{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":46468, "SignatureRevision":22, "Impact":-, "IntrusionRuleMessage":"SERVER-OTHER Cisco Smart Install invalid init discovery message denial of service attempt", "Classification":"A Network Trojan was Detected", "WebApplication":"", "ClientApplication":"", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"", "HTTP_URI":"", "SnortRuleGroups":"Rule Categories>Server>Other", "MitreAttackGroups":"", "ApplicationID":-, "ApplicationProductivityIndex":-, "ApplicationRiskIndex":-, "ClientApplicationID":-, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":71, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"", "WebApplicationID":731, "WebApplicationProductivityIndex":2}
{"EventType":"IntrusionEvent", "EventSecond":1740804347, "EventMicrosecond":186071, "DeviceUUID":"11bc8e94-f604-11ef-bcfe-eeb1de9c8a63", "InstanceID":1, "FirstPacketSecond":1740804347, "ConnectionID":1882, "InitiatorIP":"23.48.99.12", "ResponderIP":"172.16.3.110", "InitiatorPort":80, "ResponderPort":51500, "Protocol":"tcp", "IngressInterface":"outside", "EgressInterface":"inside", "IngressZone":"outside", "EgressZone":"inside", "PriorityID":1, "GeneratorID":1, "SignatureID":46096, "SignatureRevision":22, "Impact":5, "IntrusionRuleMessage":"SERVER-OTHER,Cisco Smart Install init discovery message stack buffer overflow attempt", "Classification":"", "WebApplication":"", "ClientApplication":"", "Application":"HTTP", "IntrusionPolicy":"default", "FirewallPolicy":"default", "FirewallRule":"Permit Outbound", "NAP_Policy":"Balanced Security and Connectivity", "InlineResult":"Would block", "InlineResultReason":"Intrusion Policy in \"Detection\" Inspection Mode", "IngressVRF":"Global", "EgressVRF":"Global", "HTTP_Hostname":"", "HTTP_URI":"", "SnortRuleGroups":"Rule Categories>Server>Other", "MitreAttackGroups":"", "ApplicationID":-, "ApplicationProductivityIndex":-, "ApplicationRiskIndex":-, "ClientApplicationID":-, "ClientApplicationProductivityIndex":4, "ClientApplicationRiskIndex":2, "Device":"172.16.0.10", "DeviceIP":"172.16.0.10", "DeviceSerialNumber":"9AD5V8FSS0D", "EgressInterfaceUUID":"efbb6160-f60a-11ef-a955-43d7eeccc024", "EgressZoneUUID":"efbcd7ac-f60a-11ef-a955-43d7eeccc024", "EventID":71, "FirewallPolicyUUID":"00000000-0000-0000-0000-000067c22fb5", "FirewallRuleID":268434433, "Hostname":"ip-172-16-0-50.us-east-2.compute.internal", "IngressInterfaceUUID":"ef9a2180-f60a-11ef-a955-43d7eeccc024", "IngressZoneUUID":"ef9c7c64-f60a-11ef-a955-43d7eeccc024", "InitiatorContinent":"North America", "InitiatorContinentCode":"na", "InitiatorCountry":"United States", "InitiatorCountryCode":"usa", "InitiatorCountryID":840, "InlineResultID":5, "InlineResultReasonID":2, "IntrusionPolicyRevUUID":"c1fab45a-f615-11ef-bd70-44d7eeccc024", "IntrusionPolicyUUID":"0210b9f5-95a7-0ed3-0000-004294971142", "NAP_PolicyUUID":"a6738542-f604-11ef-8765-a4eeeeccc024", "ProtocolID":6, "RealmID":0, "RealmName":"Invalid ID", "SensorID":2, "SnortVersionID":3, "UserID":9999997, "WebApplicationHTTP":"", "WebApplicationID":731, "WebApplicationProductivityIndex":2}