{"timestamp":"2023-10-01T12:33:34.219339+0000","flow_id":1304696823094652,"in_iface":"ens5","event_type":"flow","src_ip":"1.1.1.2","src_port":48300,"dest_ip":"1.0.7.7","dest_port":80,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":6,"pkts_toclient":6,"bytes_toserver":1498,"bytes_toclient":811,"start":"2023-10-01T12:31:42.400764+0000","end":"2023-10-01T12:31:42.544725+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed"}} {"timestamp":"2023-10-01T12:31:42.544725+0000","flow_id":1304696823094652,"in_iface":"ens5","event_type":"fileinfo","src_ip":"1.0.7.7","src_port":80,"dest_ip":"1.1.1.2","dest_port":48300,"proto":"TCP","http":{"hostname":"a.example.com","url":"/AHT/AhtApiService.asmx/AuthUser","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://a.example.com/AHT/AhtApiService.asmx/AuthUser","length":162},"app_proto":"http","fileinfo":{"filename":"/AHT/AhtApiService.asmx/AuthUser","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":162,"tx_id":0}} {"timestamp":"2023-10-01T12:31:42.542503+0000","flow_id":1304696823094652,"in_iface":"ens5","event_type":"http","src_ip":"1.1.1.2","src_port":48300,"dest_ip":"1.0.7.7","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"a.example.com","url":"/AHT/AhtApiService.asmx/AuthUser","http_user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://a.example.com/AHT/AhtApiService.asmx/AuthUser","length":162}} {"timestamp":"2023-10-01T11:12:28.920726+0000","flow_id":1979650869569597,"in_iface":"ens5","event_type":"flow","src_ip":"1.2.2.5","src_port":32644,"dest_ip":"1.2.5.9","dest_port":10080,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":7,"pkts_toclient":5,"bytes_toserver":1551,"bytes_toclient":598,"start":"2023-10-01T11:11:27.395387+0000","end":"2023-10-01T11:11:27.690952+0000","age":0,"state":"closed","reason":"timeout","alerted":false},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed","ts_max_regions":1,"tc_max_regions":1}} {"timestamp":"2023-10-01T11:11:27.592243+0000","flow_id":1979650869569597,"in_iface":"ens5","event_type":"http","src_ip":"1.2.2.5","src_port":32644,"dest_ip":"1.2.5.9","dest_port":10080,"proto":"TCP","pkt_src":"wire/pcap","tx_id":0,"http":{"hostname":"prod.example.com","url":"/AHT/AhtApiService.asmx/AuthUser","http_user_agent":"Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36","http_method":"POST","protocol":"HTTP/1.1","status":200,"redirect":"https://prod.example.com/AHT/AhtApiService.asmx/AuthUser","length":0}}