}}
{"timestamp":"2023-10-30T11:48:18.661996+0000","flow_id":1374228869028194,"in_iface":"ens5","event_type":"fileinfo","src_ip":"192.0.2.3","src_port":41876,"dest_ip":"192.0.2.4","dest_port":80,"proto":"TCP","http":{"hostname":"example.com","url":"/..;/mgmt/shared/authn/login","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36","xff":"192.0.2.5","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/..;/mgmt/shared/authn/login","length":162},"app_proto":"http","fileinfo":{"filename":"/..;/mgmt/shared/authn/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":51,"tx_id":1}}
{"timestamp":"2023-10-30T11:47:19.701664+0000","flow_id":1374228869028194,"in_iface":"ens5","event_type":"fileinfo","src_ip":"192.0.2.4","src_port":80,"dest_ip":"192.0.2.3","dest_port":41876,"proto":"TCP","http":{"hostname":"example.com","url":"/..;/mgmt/shared/authn/login","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36","xff":"192.0.2.5","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/..;/mgmt/shared/authn/login","length":162},"app_proto":"http","fileinfo":{"filename":"/..;/mgmt/shared/authn/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":1}}
{"timestamp":"2023-10-30T11:47:19.701664+0000","flow_id":1374228869028194,"in_iface":"ens5","event_type":"http","src_ip":"192.0.2.3","src_port":41876,"dest_ip":"192.0.2.4","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"example.com","url":"/..;/mgmt/shared/authn/login","http_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36","xff":"192.0.2.5","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/..;/mgmt/shared/authn/login","length":162}}
{"timestamp":"2023-10-30T11:47:05.593664+0000","flow_id":1374228869028194,"in_iface":"ens5","event_type":"fileinfo","src_ip":"192.0.2.4","src_port":80,"dest_ip":"192.0.2.3","dest_port":41876,"proto":"TCP","http":{"hostname":"example.com","url":"/..;/mgmt/tm/auth/user/U2XON","http_user_agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36","xff":"192.0.2.5","http_content_type":"text/html","http_method":"PATCH","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/..;/mgmt/tm/auth/user/U2XON","length":162},"app_proto":"http","fileinfo":{"filename":"/..;/mgmt/tm/auth/user/U2XON","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":0}}
{"timestamp":"2023-10-30T11:47:05.593664+0000","flow_id":1374228869028194,"in_iface":"ens5","event_type":"http","src_ip":"192.0.2.3","src_port":41876,"dest_ip":"192.0.2.4","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"example.com","url":"/..;/mgmt/tm/auth/user/U2XON","http_user_agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36","xff":"192.0.2.5","http_content_type":"text/html","http_method":"PATCH","protocol":"HTTP/1.1","status":200,"redirect":"https://example.com/..;/mgmt/tm/auth/user/U2XON","length":162}}
{"timestamp":"2023-10-30T11:47:05.552799+0000","flow_id":1374228869028194,"in_iface":"ens5","event_type":"alert","src_ip":"192.0.2.3","src_port":41876,"dest_ip":"192.0.2.4","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2006380,"rev":15,"signature":"ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted","category":"Potential Corporate Privacy Violation","severity":1,"metadata":{"created_at":["2010_07_30"],"former_category":["POLICY"],"updated_at":["2022_06_14"]}},"http":{"hostname":"example.com","url":"/..;/mgmt/tm/auth/user/U2XON","http_user_agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36","xff":"192.0.2.5","http_method":"PATCH","protocol":"HTTP/1.1","length":0},"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":740,"bytes_toclient":600,"start":"2023-10-30T11:46:28.661858+0000"}}