Sign upLogin

whotwagner/suricata

View on GitHub
Star
misc/fast.log.1

Summary

Maintainability
Test Coverage
10/06/2016-07:14:39.186933  [**] [1:2500034:4093] ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 183.129.160.229:16192 -> 192.168.0.5:80
10/06/2016-09:44:22.405503  [**] [1:2013224:12] ET POLICY Suspicious User-Agent Containing .exe [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 192.168.0.21:61214 -> 213.185.164.216:80
10/06/2016-09:59:15.555306  [**] [1:2019401:14] ET POLICY Vulnerable Java Version 1.8.x Detected [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.27:49286 -> 23.37.43.27:80
10/06/2016-09:59:15.647027  [**] [1:2019401:14] ET POLICY Vulnerable Java Version 1.8.x Detected [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.0.27:49288 -> 23.37.43.27:80
10/06/2016-10:00:47.457385  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.13:59845 -> 172.217.21.98:443
10/06/2016-10:00:47.458093  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 172.217.21.98:443 -> 192.168.0.13:59845
10/06/2016-10:00:47.518407  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.13:59847 -> 185.33.220.5:443
10/06/2016-10:00:47.518947  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 185.33.220.5:443 -> 192.168.0.13:59847
10/06/2016-10:01:22.040337  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49760 -> 195.182.26.70:443
10/06/2016-10:01:22.092234  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49760
10/06/2016-10:01:22.984315  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49762 -> 195.182.26.70:443
10/06/2016-10:01:23.032643  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49762
10/06/2016-10:01:23.500111  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49764 -> 195.182.26.70:443
10/06/2016-10:01:23.547588  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49764
10/06/2016-10:01:23.777248  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49766 -> 195.182.26.70:443
10/06/2016-10:01:23.826879  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49766
10/06/2016-10:01:25.072561  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49768 -> 195.182.26.70:443
10/06/2016-10:01:25.122716  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49768
10/06/2016-10:01:39.295768  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49774 -> 195.182.26.70:443
10/06/2016-10:01:39.343762  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49774
10/06/2016-10:01:43.694306  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49776 -> 195.182.26.70:443
10/06/2016-10:01:43.743578  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49776
10/06/2016-10:01:46.065983  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:49779 -> 195.182.26.70:443
10/06/2016-10:01:46.115559  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:49779
10/06/2016-10:44:22.352988  [**] [1:2013224:12] ET POLICY Suspicious User-Agent Containing .exe [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 192.168.0.21:62401 -> 213.185.164.216:80
10/06/2016-11:24:34.439602  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50361 -> 195.182.26.70:443
10/06/2016-11:24:34.490234  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50361
10/06/2016-11:24:34.952874  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50363 -> 195.182.26.70:443
10/06/2016-11:24:35.003259  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50363
10/06/2016-11:24:35.398791  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50365 -> 195.182.26.70:443
10/06/2016-11:24:35.688142  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50367 -> 195.182.26.70:443
10/06/2016-11:24:35.454109  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50365
10/06/2016-11:24:35.739529  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50367
10/06/2016-11:24:41.738544  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50369 -> 195.182.26.70:443
10/06/2016-11:24:41.787304  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50369
10/06/2016-11:24:44.080325  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50372 -> 195.182.26.70:443
10/06/2016-11:24:44.130042  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50372
10/06/2016-11:24:44.809038  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50374 -> 195.182.26.70:443
10/06/2016-11:24:44.856946  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50374
10/06/2016-11:25:39.392733  [**] [1:2402000:4200] ET DROP Dshield Block Listed Source group 1 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 71.6.216.43:443 -> 192.168.0.5:443
10/06/2016-11:25:39.392733  [**] [1:2403302:2973] ET CINS Active Threat Intelligence Poor Reputation IP group 3 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 71.6.216.43:443 -> 192.168.0.5:443
10/06/2016-11:33:03.671111  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50682 -> 195.182.26.70:443
10/06/2016-11:33:03.719371  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50682
10/06/2016-11:33:04.211684  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50684 -> 195.182.26.70:443
10/06/2016-11:33:04.260356  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50684
10/06/2016-11:33:04.869569  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50686 -> 195.182.26.70:443
10/06/2016-11:33:04.919184  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50686
10/06/2016-11:33:05.779465  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50688 -> 195.182.26.70:443
10/06/2016-11:33:05.790281  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50688
10/06/2016-11:33:08.934400  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50690 -> 195.182.26.70:443
10/06/2016-11:33:08.981786  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50690
10/06/2016-11:38:43.580726  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50707 -> 195.182.26.70:443
10/06/2016-11:38:43.630861  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50707
10/06/2016-11:42:45.210344  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50744 -> 195.182.26.70:443
10/06/2016-11:42:45.260877  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50744
10/06/2016-11:42:45.503674  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50746 -> 195.182.26.70:443
10/06/2016-11:42:45.554973  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50746
10/06/2016-11:42:45.813082  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50748 -> 195.182.26.70:443
10/06/2016-11:42:45.862735  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50748
10/06/2016-11:42:46.106513  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50750 -> 195.182.26.70:443
10/06/2016-11:42:46.364219  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50752 -> 195.182.26.70:443
10/06/2016-11:42:46.411981  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50752
10/06/2016-11:42:46.155033  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50750
10/06/2016-11:42:53.320067  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50756 -> 195.182.26.70:443
10/06/2016-11:42:53.370898  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50756
10/06/2016-11:42:53.711102  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50758 -> 195.182.26.70:443
10/06/2016-11:42:53.721841  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50758
10/06/2016-11:42:54.872327  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50760 -> 195.182.26.70:443
10/06/2016-11:42:54.923655  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50760
10/06/2016-11:44:22.320503  [**] [1:2013224:12] ET POLICY Suspicious User-Agent Containing .exe [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 192.168.0.21:63642 -> 213.185.164.216:80
10/06/2016-11:46:51.362738  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:50798 -> 195.182.26.70:443
10/06/2016-11:46:51.412815  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:50798
10/06/2016-11:54:23.928145  [**] [1:2013224:12] ET POLICY Suspicious User-Agent Containing .exe [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 192.168.0.21:63864 -> 213.185.164.216:80
10/06/2016-11:54:44.314769  [**] [1:2015561:2] ET INFO PDF Using CCITTFax Filter [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 87.106.10.40:80 -> 192.168.0.13:62018
10/06/2016-11:55:37.777647  [**] [1:2013224:12] ET POLICY Suspicious User-Agent Containing .exe [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} 192.168.0.21:63876 -> 213.185.164.216:80
10/06/2016-12:42:18.524190  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50701 -> 195.182.26.70:443
10/06/2016-12:42:18.572171  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50701
10/06/2016-12:42:18.878037  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50703 -> 195.182.26.70:443
10/06/2016-12:42:18.926799  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50703
10/06/2016-12:42:19.574259  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50705 -> 195.182.26.70:443
10/06/2016-12:42:19.626434  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50705
10/06/2016-12:42:20.022120  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50707 -> 195.182.26.70:443
10/06/2016-12:42:20.072932  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50707
10/06/2016-12:42:20.339976  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50709 -> 195.182.26.70:443
10/06/2016-12:42:20.389370  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50709
10/06/2016-12:42:25.100167  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50712 -> 195.182.26.70:443
10/06/2016-12:42:25.151540  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50712
10/06/2016-12:42:27.593697  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:50715 -> 195.182.26.70:443
10/06/2016-12:42:27.641473  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:50715
10/06/2016-12:49:46.811236  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.17:58206 -> 136.243.54.218:443
10/06/2016-12:49:46.834430  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 136.243.54.218:443 -> 192.168.0.17:58206
10/06/2016-12:49:48.305316  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.17:58275 -> 37.252.172.70:443
10/06/2016-12:49:48.540260  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 37.252.172.70:443 -> 192.168.0.17:58275
10/06/2016-13:55:27.681946  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51297 -> 195.182.26.70:443
10/06/2016-13:55:27.733038  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51297
10/06/2016-13:55:28.007280  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51299 -> 195.182.26.70:443
10/06/2016-13:55:28.055659  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51299
10/06/2016-13:55:28.295711  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51301 -> 195.182.26.70:443
10/06/2016-13:55:28.342795  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51301
10/06/2016-13:55:28.579846  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51303 -> 195.182.26.70:443
10/06/2016-13:55:28.628843  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51303
10/06/2016-13:55:29.057794  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51305 -> 195.182.26.70:443
10/06/2016-13:55:29.067345  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51305
10/06/2016-13:55:30.919653  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51307 -> 195.182.26.70:443
10/06/2016-13:55:30.967892  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51307
10/06/2016-13:58:30.794280  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:51339 -> 195.182.26.70:443
10/06/2016-13:58:30.843475  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:51339
10/06/2016-14:14:25.524991  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:51087 -> 195.182.26.70:443
10/06/2016-14:14:25.574540  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:51087
10/06/2016-14:14:25.830298  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:51089 -> 195.182.26.70:443
10/06/2016-14:14:25.879511  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:51089
10/06/2016-14:14:26.072196  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:51091 -> 195.182.26.70:443
10/06/2016-14:14:26.123644  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:51091
10/06/2016-14:14:27.566537  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:51093 -> 195.182.26.70:443
10/06/2016-14:14:27.614581  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:51093
10/06/2016-14:26:04.796851  [**] [1:2018959:2] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 173.194.62.246:80 -> 192.168.0.22:49267
10/06/2016-15:13:43.419337  [**] [1:2018959:2] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 172.227.186.144:80 -> 192.168.0.12:49697
10/06/2016-15:25:42.722773  [**] [1:2018959:2] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 104.84.190.186:80 -> 192.168.0.22:49449
10/06/2016-17:06:50.928856  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.13:63778 -> 136.243.39.93:443
10/06/2016-17:06:50.965275  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 136.243.39.93:443 -> 192.168.0.13:63778
10/06/2016-17:11:20.543656  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52373 -> 195.182.26.70:443
10/06/2016-17:11:20.594119  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52373
10/06/2016-17:11:23.117712  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52377 -> 195.182.26.70:443
10/06/2016-17:11:23.409590  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52379 -> 195.182.26.70:443
10/06/2016-17:11:23.165725  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52377
10/06/2016-17:11:23.456747  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52379
10/06/2016-17:11:23.706986  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52381 -> 195.182.26.70:443
10/06/2016-17:11:23.754938  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52381
10/06/2016-17:11:23.965564  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52383 -> 195.182.26.70:443
10/06/2016-17:11:24.013870  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52383
10/06/2016-17:11:26.529664  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52386 -> 195.182.26.70:443
10/06/2016-17:11:26.579047  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52386
10/06/2016-17:11:27.193283  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52388 -> 195.182.26.70:443
10/06/2016-17:11:27.205002  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52388
10/06/2016-17:11:29.563647  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52390 -> 195.182.26.70:443
10/06/2016-17:11:29.610961  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52390
10/06/2016-17:16:05.701318  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.20:52415 -> 195.182.26.70:443
10/06/2016-17:16:05.748978  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.20:52415
10/06/2016-18:27:22.260810  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:52404 -> 195.182.26.70:443
10/06/2016-18:27:22.309444  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:52404
10/06/2016-18:27:22.878087  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:52406 -> 195.182.26.70:443
10/06/2016-18:27:23.116603  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:52408 -> 195.182.26.70:443
10/06/2016-18:27:22.929708  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:52406
10/06/2016-18:27:23.166721  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:52408
10/06/2016-18:27:23.395819  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.23:52410 -> 195.182.26.70:443
10/06/2016-18:27:23.443786  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 195.182.26.70:443 -> 192.168.0.23:52410
10/06/2016-19:03:04.751445  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.0.13:49344 -> 216.58.214.130:443
10/06/2016-19:03:04.754773  [**] [1:2230003:1] SURICATA TLS invalid handshake message [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 216.58.214.130:443 -> 192.168.0.13:49344
10/06/2016-21:31:41.925044  [**] [1:2402000:4200] ET DROP Dshield Block Listed Source group 1 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 61.240.144.65:42206 -> 192.168.0.5:443
10/06/2016-21:31:41.925044  [**] [1:2403302:2973] ET CINS Active Threat Intelligence Poor Reputation IP group 3 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 61.240.144.65:42206 -> 192.168.0.5:443
10/07/2016-04:48:38.031059  [**] [1:2500034:4093] ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 183.129.160.229:811 -> 192.168.0.5:80