Untitled
unknown
plain_text
2 years ago
16 kB
11
Indexable
[
{
"id": 79811,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "23.34.240.197",
"start_time": 1700218721522,
"last_updated_time": 1700218721626,
"event_count": 2
},
{
"id": 79810,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "23.34.240.230",
"start_time": 1700218717679,
"last_updated_time": 1700218717798,
"event_count": 2
},
{
"id": 79809,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 4,
"offense_type": 0,
"offense_source": "169.254.3.5",
"start_time": 1700218714910,
"last_updated_time": 1700220747285,
"event_count": 6
},
{
"id": 79808,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "23.34.240.223",
"start_time": 1700218713477,
"last_updated_time": 1700218719965,
"event_count": 5
},
{
"id": 79807,
"description": "AWS instance launched with non-standard image ID\n",
"magnitude": 4,
"offense_type": 3,
"offense_source": "max.wills@brill.com",
"start_time": 1700216369106,
"last_updated_time": 1700216369235,
"event_count": 3
},
{
"id": 79806,
"description": "Web server activity observed from a high confidence Bots\n",
"magnitude": 6,
"offense_type": 0,
"offense_source": "65.154.226.171",
"start_time": 1700215574270,
"last_updated_time": 1700215575223,
"event_count": 8
},
{
"id": 79805,
"description": "RHEL:Multiple authentication failures to the same user account\n",
"magnitude": 5,
"offense_type": 3,
"offense_source": "username@10.7.10.54",
"start_time": 1700213762147,
"last_updated_time": 1700215882632,
"event_count": 16
},
{
"id": 79804,
"description": "AWS WAF - Denied traffic followed by Allow\n",
"magnitude": 2,
"offense_type": 0,
"offense_source": "159.89.165.90",
"start_time": 1700211397821,
"last_updated_time": 1700211459294,
"event_count": 7
},
{
"id": 79803,
"description": "Offense Monitoring Event\n",
"magnitude": 2,
"offense_type": 2,
"offense_source": "Offense Monitoring Event",
"start_time": 1700210039858,
"last_updated_time": 1700210039858,
"event_count": 1
},
{
"id": 79802,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 5,
"offense_type": 0,
"offense_source": "10.17.10.27",
"start_time": 1700205548939,
"last_updated_time": 1700206048162,
"event_count": 5
},
{
"id": 79801,
"description": "User space user account added\n",
"magnitude": 4,
"offense_type": 3,
"offense_source": "1000",
"start_time": 1700205381941,
"last_updated_time": 1700205709940,
"event_count": 18
},
{
"id": 79800,
"description": "User Account Added\n",
"magnitude": 4,
"offense_type": 3,
"offense_source": "frs-frontend-app",
"start_time": 1700205186087,
"last_updated_time": 1700205560964,
"event_count": 4
},
{
"id": 79799,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 5,
"offense_type": 0,
"offense_source": "10.17.11.82",
"start_time": 1700205185087,
"last_updated_time": 1700205749109,
"event_count": 5
},
{
"id": 79798,
"description": "Farring: Potential DoS Attack - Excess Resource Requests\n",
"magnitude": 5,
"offense_type": 0,
"offense_source": "52.56.131.146",
"start_time": 1700202942938,
"last_updated_time": 1700203420773,
"event_count": 618
},
{
"id": 79797,
"description": "Offense Monitoring Event\n",
"magnitude": 2,
"offense_type": 2,
"offense_source": "Offense Monitoring Event",
"start_time": 1700199371383,
"last_updated_time": 1700199371383,
"event_count": 1
},
{
"id": 79796,
"description": "LOG4SHELL Possible Detection - Read the Custom Rule Description for Guidance\n",
"magnitude": 6,
"offense_type": 0,
"offense_source": "34.251.127.30",
"start_time": 1700192374641,
"last_updated_time": 1700192374764,
"event_count": 2
},
{
"id": 79795,
"description": "LOG4SHELL Possible Detection - Read the Custom Rule Description for Guidance\n",
"magnitude": 7,
"offense_type": 0,
"offense_source": "34.249.80.238",
"start_time": 1700190206491,
"last_updated_time": 1700211458421,
"event_count": 120
},
{
"id": 79794,
"description": "Offense Monitoring Event\n",
"magnitude": 2,
"offense_type": 2,
"offense_source": "Offense Monitoring Event",
"start_time": 1700188605705,
"last_updated_time": 1700188605705,
"event_count": 1
},
{
"id": 79793,
"description": "Offense Monitoring Event\n",
"magnitude": 2,
"offense_type": 2,
"offense_source": "Offense Monitoring Event",
"start_time": 1700184958140,
"last_updated_time": 1700184958140,
"event_count": 1
},
{
"id": 79792,
"description": "Web server activity observed from a high confidence Bots\n",
"magnitude": 4,
"offense_type": 0,
"offense_source": "195.123.241.30",
"start_time": 1700180488153,
"last_updated_time": 1700180488366,
"event_count": 3
},
{
"id": 79791,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "184.30.41.180",
"start_time": 1700177803138,
"last_updated_time": 1700177812294,
"event_count": 4
},
{
"id": 79790,
"description": "A user has successfully authentication from outside the UK\n",
"magnitude": 4,
"offense_type": 0,
"offense_source": "149.34.150.140",
"start_time": 1700175946376,
"last_updated_time": 1700208351699,
"event_count": 30
},
{
"id": 79789,
"description": "LOG4SHELL Possible Detection - Read the Custom Rule Description for Guidance\n",
"magnitude": 6,
"offense_type": 0,
"offense_source": "34.249.80.238",
"start_time": 1700175451069,
"last_updated_time": 1700175549244,
"event_count": 57
},
{
"id": 79788,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 4,
"offense_type": 0,
"offense_source": "169.254.3.12",
"start_time": 1700172808869,
"last_updated_time": 1700220549909,
"event_count": 9
},
{
"id": 79787,
"description": "API request successful\n preceded by Audit Started\n preceded by Offense Closed\n",
"magnitude": 2,
"offense_type": 0,
"offense_source": "184.26.90.85",
"start_time": 1700172799988,
"last_updated_time": 1700173260116,
"event_count": 9
},
{
"id": 79786,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "184.26.90.84",
"start_time": 1700172779879,
"last_updated_time": 1700173273295,
"event_count": 22
},
{
"id": 79785,
"description": "LOG4SHELL Possible Detection - Read the Custom Rule Description for Guidance\n",
"magnitude": 7,
"offense_type": 0,
"offense_source": "34.251.127.30",
"start_time": 1700136706848,
"last_updated_time": 1700172805284,
"event_count": 59
},
{
"id": 79784,
"description": "Offense Monitoring Event\n",
"magnitude": 1,
"offense_type": 2,
"offense_source": "Offense Monitoring Event",
"start_time": 1700170561466,
"last_updated_time": 1700170561466,
"event_count": 1
},
{
"id": 79783,
"description": "Offense Monitoring Event\n",
"magnitude": 1,
"offense_type": 2,
"offense_source": "Offense Monitoring Event",
"start_time": 1700166914952,
"last_updated_time": 1700166914952,
"event_count": 1
},
{
"id": 79782,
"description": "Offense Monitoring Event\n",
"magnitude": 1,
"offense_type": 2,
"offense_source": "Offense Monitoring Event",
"start_time": 1700163268497,
"last_updated_time": 1700163268497,
"event_count": 1
},
{
"id": 79781,
"description": "Offense Monitoring Event\n",
"magnitude": 1,
"offense_type": 2,
"offense_source": "Offense Monitoring Event",
"start_time": 1700159621435,
"last_updated_time": 1700159621435,
"event_count": 1
},
{
"id": 79780,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "184.26.90.84",
"start_time": 1700155754618,
"last_updated_time": 1700155760774,
"event_count": 20
},
{
"id": 79779,
"description": "An unauthorized user has successfully accessed the QRadar console\n",
"magnitude": 1,
"offense_type": 3,
"offense_source": "lucas.mendez@brill.com",
"start_time": 1700155725662,
"last_updated_time": 1700155726667,
"event_count": 4
},
{
"id": 79778,
"description": "Web server activity observed from a high confidence Bots\n",
"magnitude": 5,
"offense_type": 0,
"offense_source": "65.154.226.166",
"start_time": 1700155714127,
"last_updated_time": 1700155715086,
"event_count": 7
},
{
"id": 79777,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "184.26.90.85",
"start_time": 1700155690169,
"last_updated_time": 1700172683744,
"event_count": 12
},
{
"id": 79776,
"description": "A user has successfully authentication from outside the UK\n",
"magnitude": 4,
"offense_type": 0,
"offense_source": "152.37.82.105",
"start_time": 1700154183580,
"last_updated_time": 1700157784477,
"event_count": 8
},
{
"id": 79775,
"description": "Web server activity observed from a high confidence Bots\n",
"magnitude": 5,
"offense_type": 0,
"offense_source": "65.154.226.168",
"start_time": 1700154127170,
"last_updated_time": 1700154127807,
"event_count": 8
},
{
"id": 79774,
"description": "Farring: Potential DoS Attack - Excessive Requests\n",
"magnitude": 5,
"offense_type": 0,
"offense_source": "95.149.144.42",
"start_time": 1700152887662,
"last_updated_time": 1700217267137,
"event_count": 1937
},
{
"id": 79773,
"description": "A user has successfully authentication from outside the UK\n",
"magnitude": 4,
"offense_type": 0,
"offense_source": "149.34.150.140",
"start_time": 1700151175274,
"last_updated_time": 1700169175501,
"event_count": 18
},
{
"id": 79772,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "23.34.240.197",
"start_time": 1700151061169,
"last_updated_time": 1700155623904,
"event_count": 5
},
{
"id": 79771,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "169.254.3.12",
"start_time": 1700151039035,
"last_updated_time": 1700162860572,
"event_count": 5
},
{
"id": 79770,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "169.254.3.5",
"start_time": 1700151025893,
"last_updated_time": 1700162851631,
"event_count": 11
},
{
"id": 79769,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "23.34.240.230",
"start_time": 1700150688334,
"last_updated_time": 1700150690260,
"event_count": 3
},
{
"id": 79768,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "96.7.74.151",
"start_time": 1700150663801,
"last_updated_time": 1700150679666,
"event_count": 4
},
{
"id": 79767,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "96.7.74.142",
"start_time": 1700150605327,
"last_updated_time": 1700150662144,
"event_count": 6
},
{
"id": 79766,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "169.254.3.12",
"start_time": 1700150598656,
"last_updated_time": 1700150673871,
"event_count": 5
},
{
"id": 79765,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "169.254.3.5",
"start_time": 1700150391741,
"last_updated_time": 1700150563179,
"event_count": 3
},
{
"id": 79764,
"description": "Farring: Potential DoS Attack - Excessive Requests\n",
"magnitude": 5,
"offense_type": 0,
"offense_source": "95.149.144.42",
"start_time": 1700149229559,
"last_updated_time": 1700150370797,
"event_count": 1278
},
{
"id": 79763,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "23.34.240.197",
"start_time": 1700149232440,
"last_updated_time": 1700149232542,
"event_count": 2
},
{
"id": 79762,
"description": "Log resets/error conditions/failures/threshold exceptions Detected\n",
"magnitude": 3,
"offense_type": 0,
"offense_source": "23.34.240.223",
"start_time": 1700148437768,
"last_updated_time": 1700148468271,
"event_count": 7
}
]Editor is loading...
Leave a Comment