From a41380fa54c8b1bd741d279d8b1b32b152fc6185 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Fri, 4 Oct 2019 18:52:24 +0200 Subject: [PATCH 1/5] Fix timezone parsing of iptables module ingest pipelines --- .../module/iptables/log/ingest/pipeline.json | 12 ++++++---- .../iptables/log/test/geo.log-expected.json | 2 +- .../iptables/log/test/icmp.log-expected.json | 2 +- .../log/test/iptables.log-expected.json | 20 ++++++++--------- .../iptables/log/test/ipv6.log-expected.json | 22 +++++++++---------- .../log/test/ubiquiti.log-expected.json | 10 ++++----- 6 files changed, 36 insertions(+), 32 deletions(-) diff --git a/x-pack/filebeat/module/iptables/log/ingest/pipeline.json b/x-pack/filebeat/module/iptables/log/ingest/pipeline.json index 88c7e6d1389a..d5a36988e185 100644 --- a/x-pack/filebeat/module/iptables/log/ingest/pipeline.json +++ b/x-pack/filebeat/module/iptables/log/ingest/pipeline.json @@ -62,19 +62,23 @@ }, { "date": { + "if": "ctx.event.timezone == null", "field": "iptables.raw_date", - "ignore_failure": true, "formats": [ "MMM d HH:mm:ss", "MMM dd HH:mm:ss" - ] + ], + "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] } }, { "date": { "if": "ctx.event.timezone != null", - "field": "@timestamp", - "formats": ["ISO8601"], + "field": "iptables.raw_date", + "formats": [ + "MMM d HH:mm:ss", + "MMM dd HH:mm:ss" + ], "timezone": "{{ event.timezone }}", "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] } diff --git a/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json b/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json index 3c856455d497..3f17dc79b865 100644 --- a/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json +++ b/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2019-10-10T05:25:12.000-02:00", + "@timestamp": "2019-10-10T07:25:12.000-02:00", "destination.ip": "10.4.0.5", "destination.mac": "90:10:20:76:8d:20", "destination.port": 443, diff --git a/x-pack/filebeat/module/iptables/log/test/icmp.log-expected.json b/x-pack/filebeat/module/iptables/log/test/icmp.log-expected.json index 084bcfbc60c1..271ef0539a63 100644 --- a/x-pack/filebeat/module/iptables/log/test/icmp.log-expected.json +++ b/x-pack/filebeat/module/iptables/log/test/icmp.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2019-01-08T01:37:09.000-02:00", + "@timestamp": "2019-01-08T03:37:09.000-02:00", "destination.ip": "192.0.2.83", "destination.mac": "90:10:28:5f:62:24", "event.dataset": "iptables.log", diff --git a/x-pack/filebeat/module/iptables/log/test/iptables.log-expected.json b/x-pack/filebeat/module/iptables/log/test/iptables.log-expected.json index 8928a49c396c..343d1ad89b19 100644 --- a/x-pack/filebeat/module/iptables/log/test/iptables.log-expected.json +++ b/x-pack/filebeat/module/iptables/log/test/iptables.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2019-01-08T01:37:09.000-02:00", + "@timestamp": "2019-01-08T03:37:09.000-02:00", "destination.ip": "172.16.54.114", "destination.mac": "90:10:35:5a:1e:3a", "destination.port": 445, @@ -35,7 +35,7 @@ ] }, { - "@timestamp": "2019-01-08T01:37:57.000-02:00", + "@timestamp": "2019-01-08T03:37:57.000-02:00", "destination.ip": "172.16.54.114", "destination.mac": "90:10:35:5a:1e:3a", "destination.port": 1433, @@ -69,7 +69,7 @@ ] }, { - "@timestamp": "2019-01-08T01:38:45.000-02:00", + "@timestamp": "2019-01-08T03:38:45.000-02:00", "destination.ip": "172.16.54.114", "destination.mac": "90:10:35:5a:1e:3a", "destination.port": 445, @@ -104,7 +104,7 @@ ] }, { - "@timestamp": "2019-01-08T01:39:25.000-02:00", + "@timestamp": "2019-01-08T03:39:25.000-02:00", "destination.ip": "172.16.54.114", "destination.mac": "90:10:35:5a:1e:3a", "destination.port": 80, @@ -139,7 +139,7 @@ ] }, { - "@timestamp": "2019-01-08T01:40:21.000-02:00", + "@timestamp": "2019-01-08T03:40:21.000-02:00", "destination.ip": "172.16.54.114", "destination.mac": "90:10:35:5a:1e:3a", "destination.port": 445, @@ -174,7 +174,7 @@ ] }, { - "@timestamp": "2019-01-08T01:40:25.000-02:00", + "@timestamp": "2019-01-08T03:40:25.000-02:00", "destination.ip": "172.16.54.114", "destination.mac": "90:10:35:5a:1e:3a", "destination.port": 445, @@ -208,7 +208,7 @@ ] }, { - "@timestamp": "2019-01-08T01:41:17.000-02:00", + "@timestamp": "2019-01-08T03:41:17.000-02:00", "destination.ip": "172.16.54.114", "destination.mac": "90:10:35:5a:1e:3a", "destination.port": 445, @@ -243,7 +243,7 @@ ] }, { - "@timestamp": "2019-01-08T01:41:23.000-02:00", + "@timestamp": "2019-01-08T03:41:23.000-02:00", "destination.ip": "172.16.54.114", "destination.mac": "90:10:35:5a:1e:3a", "destination.port": 445, @@ -278,7 +278,7 @@ ] }, { - "@timestamp": "2019-01-08T01:43:18.000-02:00", + "@timestamp": "2019-01-08T03:43:18.000-02:00", "destination.ip": "172.16.54.114", "destination.mac": "90:10:35:5a:1e:3a", "destination.port": 139, @@ -312,7 +312,7 @@ ] }, { - "@timestamp": "2019-01-08T01:43:42.000-02:00", + "@timestamp": "2019-01-08T03:43:42.000-02:00", "destination.ip": "172.16.54.114", "destination.mac": "90:10:35:5a:1e:3a", "destination.port": 8088, diff --git a/x-pack/filebeat/module/iptables/log/test/ipv6.log-expected.json b/x-pack/filebeat/module/iptables/log/test/ipv6.log-expected.json index 72ddc338c16a..41492302f754 100644 --- a/x-pack/filebeat/module/iptables/log/test/ipv6.log-expected.json +++ b/x-pack/filebeat/module/iptables/log/test/ipv6.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2019-01-22T07:05:05.000-02:00", + "@timestamp": "2019-01-22T09:05:05.000-02:00", "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", "event.dataset": "iptables.log", "event.module": "iptables", @@ -28,7 +28,7 @@ ] }, { - "@timestamp": "2019-01-22T07:05:05.000-02:00", + "@timestamp": "2019-01-22T09:05:05.000-02:00", "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", "event.dataset": "iptables.log", "event.module": "iptables", @@ -56,7 +56,7 @@ ] }, { - "@timestamp": "2019-01-22T07:05:06.000-02:00", + "@timestamp": "2019-01-22T09:05:06.000-02:00", "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", "event.dataset": "iptables.log", "event.module": "iptables", @@ -84,7 +84,7 @@ ] }, { - "@timestamp": "2019-01-22T07:05:06.000-02:00", + "@timestamp": "2019-01-22T09:05:06.000-02:00", "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", "event.dataset": "iptables.log", "event.module": "iptables", @@ -112,7 +112,7 @@ ] }, { - "@timestamp": "2019-01-22T07:05:07.000-02:00", + "@timestamp": "2019-01-22T09:05:07.000-02:00", "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", "event.dataset": "iptables.log", "event.module": "iptables", @@ -140,7 +140,7 @@ ] }, { - "@timestamp": "2019-01-22T07:05:07.000-02:00", + "@timestamp": "2019-01-22T09:05:07.000-02:00", "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", "event.dataset": "iptables.log", "event.module": "iptables", @@ -168,7 +168,7 @@ ] }, { - "@timestamp": "2019-01-22T07:05:08.000-02:00", + "@timestamp": "2019-01-22T09:05:08.000-02:00", "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", "event.dataset": "iptables.log", "event.module": "iptables", @@ -196,7 +196,7 @@ ] }, { - "@timestamp": "2019-01-22T07:05:08.000-02:00", + "@timestamp": "2019-01-22T09:05:08.000-02:00", "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", "event.dataset": "iptables.log", "event.module": "iptables", @@ -224,7 +224,7 @@ ] }, { - "@timestamp": "2019-01-22T07:05:09.000-02:00", + "@timestamp": "2019-01-22T09:05:09.000-02:00", "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", "event.dataset": "iptables.log", "event.module": "iptables", @@ -252,7 +252,7 @@ ] }, { - "@timestamp": "2019-01-22T07:05:09.000-02:00", + "@timestamp": "2019-01-22T09:05:09.000-02:00", "destination.ip": "2001:0db8:0000:0000:0000:0000:0000:0002", "event.dataset": "iptables.log", "event.module": "iptables", @@ -280,7 +280,7 @@ ] }, { - "@timestamp": "2019-01-22T08:52:34.000-02:00", + "@timestamp": "2019-01-22T10:52:34.000-02:00", "destination.ip": "ff02:0000:0000:0000:0000:0000:0000:0016", "destination.mac": "90:10:12:34:56:78", "event.dataset": "iptables.log", diff --git a/x-pack/filebeat/module/iptables/log/test/ubiquiti.log-expected.json b/x-pack/filebeat/module/iptables/log/test/ubiquiti.log-expected.json index d1b3fd898b0c..01b3e5f2b4fa 100644 --- a/x-pack/filebeat/module/iptables/log/test/ubiquiti.log-expected.json +++ b/x-pack/filebeat/module/iptables/log/test/ubiquiti.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2019-01-05T18:17:05.000-02:00", + "@timestamp": "2019-01-05T20:17:05.000-02:00", "destination.ip": "255.55.174.225", "destination.mac": "90:10:92:6e:ea:a7", "destination.port": 48689, @@ -35,7 +35,7 @@ ] }, { - "@timestamp": "2019-01-05T18:17:01.000-02:00", + "@timestamp": "2019-01-05T20:17:01.000-02:00", "destination.ip": "192.0.2.25", "destination.mac": "90:10:20:76:8d:20", "destination.port": 443, @@ -73,7 +73,7 @@ ] }, { - "@timestamp": "2019-01-05T18:17:01.000-02:00", + "@timestamp": "2019-01-05T20:17:01.000-02:00", "destination.ip": "192.0.2.25", "destination.mac": "90:10:20:76:8d:20", "destination.port": 1443, @@ -113,7 +113,7 @@ ] }, { - "@timestamp": "2019-01-05T18:17:01.000-02:00", + "@timestamp": "2019-01-05T20:17:01.000-02:00", "destination.ip": "192.0.2.25", "destination.mac": "90:10:20:76:8d:20", "destination.port": 1443, @@ -151,7 +151,7 @@ ] }, { - "@timestamp": "2019-01-05T18:17:01.000-02:00", + "@timestamp": "2019-01-05T20:17:01.000-02:00", "destination.ip": "192.0.2.25", "destination.mac": "90:10:20:76:8d:20", "destination.port": 1443, From 4536fe4bbfb422a4fb23947429a64a13f1546ea0 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Fri, 4 Oct 2019 18:55:50 +0200 Subject: [PATCH 2/5] Fix timezone parsing of mssql module ingest pipelines --- .../module/mssql/log/ingest/pipeline.json | 8 +++-- .../mssql/log/test/test.log-expected.json | 30 +++++++++---------- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/x-pack/filebeat/module/mssql/log/ingest/pipeline.json b/x-pack/filebeat/module/mssql/log/ingest/pipeline.json index 81f01fd61a0a..835331c0eaf3 100644 --- a/x-pack/filebeat/module/mssql/log/ingest/pipeline.json +++ b/x-pack/filebeat/module/mssql/log/ingest/pipeline.json @@ -12,17 +12,19 @@ }, { "date": { + "if": "ctx.event.timezone == null", "field": "date", "target_field": "@timestamp", "formats": ["yyyy-MM-dd HH:mm:ss.SS"], - "ignore_failure": true + "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] } }, { "date": { "if": "ctx.event.timezone != null", - "field": "@timestamp", - "formats": ["ISO8601"], + "field": "date", + "target_field": "@timestamp", + "formats": ["yyyy-MM-dd HH:mm:ss.SS"], "timezone": "{{ event.timezone }}", "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] } diff --git a/x-pack/filebeat/module/mssql/log/test/test.log-expected.json b/x-pack/filebeat/module/mssql/log/test/test.log-expected.json index a9963e1a91ab..4f39989dc863 100644 --- a/x-pack/filebeat/module/mssql/log/test/test.log-expected.json +++ b/x-pack/filebeat/module/mssql/log/test/test.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2019-05-03T07:01:09.990-02:00", + "@timestamp": "2019-05-03T09:01:09.990-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -16,7 +16,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:09.990-02:00", + "@timestamp": "2019-05-03T09:01:09.990-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -29,7 +29,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:09.990-02:00", + "@timestamp": "2019-05-03T09:01:09.990-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -42,7 +42,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:09.990-02:00", + "@timestamp": "2019-05-03T09:01:09.990-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -55,7 +55,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:10.000-02:00", + "@timestamp": "2019-05-03T09:01:10.000-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -68,7 +68,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:10.000-02:00", + "@timestamp": "2019-05-03T09:01:10.000-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -81,7 +81,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:10.000-02:00", + "@timestamp": "2019-05-03T09:01:10.000-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -97,7 +97,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:10.000-02:00", + "@timestamp": "2019-05-03T09:01:10.000-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -110,7 +110,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:10.000-02:00", + "@timestamp": "2019-05-03T09:01:10.000-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -123,7 +123,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:10.000-02:00", + "@timestamp": "2019-05-03T09:01:10.000-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -136,7 +136,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:10.000-02:00", + "@timestamp": "2019-05-03T09:01:10.000-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -149,7 +149,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:10.010-02:00", + "@timestamp": "2019-05-03T09:01:10.010-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -162,7 +162,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:10.200-02:00", + "@timestamp": "2019-05-03T09:01:10.200-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -175,7 +175,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:11.930-02:00", + "@timestamp": "2019-05-03T09:01:11.930-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", @@ -188,7 +188,7 @@ "service.type": "mssql" }, { - "@timestamp": "2019-05-03T07:01:12.030-02:00", + "@timestamp": "2019-05-03T09:01:12.030-02:00", "event.dataset": "mssql.log", "event.module": "mssql", "event.timezone": "-02:00", From 4a5819b1fc3be0c2d07d89aedea0ce5f41b099f1 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Fri, 4 Oct 2019 19:07:19 +0200 Subject: [PATCH 3/5] Fix timezone parsing of panw module ingest pipelines --- .../module/panw/panos/ingest/pipeline.yml | 48 +- .../test/pan_inc_other.log-expected.json | 6 +- .../test/pan_inc_threat.log-expected.json | 200 +++--- .../test/pan_inc_traffic.log-expected.json | 600 +++++++++--------- .../panw/panos/test/threat.log-expected.json | 152 ++--- .../panw/panos/test/traffic.log-expected.json | 600 +++++++++--------- 6 files changed, 807 insertions(+), 799 deletions(-) diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index 17ae7788db00..b9484fd06aed 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -8,46 +8,54 @@ processors: # Set @timestamp to the time when the entry was generated at the data plane. - date: + if: "ctx.event.timezone == null" field: "_temp_.generated_time" - ignore_failure: true + target_field: "@timestamp" formats: - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] - date: - if: "ctx.event.timezone != null" - field: "@timestamp" - formats: ["ISO8601"] - timezone: "{{ event.timezone }}" - on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + if: "ctx.event.timezone != null" + field: "_temp_.generated_time" + target_field: "@timestamp" + formats: + - "yyyy/MM/dd HH:mm:ss" + timezone: "{{ event.timezone }}" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] # event.created is the time the event was received at the management plane. - date: + if: "ctx.event.timezone == null && ctx.event.created != null " field: "event.created" target_field: "event.created" - ignore_failure: true formats: - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] - date: - if: "ctx.event.timezone != null && ctx.event.created != null " - field: "event.created" - target_field: "event.created" - formats: ["ISO8601"] - timezone: "{{ event.timezone }}" - on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + if: "ctx.event.timezone != null && ctx.event.created != null " + field: "event.created" + target_field: "event.created" + formats: + - "yyyy/MM/dd HH:mm:ss" + timezone: "{{ event.timezone }}" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] # event.start (traffic only) is the time the session started. - date: + if: "ctx.event.timezone == null && ctx.event.start != null" field: "event.start" target_field: "event.start" - ignore_failure: true formats: - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] - date: - if: "ctx.event.timezone != null && ctx.event.start != null" - field: "event.start" - target_field: "event.start" - formats: ["ISO8601"] - timezone: "{{ event.timezone }}" - on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] + if: "ctx.event.timezone != null && ctx.event.start != null" + field: "event.start" + target_field: "event.start" + timezone: "{{ event.timezone }}" + formats: + - "yyyy/MM/dd HH:mm:ss" + on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] # convert integer fields as the output of the CSV processor is always a string. - convert: { type: long, ignore_missing: true, field: client.bytes } diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index 86b2cc86f0d3..c31eb3cc3026 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -26,10 +26,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:56.000-02:00", + "event.end": "2012-04-10T04:39:56.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:56.000-02:00", + "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index c1f5098346dd..d45664cdf6f7 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.ip": "192.168.0.2", "client.port": 59309, "client.user.name": "crusher", @@ -73,7 +73,7 @@ "url.original": "lorexx.cn/loader.exe" }, { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.ip": "192.168.0.2", "client.port": 59313, "client.user.name": "crusher", @@ -146,7 +146,7 @@ "url.original": "lsiu.info/evo/count.php?o=2" }, { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.ip": "192.168.0.2", "client.port": 59314, "client.user.name": "crusher", @@ -219,7 +219,7 @@ "url.original": "lsiu.info/evo/count.php?o=5" }, { - "@timestamp": "2012-04-10T02:39:57.000-02:00", + "@timestamp": "2012-04-10T04:39:57.000-02:00", "client.ip": "192.168.0.2", "client.port": 59315, "client.user.name": "crusher", @@ -292,7 +292,7 @@ "url.original": "lsiu.info/evo/count.php?o=7" }, { - "@timestamp": "2012-04-10T02:39:57.000-02:00", + "@timestamp": "2012-04-10T04:39:57.000-02:00", "client.ip": "192.168.0.2", "client.port": 59316, "client.user.name": "crusher", @@ -365,7 +365,7 @@ "url.original": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122" }, { - "@timestamp": "2012-04-10T02:39:57.000-02:00", + "@timestamp": "2012-04-10T04:39:57.000-02:00", "client.ip": "192.168.0.2", "client.port": 59317, "client.user.name": "crusher", @@ -438,7 +438,7 @@ "url.original": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122" }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.ip": "192.168.0.2", "client.port": 59302, "client.user.name": "crusher", @@ -511,7 +511,7 @@ "url.original": "liteautobestguide.cn/load.php" }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.ip": "192.168.0.2", "client.port": 59301, "client.user.name": "crusher", @@ -584,7 +584,7 @@ "url.original": "liteautobestguide.cn/index.php" }, { - "@timestamp": "2012-04-10T02:39:55.000-02:00", + "@timestamp": "2012-04-10T04:39:55.000-02:00", "client.ip": "192.168.0.2", "client.port": 59303, "client.user.name": "crusher", @@ -657,7 +657,7 @@ "url.original": "litetopdetect.cn/index.php" }, { - "@timestamp": "2012-04-10T02:39:55.000-02:00", + "@timestamp": "2012-04-10T04:39:55.000-02:00", "client.ip": "192.168.0.2", "client.port": 59304, "client.user.name": "crusher", @@ -730,7 +730,7 @@ "url.original": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513" }, { - "@timestamp": "2012-04-10T02:39:52.000-02:00", + "@timestamp": "2012-04-10T04:39:52.000-02:00", "client.ip": "192.168.0.2", "client.port": 59297, "client.user.name": "crusher", @@ -803,7 +803,7 @@ "url.original": "girlteenxxxfreemov.com/" }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.ip": "192.168.0.2", "client.port": 59299, "client.user.name": "crusher", @@ -876,7 +876,7 @@ "url.original": "imagesrepository.com/resolution.php" }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.ip": "192.168.0.2", "client.port": 59298, "client.user.name": "crusher", @@ -949,7 +949,7 @@ "url.original": "hottestfiles.com/search/search.php?q=xxx" }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.ip": "192.168.0.2", "client.port": 59300, "client.user.name": "crusher", @@ -1021,7 +1021,7 @@ "url.original": "infodist1.com/in.cgi?11¶meter=404" }, { - "@timestamp": "2012-04-10T02:39:51.000-02:00", + "@timestamp": "2012-04-10T04:39:51.000-02:00", "client.ip": "192.168.0.2", "client.port": 59295, "client.user.name": "crusher", @@ -1094,7 +1094,7 @@ "url.original": "cls-softwares.com/suc.php" }, { - "@timestamp": "2012-04-10T02:39:51.000-02:00", + "@timestamp": "2012-04-10T04:39:51.000-02:00", "client.ip": "192.168.0.2", "client.port": 59291, "client.user.name": "crusher", @@ -1167,7 +1167,7 @@ "url.original": "cls-softwares.com/softwarefortubeview.40013.exe" }, { - "@timestamp": "2012-04-10T02:39:52.000-02:00", + "@timestamp": "2012-04-10T04:39:52.000-02:00", "client.ip": "192.168.0.2", "client.port": 59296, "client.user.name": "crusher", @@ -1236,7 +1236,7 @@ "url.original": "findmorepill.com/klik/search.php?q=xxx" }, { - "@timestamp": "2012-04-10T02:39:48.000-02:00", + "@timestamp": "2012-04-10T04:39:48.000-02:00", "client.ip": "192.168.0.2", "client.port": 59280, "client.user.name": "crusher", @@ -1309,7 +1309,7 @@ "url.original": "allowedwebsurfing.com/" }, { - "@timestamp": "2012-04-10T02:39:49.000-02:00", + "@timestamp": "2012-04-10T04:39:49.000-02:00", "client.ip": "192.168.0.2", "client.port": 59281, "client.user.name": "crusher", @@ -1382,7 +1382,7 @@ "url.original": "antivirus-remote.com/" }, { - "@timestamp": "2012-04-10T02:39:49.000-02:00", + "@timestamp": "2012-04-10T04:39:49.000-02:00", "client.ip": "192.168.0.2", "client.port": 59282, "client.user.name": "crusher", @@ -1455,7 +1455,7 @@ "url.original": "bklinkov.ru/hi/start.cfg" }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.ip": "192.168.0.2", "client.port": 59290, "client.user.name": "crusher", @@ -1528,7 +1528,7 @@ "url.original": "blogsexnakedgirlxxx.com/" }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.ip": "192.168.0.2", "client.port": 59286, "client.user.name": "crusher", @@ -1601,7 +1601,7 @@ "url.original": "bklinkov.ru/hi/start.exe" }, { - "@timestamp": "2012-04-10T02:39:47.000-02:00", + "@timestamp": "2012-04-10T04:39:47.000-02:00", "client.ip": "192.168.0.2", "client.port": 59275, "client.user.name": "crusher", @@ -1674,7 +1674,7 @@ "url.original": "-/" }, { - "@timestamp": "2012-04-10T02:39:47.000-02:00", + "@timestamp": "2012-04-10T04:39:47.000-02:00", "client.ip": "192.168.0.2", "client.port": 59277, "client.user.name": "crusher", @@ -1747,7 +1747,7 @@ "url.original": "-/" }, { - "@timestamp": "2012-04-10T02:39:47.000-02:00", + "@timestamp": "2012-04-10T04:39:47.000-02:00", "client.ip": "192.168.0.2", "client.port": 59276, "client.user.name": "crusher", @@ -1820,7 +1820,7 @@ "url.original": "-/" }, { - "@timestamp": "2012-04-10T02:39:48.000-02:00", + "@timestamp": "2012-04-10T04:39:48.000-02:00", "client.ip": "192.168.0.2", "client.port": 59278, "client.user.name": "crusher", @@ -1893,7 +1893,7 @@ "url.original": "-/" }, { - "@timestamp": "2012-04-10T02:39:48.000-02:00", + "@timestamp": "2012-04-10T04:39:48.000-02:00", "client.ip": "192.168.0.2", "client.port": 59279, "client.user.name": "crusher", @@ -1966,7 +1966,7 @@ "url.original": "-/" }, { - "@timestamp": "2012-04-10T02:39:45.000-02:00", + "@timestamp": "2012-04-10T04:39:45.000-02:00", "client.ip": "192.168.0.2", "client.port": 59271, "client.user.name": "crusher", @@ -2039,7 +2039,7 @@ "url.original": "-/" }, { - "@timestamp": "2012-04-10T02:39:45.000-02:00", + "@timestamp": "2012-04-10T04:39:45.000-02:00", "client.ip": "192.168.0.2", "client.port": 59269, "client.user.name": "crusher", @@ -2112,7 +2112,7 @@ "url.original": "-/" }, { - "@timestamp": "2012-04-10T02:39:45.000-02:00", + "@timestamp": "2012-04-10T04:39:45.000-02:00", "client.ip": "192.168.0.2", "client.port": 59270, "client.user.name": "crusher", @@ -2185,7 +2185,7 @@ "url.original": "-/" }, { - "@timestamp": "2012-04-10T02:39:46.000-02:00", + "@timestamp": "2012-04-10T04:39:46.000-02:00", "client.ip": "192.168.0.2", "client.port": 59274, "client.user.name": "crusher", @@ -2258,7 +2258,7 @@ "url.original": "-/" }, { - "@timestamp": "2012-04-10T02:39:46.000-02:00", + "@timestamp": "2012-04-10T04:39:46.000-02:00", "client.ip": "192.168.0.2", "client.port": 59273, "client.user.name": "crusher", @@ -2331,7 +2331,7 @@ "url.original": "-/" }, { - "@timestamp": "2012-04-10T02:39:46.000-02:00", + "@timestamp": "2012-04-10T04:39:46.000-02:00", "client.ip": "192.168.0.2", "client.port": 59272, "client.user.name": "crusher", @@ -2404,7 +2404,7 @@ "url.original": "-/" }, { - "@timestamp": "2012-04-10T02:39:43.000-02:00", + "@timestamp": "2012-04-10T04:39:43.000-02:00", "client.ip": "192.168.0.2", "client.port": 59261, "client.user.name": "crusher", @@ -2473,7 +2473,7 @@ "url.original": "wantfinest.com/tds/in.cgi?default" }, { - "@timestamp": "2012-04-10T02:39:38.000-02:00", + "@timestamp": "2012-04-10T04:39:38.000-02:00", "client.ip": "192.168.0.2", "client.port": 59248, "client.user.name": "crusher", @@ -2542,7 +2542,7 @@ "url.original": "sameshitasiteverwas.com/traf/tds/in.cgi?2" }, { - "@timestamp": "2012-04-10T02:39:39.000-02:00", + "@timestamp": "2012-04-10T04:39:39.000-02:00", "client.ip": "192.168.0.2", "client.port": 59251, "client.user.name": "crusher", @@ -2614,7 +2614,7 @@ "url.original": "svarkon.ru/update.exe" }, { - "@timestamp": "2012-04-10T02:39:36.000-02:00", + "@timestamp": "2012-04-10T04:39:36.000-02:00", "client.ip": "192.168.0.2", "client.port": 59244, "client.user.name": "crusher", @@ -2686,7 +2686,7 @@ "url.original": "onlinescanxpp.com/land/eurl/1.php?code=" }, { - "@timestamp": "2012-04-10T02:39:34.000-02:00", + "@timestamp": "2012-04-10T04:39:34.000-02:00", "client.ip": "192.168.0.2", "client.port": 59237, "client.user.name": "crusher", @@ -2755,7 +2755,7 @@ "url.original": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6" }, { - "@timestamp": "2012-04-10T02:39:35.000-02:00", + "@timestamp": "2012-04-10T04:39:35.000-02:00", "client.ip": "192.168.0.2", "client.port": 59238, "client.user.name": "crusher", @@ -2824,7 +2824,7 @@ "url.original": "nolagtime.com/gwc.txt" }, { - "@timestamp": "2012-04-10T02:38:19.000-02:00", + "@timestamp": "2012-04-10T04:38:19.000-02:00", "client.ip": "192.168.0.2", "client.port": 59010, "client.user.name": "crusher", @@ -2896,7 +2896,7 @@ "url.original": "karavan.us/bon/index.php" }, { - "@timestamp": "2012-04-10T02:38:14.000-02:00", + "@timestamp": "2012-04-10T04:38:14.000-02:00", "client.ip": "192.168.0.2", "client.port": 58969, "client.user.name": "crusher", @@ -2965,7 +2965,7 @@ "url.original": "findnolimits.com/go.php?sid=1" }, { - "@timestamp": "2012-04-10T02:38:12.000-02:00", + "@timestamp": "2012-04-10T04:38:12.000-02:00", "client.ip": "192.168.0.2", "client.port": 58941, "client.user.name": "crusher", @@ -3034,7 +3034,7 @@ "url.original": "bizoplata.ru/moun.html" }, { - "@timestamp": "2012-04-10T02:38:12.000-02:00", + "@timestamp": "2012-04-10T04:38:12.000-02:00", "client.ip": "192.168.0.2", "client.port": 58942, "client.user.name": "crusher", @@ -3103,7 +3103,7 @@ "url.original": "bizoplata.ru/palast.html" }, { - "@timestamp": "2012-04-10T02:37:28.000-02:00", + "@timestamp": "2012-04-10T04:37:28.000-02:00", "client.ip": "204.232.231.46", "client.port": 80, "destination.address": "192.168.0.2", @@ -3175,7 +3175,7 @@ "url.original": "controller.php" }, { - "@timestamp": "2012-04-10T02:37:32.000-02:00", + "@timestamp": "2012-04-10T04:37:32.000-02:00", "client.ip": "192.168.0.2", "client.port": 58856, "client.user.name": "crusher", @@ -3247,7 +3247,7 @@ "url.original": "www.15min.it/" }, { - "@timestamp": "2012-04-10T02:37:27.000-02:00", + "@timestamp": "2012-04-10T04:37:27.000-02:00", "client.ip": "192.168.0.2", "client.port": 58847, "client.user.name": "crusher", @@ -3316,7 +3316,7 @@ "url.original": "tubemov.com/" }, { - "@timestamp": "2012-04-10T02:37:25.000-02:00", + "@timestamp": "2012-04-10T04:37:25.000-02:00", "client.ip": "192.168.0.2", "client.port": 58841, "client.user.name": "crusher", @@ -3385,7 +3385,7 @@ "url.original": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js" }, { - "@timestamp": "2012-04-10T02:37:05.000-02:00", + "@timestamp": "2012-04-10T04:37:05.000-02:00", "client.ip": "192.168.0.2", "client.port": 58795, "client.user.name": "crusher", @@ -3454,7 +3454,7 @@ "url.original": "movfree.com/" }, { - "@timestamp": "2012-04-10T02:36:51.000-02:00", + "@timestamp": "2012-04-10T04:36:51.000-02:00", "client.ip": "192.168.0.2", "client.port": 58753, "client.user.name": "crusher", @@ -3526,7 +3526,7 @@ "url.original": "gometascan.com/" }, { - "@timestamp": "2012-04-10T02:36:39.000-02:00", + "@timestamp": "2012-04-10T04:36:39.000-02:00", "client.ip": "192.168.0.2", "client.port": 58708, "client.user.name": "crusher", @@ -3598,7 +3598,7 @@ "url.original": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe" }, { - "@timestamp": "2012-04-10T02:36:38.000-02:00", + "@timestamp": "2012-04-10T04:36:38.000-02:00", "client.ip": "192.168.0.2", "client.port": 58707, "client.user.name": "crusher", @@ -3670,7 +3670,7 @@ "url.original": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N" }, { - "@timestamp": "2012-04-10T02:36:27.000-02:00", + "@timestamp": "2012-04-10T04:36:27.000-02:00", "client.ip": "192.168.0.2", "client.port": 58603, "client.user.name": "crusher", @@ -3742,7 +3742,7 @@ "url.original": "basdzsdas.com/poker/config.bin" }, { - "@timestamp": "2012-04-10T02:36:27.000-02:00", + "@timestamp": "2012-04-10T04:36:27.000-02:00", "client.ip": "192.168.0.2", "client.port": 58603, "client.user.name": "crusher", @@ -3814,7 +3814,7 @@ "url.original": "basdzsdas.com/poker/config.bin" }, { - "@timestamp": "2012-04-10T02:19:59.000-02:00", + "@timestamp": "2012-04-10T04:19:59.000-02:00", "client.ip": "173.236.179.57", "client.port": 80, "destination.address": "192.168.0.2", @@ -3886,7 +3886,7 @@ "url.original": "uLLGRaXP.exe" }, { - "@timestamp": "2012-04-10T02:36:27.000-02:00", + "@timestamp": "2012-04-10T04:36:27.000-02:00", "client.ip": "192.168.0.2", "client.port": 58603, "client.user.name": "crusher", @@ -3958,7 +3958,7 @@ "url.original": "basdzsdas.com/poker/config.bin" }, { - "@timestamp": "2012-04-10T02:51:29.000-02:00", + "@timestamp": "2012-04-10T04:51:29.000-02:00", "client.ip": "91.209.163.202", "client.port": 80, "destination.address": "192.168.0.2", @@ -4022,7 +4022,7 @@ "url.original": "FunkyEmoticons_setup.exe" }, { - "@timestamp": "2012-04-10T02:54:33.000-02:00", + "@timestamp": "2012-04-10T04:54:33.000-02:00", "client.ip": "122.226.169.183", "client.port": 80, "destination.address": "192.168.0.2", @@ -4093,7 +4093,7 @@ "url.original": "52hxw.exe" }, { - "@timestamp": "2012-04-10T03:01:00.000-02:00", + "@timestamp": "2012-04-10T05:01:00.000-02:00", "client.ip": "192.168.0.2", "client.port": 63007, "client.user.name": "crusher", @@ -4165,7 +4165,7 @@ "url.original": "softsellfast.com/test/config.bin" }, { - "@timestamp": "2012-04-10T02:45:17.000-02:00", + "@timestamp": "2012-04-10T04:45:17.000-02:00", "client.ip": "109.201.131.15", "client.port": 80, "destination.address": "192.168.0.2", @@ -4234,7 +4234,7 @@ "url.original": "setup.exe" }, { - "@timestamp": "2012-04-10T02:46:16.000-02:00", + "@timestamp": "2012-04-10T04:46:16.000-02:00", "client.ip": "91.209.163.202", "client.port": 80, "destination.address": "192.168.0.2", @@ -4298,7 +4298,7 @@ "url.original": "Live-Player_setup.exe" }, { - "@timestamp": "2012-04-10T02:42:39.000-02:00", + "@timestamp": "2012-04-10T04:42:39.000-02:00", "client.ip": "192.168.0.2", "client.port": 59709, "client.user.name": "crusher", @@ -4367,7 +4367,7 @@ "url.original": "boialex.narod.ru/config.txt" }, { - "@timestamp": "2012-04-10T02:42:42.000-02:00", + "@timestamp": "2012-04-10T04:42:42.000-02:00", "client.ip": "192.168.0.2", "client.port": 59721, "client.user.name": "crusher", @@ -4436,7 +4436,7 @@ "url.original": "edw-melon.narod.ru/config.txt" }, { - "@timestamp": "2012-04-10T02:42:51.000-02:00", + "@timestamp": "2012-04-10T04:42:51.000-02:00", "client.ip": "192.168.0.2", "client.port": 59752, "client.user.name": "crusher", @@ -4505,7 +4505,7 @@ "url.original": "maximtushin.narod.ru/config.txt" }, { - "@timestamp": "2012-04-10T02:19:59.000-02:00", + "@timestamp": "2012-04-10T04:19:59.000-02:00", "client.ip": "173.236.179.57", "client.port": 80, "destination.address": "192.168.0.2", @@ -4577,7 +4577,7 @@ "url.original": "uLLGRaXP.exe" }, { - "@timestamp": "2012-04-10T02:09:01.000-02:00", + "@timestamp": "2012-04-10T04:09:01.000-02:00", "client.ip": "192.168.0.2", "client.port": 63183, "client.user.name": "crusher", @@ -4649,7 +4649,7 @@ "url.original": "marketingsoluchion.biz/fkn/config.bin" }, { - "@timestamp": "2012-04-09T06:18:27.000-02:00", + "@timestamp": "2012-04-09T08:18:27.000-02:00", "client.ip": "192.168.0.6", "client.port": 1047, "client.user.name": "jordy", @@ -4721,7 +4721,7 @@ "url.original": "default.aspx" }, { - "@timestamp": "2012-04-09T06:18:29.000-02:00", + "@timestamp": "2012-04-09T08:18:29.000-02:00", "client.ip": "65.54.161.34", "client.port": 80, "destination.address": "192.168.0.6", @@ -4793,7 +4793,7 @@ "url.original": "sck.aspx" }, { - "@timestamp": "2012-04-09T06:18:32.000-02:00", + "@timestamp": "2012-04-09T08:18:32.000-02:00", "client.ip": "65.55.5.231", "client.port": 80, "destination.address": "192.168.0.6", @@ -4865,7 +4865,7 @@ "url.original": "ADSAdClient31.dll" }, { - "@timestamp": "2012-04-09T06:18:33.000-02:00", + "@timestamp": "2012-04-09T08:18:33.000-02:00", "client.ip": "192.168.0.6", "client.port": 1048, "client.user.name": "jordy", @@ -4937,7 +4937,7 @@ "url.original": "c.gif" }, { - "@timestamp": "2012-04-09T06:18:37.000-02:00", + "@timestamp": "2012-04-09T08:18:37.000-02:00", "client.ip": "74.125.239.17", "client.port": 80, "destination.address": "192.168.0.6", @@ -5006,7 +5006,7 @@ "url.original": "csi" }, { - "@timestamp": "2012-04-09T06:50:12.000-02:00", + "@timestamp": "2012-04-09T08:50:12.000-02:00", "client.ip": "192.168.0.2", "client.port": 57502, "client.user.name": "picard", @@ -5075,7 +5075,7 @@ "url.original": "internal-tuner.pandora.com" }, { - "@timestamp": "2012-04-09T06:58:18.000-02:00", + "@timestamp": "2012-04-09T08:58:18.000-02:00", "client.ip": "74.125.224.198", "client.port": 80, "destination.address": "192.168.0.2", @@ -5144,7 +5144,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T06:22:27.000-02:00", + "@timestamp": "2012-04-09T08:22:27.000-02:00", "client.ip": "188.190.124.75", "client.port": 80, "destination.address": "192.168.0.6", @@ -5208,7 +5208,7 @@ "url.original": "about.exe" }, { - "@timestamp": "2012-04-09T05:11:43.000-02:00", + "@timestamp": "2012-04-09T07:11:43.000-02:00", "client.ip": "74.125.224.200", "client.port": 80, "destination.address": "192.168.0.2", @@ -5277,7 +5277,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T05:14:02.000-02:00", + "@timestamp": "2012-04-09T07:14:02.000-02:00", "client.ip": "74.125.239.3", "client.port": 80, "destination.address": "192.168.0.2", @@ -5346,7 +5346,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T05:14:39.000-02:00", + "@timestamp": "2012-04-09T07:14:39.000-02:00", "client.ip": "74.125.239.3", "client.port": 80, "destination.address": "192.168.0.2", @@ -5415,7 +5415,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T05:16:03.000-02:00", + "@timestamp": "2012-04-09T07:16:03.000-02:00", "client.ip": "74.125.224.200", "client.port": 80, "destination.address": "192.168.0.2", @@ -5484,7 +5484,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T05:18:14.000-02:00", + "@timestamp": "2012-04-09T07:18:14.000-02:00", "client.ip": "192.168.0.2", "client.port": 52366, "client.user.name": "picard", @@ -5553,7 +5553,7 @@ "url.original": "__utm.gif" }, { - "@timestamp": "2012-04-09T05:25:04.000-02:00", + "@timestamp": "2012-04-09T07:25:04.000-02:00", "client.ip": "74.125.224.193", "client.port": 80, "destination.address": "192.168.0.2", @@ -5622,7 +5622,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T05:36:04.000-02:00", + "@timestamp": "2012-04-09T07:36:04.000-02:00", "client.ip": "74.125.239.20", "client.port": 80, "destination.address": "192.168.0.2", @@ -5691,7 +5691,7 @@ "url.original": "nav_logo107.png" }, { - "@timestamp": "2012-04-09T06:08:08.000-02:00", + "@timestamp": "2012-04-09T08:08:08.000-02:00", "client.ip": "208.80.154.225", "client.port": 80, "destination.address": "192.168.0.2", @@ -5760,7 +5760,7 @@ "url.original": "Eadweard_Muybridge" }, { - "@timestamp": "2012-04-09T06:08:44.000-02:00", + "@timestamp": "2012-04-09T08:08:44.000-02:00", "client.ip": "208.80.154.234", "client.port": 80, "destination.address": "192.168.0.2", @@ -5829,7 +5829,7 @@ "url.original": "load.php" }, { - "@timestamp": "2012-04-09T06:16:57.000-02:00", + "@timestamp": "2012-04-09T08:16:57.000-02:00", "client.ip": "65.54.75.25", "client.port": 80, "destination.address": "192.168.0.6", @@ -5901,7 +5901,7 @@ "url.original": "8fe44cb728c0f40750c64ee906eb72.css" }, { - "@timestamp": "2012-04-09T02:06:41.000-02:00", + "@timestamp": "2012-04-09T04:06:41.000-02:00", "client.ip": "74.125.224.206", "client.port": 80, "destination.address": "192.168.0.2", @@ -5970,7 +5970,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T02:12:52.000-02:00", + "@timestamp": "2012-04-09T04:12:52.000-02:00", "client.ip": "74.125.224.195", "client.port": 80, "destination.address": "192.168.0.2", @@ -6039,7 +6039,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T04:07:49.000-02:00", + "@timestamp": "2012-04-09T06:07:49.000-02:00", "client.ip": "207.178.96.34", "client.port": 80, "destination.address": "192.168.0.2", @@ -6111,7 +6111,7 @@ "url.original": "appcast.xml" }, { - "@timestamp": "2012-04-09T04:48:44.000-02:00", + "@timestamp": "2012-04-09T06:48:44.000-02:00", "client.ip": "74.125.224.195", "client.port": 80, "destination.address": "192.168.0.2", @@ -6180,7 +6180,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T04:48:59.000-02:00", + "@timestamp": "2012-04-09T06:48:59.000-02:00", "client.ip": "74.125.239.20", "client.port": 80, "destination.address": "192.168.0.2", @@ -6249,7 +6249,7 @@ "url.original": "csi" }, { - "@timestamp": "2012-04-09T04:50:14.000-02:00", + "@timestamp": "2012-04-09T06:50:14.000-02:00", "client.ip": "66.152.109.24", "client.port": 80, "destination.address": "192.168.0.2", @@ -6318,7 +6318,7 @@ "url.original": "index.php" }, { - "@timestamp": "2012-04-09T04:51:34.000-02:00", + "@timestamp": "2012-04-09T06:51:34.000-02:00", "client.ip": "74.125.224.200", "client.port": 80, "destination.address": "192.168.0.2", @@ -6387,7 +6387,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T04:53:41.000-02:00", + "@timestamp": "2012-04-09T06:53:41.000-02:00", "client.ip": "192.168.0.2", "client.port": 49681, "client.user.name": "picard", @@ -6456,7 +6456,7 @@ "url.original": "__utm.gif" }, { - "@timestamp": "2012-04-09T04:54:35.000-02:00", + "@timestamp": "2012-04-09T06:54:35.000-02:00", "client.ip": "74.125.224.200", "client.port": 80, "destination.address": "192.168.0.2", @@ -6525,7 +6525,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T04:54:55.000-02:00", + "@timestamp": "2012-04-09T06:54:55.000-02:00", "client.ip": "74.125.224.200", "client.port": 80, "destination.address": "192.168.0.2", @@ -6594,7 +6594,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T01:44:49.000-02:00", + "@timestamp": "2012-04-09T03:44:49.000-02:00", "client.ip": "192.168.0.2", "client.port": 59781, "client.user.name": "jordy", @@ -6663,7 +6663,7 @@ "url.original": "internal-tuner.pandora.com" }, { - "@timestamp": "2012-04-09T01:45:45.000-02:00", + "@timestamp": "2012-04-09T03:45:45.000-02:00", "client.ip": "74.125.224.201", "client.port": 80, "destination.address": "192.168.0.2", @@ -6732,7 +6732,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T01:49:17.000-02:00", + "@timestamp": "2012-04-09T03:49:17.000-02:00", "client.ip": "74.125.224.201", "client.port": 80, "destination.address": "192.168.0.2", @@ -6801,7 +6801,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T01:53:41.000-02:00", + "@timestamp": "2012-04-09T03:53:41.000-02:00", "client.ip": "74.125.224.200", "client.port": 80, "destination.address": "192.168.0.2", @@ -6870,7 +6870,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T01:55:23.000-02:00", + "@timestamp": "2012-04-09T03:55:23.000-02:00", "client.ip": "74.125.224.200", "client.port": 80, "destination.address": "192.168.0.2", @@ -6939,7 +6939,7 @@ "url.original": "js" }, { - "@timestamp": "2012-04-09T01:55:52.000-02:00", + "@timestamp": "2012-04-09T03:55:52.000-02:00", "client.ip": "74.125.224.198", "client.port": 80, "destination.address": "192.168.0.2", @@ -7008,7 +7008,7 @@ "url.original": "ga.js" }, { - "@timestamp": "2012-04-09T02:03:55.000-02:00", + "@timestamp": "2012-04-09T04:03:55.000-02:00", "client.ip": "74.125.224.200", "client.port": 80, "destination.address": "192.168.0.2", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json index 3c968f62d78d..3ef0b8fa3080 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2012-04-10T02:39:58.000-02:00", + "@timestamp": "2012-04-10T04:39:58.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -26,10 +26,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:59.000-02:00", + "event.end": "2012-04-10T04:39:59.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:59.000-02:00", + "event.start": "2012-04-10T04:39:59.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -80,7 +80,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:58.000-02:00", + "@timestamp": "2012-04-10T04:39:58.000-02:00", "client.bytes": 76, "client.ip": "192.168.0.2", "client.packets": 0, @@ -103,10 +103,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:58.000-02:00", + "event.end": "2012-04-10T04:39:58.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:58.000-02:00", + "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -157,7 +157,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:58.000-02:00", + "@timestamp": "2012-04-10T04:39:58.000-02:00", "client.bytes": 76, "client.ip": "192.168.0.2", "client.packets": 0, @@ -180,10 +180,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:58.000-02:00", + "event.end": "2012-04-10T04:39:58.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:58.000-02:00", + "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -234,7 +234,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:58.000-02:00", + "@timestamp": "2012-04-10T04:39:58.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -260,10 +260,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:58.000-02:00", + "event.end": "2012-04-10T04:39:58.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:58.000-02:00", + "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -314,7 +314,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:58.000-02:00", + "@timestamp": "2012-04-10T04:39:58.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -340,10 +340,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:58.000-02:00", + "event.end": "2012-04-10T04:39:58.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:58.000-02:00", + "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -394,7 +394,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:58.000-02:00", + "@timestamp": "2012-04-10T04:39:58.000-02:00", "client.bytes": 74, "client.ip": "192.168.0.2", "client.packets": 0, @@ -417,10 +417,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:58.000-02:00", + "event.end": "2012-04-10T04:39:58.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:58.000-02:00", + "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -471,7 +471,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:58.000-02:00", + "@timestamp": "2012-04-10T04:39:58.000-02:00", "client.bytes": 74, "client.ip": "192.168.0.2", "client.packets": 0, @@ -494,10 +494,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:58.000-02:00", + "event.end": "2012-04-10T04:39:58.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:58.000-02:00", + "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -548,7 +548,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:58.000-02:00", + "@timestamp": "2012-04-10T04:39:58.000-02:00", "client.bytes": 549, "client.ip": "192.168.0.2", "client.packets": 4, @@ -574,10 +574,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2012-04-10T02:39:28.000-02:00", + "event.end": "2012-04-10T04:39:28.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:27.000-02:00", + "event.start": "2012-04-10T04:39:27.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -628,7 +628,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:58.000-02:00", + "@timestamp": "2012-04-10T04:39:58.000-02:00", "client.bytes": 549, "client.ip": "192.168.0.2", "client.packets": 4, @@ -654,10 +654,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:28.000-02:00", + "event.end": "2012-04-10T04:39:28.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:28.000-02:00", + "event.start": "2012-04-10T04:39:28.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -708,7 +708,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:58.000-02:00", + "@timestamp": "2012-04-10T04:39:58.000-02:00", "client.bytes": 549, "client.ip": "192.168.0.2", "client.packets": 4, @@ -734,10 +734,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2012-04-10T02:39:28.000-02:00", + "event.end": "2012-04-10T04:39:28.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:27.000-02:00", + "event.start": "2012-04-10T04:39:27.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -788,7 +788,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:57.000-02:00", + "@timestamp": "2012-04-10T04:39:57.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -814,10 +814,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:58.000-02:00", + "event.end": "2012-04-10T04:39:58.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:58.000-02:00", + "event.start": "2012-04-10T04:39:58.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -868,7 +868,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:57.000-02:00", + "@timestamp": "2012-04-10T04:39:57.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -894,10 +894,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:57.000-02:00", + "event.end": "2012-04-10T04:39:57.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:57.000-02:00", + "event.start": "2012-04-10T04:39:57.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -948,7 +948,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:57.000-02:00", + "@timestamp": "2012-04-10T04:39:57.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -974,10 +974,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:57.000-02:00", + "event.end": "2012-04-10T04:39:57.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:57.000-02:00", + "event.start": "2012-04-10T04:39:57.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1028,7 +1028,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:57.000-02:00", + "@timestamp": "2012-04-10T04:39:57.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -1054,10 +1054,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:57.000-02:00", + "event.end": "2012-04-10T04:39:57.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:57.000-02:00", + "event.start": "2012-04-10T04:39:57.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1108,7 +1108,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:57.000-02:00", + "@timestamp": "2012-04-10T04:39:57.000-02:00", "client.bytes": 549, "client.ip": "192.168.0.2", "client.packets": 4, @@ -1134,10 +1134,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:27.000-02:00", + "event.end": "2012-04-10T04:39:27.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:27.000-02:00", + "event.start": "2012-04-10T04:39:27.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1188,7 +1188,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:57.000-02:00", + "@timestamp": "2012-04-10T04:39:57.000-02:00", "client.bytes": 549, "client.ip": "192.168.0.2", "client.packets": 4, @@ -1214,10 +1214,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2012-04-10T02:39:27.000-02:00", + "event.end": "2012-04-10T04:39:27.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:26.000-02:00", + "event.start": "2012-04-10T04:39:26.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1268,7 +1268,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.bytes": 1359, "client.ip": "192.168.0.2", "client.packets": 3, @@ -1294,10 +1294,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 512000000000, - "event.end": "2012-04-10T02:38:26.000-02:00", + "event.end": "2012-04-10T04:38:26.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:29:54.000-02:00", + "event.start": "2012-04-10T04:29:54.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1348,7 +1348,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -1374,10 +1374,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:56.000-02:00", + "event.end": "2012-04-10T04:39:56.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:56.000-02:00", + "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1428,7 +1428,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -1454,10 +1454,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:56.000-02:00", + "event.end": "2012-04-10T04:39:56.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:56.000-02:00", + "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1508,7 +1508,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.bytes": 69, "client.ip": "192.168.0.2", "client.packets": 0, @@ -1531,10 +1531,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:56.000-02:00", + "event.end": "2012-04-10T04:39:56.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:56.000-02:00", + "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1585,7 +1585,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.bytes": 69, "client.ip": "192.168.0.2", "client.packets": 0, @@ -1608,10 +1608,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:56.000-02:00", + "event.end": "2012-04-10T04:39:56.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:56.000-02:00", + "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1662,7 +1662,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -1688,10 +1688,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:56.000-02:00", + "event.end": "2012-04-10T04:39:56.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:56.000-02:00", + "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1742,7 +1742,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.bytes": 66, "client.ip": "192.168.0.2", "client.packets": 1, @@ -1765,10 +1765,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:26.000-02:00", + "event.end": "2012-04-10T04:39:26.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:26.000-02:00", + "event.start": "2012-04-10T04:39:26.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1819,7 +1819,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.bytes": 549, "client.ip": "192.168.0.2", "client.packets": 4, @@ -1845,10 +1845,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:26.000-02:00", + "event.end": "2012-04-10T04:39:26.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:26.000-02:00", + "event.start": "2012-04-10T04:39:26.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1899,7 +1899,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:56.000-02:00", + "@timestamp": "2012-04-10T04:39:56.000-02:00", "client.bytes": 549, "client.ip": "192.168.0.2", "client.packets": 4, @@ -1925,10 +1925,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:26.000-02:00", + "event.end": "2012-04-10T04:39:26.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:26.000-02:00", + "event.start": "2012-04-10T04:39:26.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1979,7 +1979,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:55.000-02:00", + "@timestamp": "2012-04-10T04:39:55.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -2005,10 +2005,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:56.000-02:00", + "event.end": "2012-04-10T04:39:56.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:56.000-02:00", + "event.start": "2012-04-10T04:39:56.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2059,7 +2059,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:55.000-02:00", + "@timestamp": "2012-04-10T04:39:55.000-02:00", "client.bytes": 69, "client.ip": "192.168.0.2", "client.packets": 0, @@ -2082,10 +2082,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:55.000-02:00", + "event.end": "2012-04-10T04:39:55.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:55.000-02:00", + "event.start": "2012-04-10T04:39:55.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2136,7 +2136,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:55.000-02:00", + "@timestamp": "2012-04-10T04:39:55.000-02:00", "client.bytes": 69, "client.ip": "192.168.0.2", "client.packets": 0, @@ -2159,10 +2159,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:55.000-02:00", + "event.end": "2012-04-10T04:39:55.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:55.000-02:00", + "event.start": "2012-04-10T04:39:55.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2213,7 +2213,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:55.000-02:00", + "@timestamp": "2012-04-10T04:39:55.000-02:00", "client.bytes": 504, "client.ip": "192.168.0.2", "client.packets": 8, @@ -2236,10 +2236,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 125000000000, - "event.end": "2012-04-10T02:39:55.000-02:00", + "event.end": "2012-04-10T04:39:55.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:37:50.000-02:00", + "event.start": "2012-04-10T04:37:50.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2290,7 +2290,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:55.000-02:00", + "@timestamp": "2012-04-10T04:39:55.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -2316,10 +2316,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:55.000-02:00", + "event.end": "2012-04-10T04:39:55.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:55.000-02:00", + "event.start": "2012-04-10T04:39:55.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2370,7 +2370,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:55.000-02:00", + "@timestamp": "2012-04-10T04:39:55.000-02:00", "client.bytes": 71, "client.ip": "192.168.0.2", "client.packets": 0, @@ -2393,10 +2393,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:55.000-02:00", + "event.end": "2012-04-10T04:39:55.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:55.000-02:00", + "event.start": "2012-04-10T04:39:55.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2447,7 +2447,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:55.000-02:00", + "@timestamp": "2012-04-10T04:39:55.000-02:00", "client.bytes": 837, "client.ip": "192.168.0.2", "client.packets": 10, @@ -2473,10 +2473,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2012-04-10T02:39:25.000-02:00", + "event.end": "2012-04-10T04:39:25.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:24.000-02:00", + "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2527,7 +2527,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -2553,10 +2553,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:55.000-02:00", + "event.end": "2012-04-10T04:39:55.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:55.000-02:00", + "event.start": "2012-04-10T04:39:55.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2607,7 +2607,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 76, "client.ip": "192.168.0.2", "client.packets": 0, @@ -2630,10 +2630,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:54.000-02:00", + "event.end": "2012-04-10T04:39:54.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:54.000-02:00", + "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2684,7 +2684,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 76, "client.ip": "192.168.0.2", "client.packets": 0, @@ -2707,10 +2707,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:54.000-02:00", + "event.end": "2012-04-10T04:39:54.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:54.000-02:00", + "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2761,7 +2761,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -2787,10 +2787,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:54.000-02:00", + "event.end": "2012-04-10T04:39:54.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:54.000-02:00", + "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2841,7 +2841,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -2867,10 +2867,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:54.000-02:00", + "event.end": "2012-04-10T04:39:54.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:54.000-02:00", + "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2921,7 +2921,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 80, "client.ip": "192.168.0.2", "client.packets": 0, @@ -2944,10 +2944,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:54.000-02:00", + "event.end": "2012-04-10T04:39:54.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:54.000-02:00", + "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2998,7 +2998,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 80, "client.ip": "192.168.0.2", "client.packets": 0, @@ -3021,10 +3021,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:54.000-02:00", + "event.end": "2012-04-10T04:39:54.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:54.000-02:00", + "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3075,7 +3075,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 95, "client.ip": "192.168.0.100", "client.packets": 1, @@ -3097,10 +3097,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:24.000-02:00", + "event.end": "2012-04-10T04:39:24.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:24.000-02:00", + "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3149,7 +3149,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 597, "client.ip": "192.168.0.2", "client.packets": 7, @@ -3175,10 +3175,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2012-04-10T02:39:24.000-02:00", + "event.end": "2012-04-10T04:39:24.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:23.000-02:00", + "event.start": "2012-04-10T04:39:23.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3229,7 +3229,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 804, "client.ip": "192.168.0.100", "client.packets": 7, @@ -3254,10 +3254,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:24.000-02:00", + "event.end": "2012-04-10T04:39:24.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:24.000-02:00", + "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3306,7 +3306,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 187, "client.ip": "192.168.0.2", "client.packets": 1, @@ -3332,10 +3332,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:24.000-02:00", + "event.end": "2012-04-10T04:39:24.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:24.000-02:00", + "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3386,7 +3386,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 76, "client.ip": "192.168.0.2", "client.packets": 1, @@ -3412,10 +3412,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:24.000-02:00", + "event.end": "2012-04-10T04:39:24.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:24.000-02:00", + "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3466,7 +3466,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:54.000-02:00", + "@timestamp": "2012-04-10T04:39:54.000-02:00", "client.bytes": 86, "client.ip": "192.168.0.100", "client.packets": 1, @@ -3488,10 +3488,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:24.000-02:00", + "event.end": "2012-04-10T04:39:24.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:24.000-02:00", + "event.start": "2012-04-10T04:39:24.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3540,7 +3540,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -3566,10 +3566,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:54.000-02:00", + "event.end": "2012-04-10T04:39:54.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:54.000-02:00", + "event.start": "2012-04-10T04:39:54.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3620,7 +3620,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.bytes": 73, "client.ip": "192.168.0.2", "client.packets": 0, @@ -3643,10 +3643,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:53.000-02:00", + "event.end": "2012-04-10T04:39:53.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:53.000-02:00", + "event.start": "2012-04-10T04:39:53.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3697,7 +3697,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -3723,10 +3723,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:53.000-02:00", + "event.end": "2012-04-10T04:39:53.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:53.000-02:00", + "event.start": "2012-04-10T04:39:53.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3777,7 +3777,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.bytes": 80, "client.ip": "192.168.0.2", "client.packets": 0, @@ -3800,10 +3800,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:53.000-02:00", + "event.end": "2012-04-10T04:39:53.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:53.000-02:00", + "event.start": "2012-04-10T04:39:53.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3854,7 +3854,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.bytes": 166, "client.ip": "192.168.0.2", "client.packets": 2, @@ -3877,10 +3877,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2012-04-10T02:39:23.000-02:00", + "event.end": "2012-04-10T04:39:23.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:22.000-02:00", + "event.start": "2012-04-10T04:39:22.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3931,7 +3931,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.bytes": 75, "client.ip": "192.168.0.2", "client.packets": 1, @@ -3954,10 +3954,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:23.000-02:00", + "event.end": "2012-04-10T04:39:23.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:23.000-02:00", + "event.start": "2012-04-10T04:39:23.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4008,7 +4008,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.bytes": 75, "client.ip": "192.168.0.2", "client.packets": 1, @@ -4031,10 +4031,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:23.000-02:00", + "event.end": "2012-04-10T04:39:23.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:23.000-02:00", + "event.start": "2012-04-10T04:39:23.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4085,7 +4085,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.bytes": 594, "client.ip": "192.168.0.2", "client.packets": 7, @@ -4111,10 +4111,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:23.000-02:00", + "event.end": "2012-04-10T04:39:23.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:23.000-02:00", + "event.start": "2012-04-10T04:39:23.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4165,7 +4165,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.bytes": 1005, "client.ip": "192.168.0.2", "client.packets": 10, @@ -4191,10 +4191,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 2000000000, - "event.end": "2012-04-10T02:39:23.000-02:00", + "event.end": "2012-04-10T04:39:23.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:21.000-02:00", + "event.start": "2012-04-10T04:39:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4245,7 +4245,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.bytes": 1363, "client.ip": "192.168.0.2", "client.packets": 3, @@ -4271,10 +4271,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 512000000000, - "event.end": "2012-04-10T02:38:23.000-02:00", + "event.end": "2012-04-10T04:38:23.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:29:51.000-02:00", + "event.start": "2012-04-10T04:29:51.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4325,7 +4325,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:53.000-02:00", + "@timestamp": "2012-04-10T04:39:53.000-02:00", "client.bytes": 80, "client.ip": "192.168.0.2", "client.packets": 0, @@ -4348,10 +4348,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:53.000-02:00", + "event.end": "2012-04-10T04:39:53.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:53.000-02:00", + "event.start": "2012-04-10T04:39:53.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4402,7 +4402,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:52.000-02:00", + "@timestamp": "2012-04-10T04:39:52.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -4428,10 +4428,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:53.000-02:00", + "event.end": "2012-04-10T04:39:53.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:53.000-02:00", + "event.start": "2012-04-10T04:39:53.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4482,7 +4482,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:52.000-02:00", + "@timestamp": "2012-04-10T04:39:52.000-02:00", "client.bytes": 76, "client.ip": "192.168.0.2", "client.packets": 0, @@ -4505,10 +4505,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:52.000-02:00", + "event.end": "2012-04-10T04:39:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:52.000-02:00", + "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4559,7 +4559,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:52.000-02:00", + "@timestamp": "2012-04-10T04:39:52.000-02:00", "client.bytes": 76, "client.ip": "192.168.0.2", "client.packets": 0, @@ -4582,10 +4582,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:52.000-02:00", + "event.end": "2012-04-10T04:39:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:52.000-02:00", + "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4636,7 +4636,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:52.000-02:00", + "@timestamp": "2012-04-10T04:39:52.000-02:00", "client.bytes": 186, "client.ip": "192.168.0.2", "client.packets": 0, @@ -4662,10 +4662,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:52.000-02:00", + "event.end": "2012-04-10T04:39:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:52.000-02:00", + "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4716,7 +4716,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:52.000-02:00", + "@timestamp": "2012-04-10T04:39:52.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -4742,10 +4742,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:52.000-02:00", + "event.end": "2012-04-10T04:39:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:52.000-02:00", + "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4796,7 +4796,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:52.000-02:00", + "@timestamp": "2012-04-10T04:39:52.000-02:00", "client.bytes": 82, "client.ip": "192.168.0.2", "client.packets": 0, @@ -4819,10 +4819,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:52.000-02:00", + "event.end": "2012-04-10T04:39:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:52.000-02:00", + "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4873,7 +4873,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:52.000-02:00", + "@timestamp": "2012-04-10T04:39:52.000-02:00", "client.bytes": 82, "client.ip": "192.168.0.2", "client.packets": 0, @@ -4896,10 +4896,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:52.000-02:00", + "event.end": "2012-04-10T04:39:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:52.000-02:00", + "event.start": "2012-04-10T04:39:52.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4950,7 +4950,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:52.000-02:00", + "@timestamp": "2012-04-10T04:39:52.000-02:00", "client.bytes": 581, "client.ip": "192.168.0.2", "client.packets": 7, @@ -4976,10 +4976,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2012-04-10T02:39:22.000-02:00", + "event.end": "2012-04-10T04:39:22.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:21.000-02:00", + "event.start": "2012-04-10T04:39:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5030,7 +5030,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:52.000-02:00", + "@timestamp": "2012-04-10T04:39:52.000-02:00", "client.bytes": 88, "client.ip": "192.168.0.2", "client.packets": 1, @@ -5053,10 +5053,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:22.000-02:00", + "event.end": "2012-04-10T04:39:22.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:22.000-02:00", + "event.start": "2012-04-10T04:39:22.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5107,7 +5107,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:51.000-02:00", + "@timestamp": "2012-04-10T04:39:51.000-02:00", "client.bytes": 76, "client.ip": "192.168.0.2", "client.packets": 0, @@ -5130,10 +5130,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:51.000-02:00", + "event.end": "2012-04-10T04:39:51.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:51.000-02:00", + "event.start": "2012-04-10T04:39:51.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5184,7 +5184,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:51.000-02:00", + "@timestamp": "2012-04-10T04:39:51.000-02:00", "client.bytes": 76, "client.ip": "192.168.0.2", "client.packets": 0, @@ -5207,10 +5207,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:51.000-02:00", + "event.end": "2012-04-10T04:39:51.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:51.000-02:00", + "event.start": "2012-04-10T04:39:51.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5261,7 +5261,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:51.000-02:00", + "@timestamp": "2012-04-10T04:39:51.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -5287,10 +5287,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:51.000-02:00", + "event.end": "2012-04-10T04:39:51.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:51.000-02:00", + "event.start": "2012-04-10T04:39:51.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5341,7 +5341,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:51.000-02:00", + "@timestamp": "2012-04-10T04:39:51.000-02:00", "client.bytes": 578, "client.ip": "192.168.0.2", "client.packets": 7, @@ -5367,10 +5367,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2012-04-10T02:39:21.000-02:00", + "event.end": "2012-04-10T04:39:21.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:20.000-02:00", + "event.start": "2012-04-10T04:39:20.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5421,7 +5421,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -5447,10 +5447,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:51.000-02:00", + "event.end": "2012-04-10T04:39:51.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:51.000-02:00", + "event.start": "2012-04-10T04:39:51.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5501,7 +5501,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 77, "client.ip": "192.168.0.2", "client.packets": 0, @@ -5524,10 +5524,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:50.000-02:00", + "event.end": "2012-04-10T04:39:50.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:50.000-02:00", + "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5578,7 +5578,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 77, "client.ip": "192.168.0.2", "client.packets": 0, @@ -5601,10 +5601,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:50.000-02:00", + "event.end": "2012-04-10T04:39:50.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:50.000-02:00", + "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5655,7 +5655,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -5681,10 +5681,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:50.000-02:00", + "event.end": "2012-04-10T04:39:50.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:50.000-02:00", + "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5735,7 +5735,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 1310, "client.ip": "192.168.0.2", "client.packets": 22, @@ -5758,10 +5758,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:20.000-02:00", + "event.end": "2012-04-10T04:39:20.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:20.000-02:00", + "event.start": "2012-04-10T04:39:20.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5812,7 +5812,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 83, "client.ip": "192.168.0.2", "client.packets": 0, @@ -5835,10 +5835,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:50.000-02:00", + "event.end": "2012-04-10T04:39:50.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:50.000-02:00", + "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5889,7 +5889,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 83, "client.ip": "192.168.0.2", "client.packets": 0, @@ -5912,10 +5912,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:50.000-02:00", + "event.end": "2012-04-10T04:39:50.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:50.000-02:00", + "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5966,7 +5966,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -5992,10 +5992,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:50.000-02:00", + "event.end": "2012-04-10T04:39:50.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:50.000-02:00", + "event.start": "2012-04-10T04:39:50.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6046,7 +6046,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 75, "client.ip": "192.168.0.2", "client.packets": 1, @@ -6063,10 +6063,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:20.000-02:00", + "event.end": "2012-04-10T04:39:20.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:20.000-02:00", + "event.start": "2012-04-10T04:39:20.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6117,7 +6117,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 1033, "client.ip": "192.168.0.2", "client.packets": 9, @@ -6143,10 +6143,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 3000000000, - "event.end": "2012-04-10T02:39:20.000-02:00", + "event.end": "2012-04-10T04:39:20.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:17.000-02:00", + "event.start": "2012-04-10T04:39:17.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6197,7 +6197,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 981, "client.ip": "192.168.0.2", "client.packets": 10, @@ -6223,10 +6223,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 7000000000, - "event.end": "2012-04-10T02:39:20.000-02:00", + "event.end": "2012-04-10T04:39:20.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:13.000-02:00", + "event.start": "2012-04-10T04:39:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6277,7 +6277,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 77, "client.ip": "192.168.0.2", "client.packets": 1, @@ -6294,10 +6294,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:20.000-02:00", + "event.end": "2012-04-10T04:39:20.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:20.000-02:00", + "event.start": "2012-04-10T04:39:20.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6348,7 +6348,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:50.000-02:00", + "@timestamp": "2012-04-10T04:39:50.000-02:00", "client.bytes": 77, "client.ip": "192.168.0.2", "client.packets": 1, @@ -6365,10 +6365,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:20.000-02:00", + "event.end": "2012-04-10T04:39:20.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:20.000-02:00", + "event.start": "2012-04-10T04:39:20.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6419,7 +6419,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:49.000-02:00", + "@timestamp": "2012-04-10T04:39:49.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -6445,10 +6445,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:49.000-02:00", + "event.end": "2012-04-10T04:39:49.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:49.000-02:00", + "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6499,7 +6499,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:49.000-02:00", + "@timestamp": "2012-04-10T04:39:49.000-02:00", "client.bytes": 71, "client.ip": "192.168.0.2", "client.packets": 0, @@ -6522,10 +6522,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:49.000-02:00", + "event.end": "2012-04-10T04:39:49.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:49.000-02:00", + "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6576,7 +6576,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:49.000-02:00", + "@timestamp": "2012-04-10T04:39:49.000-02:00", "client.bytes": 71, "client.ip": "192.168.0.2", "client.packets": 0, @@ -6599,10 +6599,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:49.000-02:00", + "event.end": "2012-04-10T04:39:49.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:49.000-02:00", + "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6653,7 +6653,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:49.000-02:00", + "@timestamp": "2012-04-10T04:39:49.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -6679,10 +6679,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:49.000-02:00", + "event.end": "2012-04-10T04:39:49.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:49.000-02:00", + "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6733,7 +6733,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:49.000-02:00", + "@timestamp": "2012-04-10T04:39:49.000-02:00", "client.bytes": 80, "client.ip": "192.168.0.2", "client.packets": 0, @@ -6756,10 +6756,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:49.000-02:00", + "event.end": "2012-04-10T04:39:49.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:49.000-02:00", + "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6810,7 +6810,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:49.000-02:00", + "@timestamp": "2012-04-10T04:39:49.000-02:00", "client.bytes": 176, "client.ip": "192.168.0.2", "client.packets": 0, @@ -6827,10 +6827,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2012-04-10T02:39:19.000-02:00", + "event.end": "2012-04-10T04:39:19.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:18.000-02:00", + "event.start": "2012-04-10T04:39:18.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6881,7 +6881,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:49.000-02:00", + "@timestamp": "2012-04-10T04:39:49.000-02:00", "client.bytes": 80, "client.ip": "192.168.0.2", "client.packets": 0, @@ -6904,10 +6904,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:49.000-02:00", + "event.end": "2012-04-10T04:39:49.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:49.000-02:00", + "event.start": "2012-04-10T04:39:49.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6958,7 +6958,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:48.000-02:00", + "@timestamp": "2012-04-10T04:39:48.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -6984,10 +6984,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:48.000-02:00", + "event.end": "2012-04-10T04:39:48.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:48.000-02:00", + "event.start": "2012-04-10T04:39:48.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7038,7 +7038,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:48.000-02:00", + "@timestamp": "2012-04-10T04:39:48.000-02:00", "client.bytes": 81, "client.ip": "192.168.0.2", "client.packets": 0, @@ -7061,10 +7061,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:48.000-02:00", + "event.end": "2012-04-10T04:39:48.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:48.000-02:00", + "event.start": "2012-04-10T04:39:48.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7115,7 +7115,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:48.000-02:00", + "@timestamp": "2012-04-10T04:39:48.000-02:00", "client.bytes": 81, "client.ip": "192.168.0.2", "client.packets": 0, @@ -7138,10 +7138,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:48.000-02:00", + "event.end": "2012-04-10T04:39:48.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:48.000-02:00", + "event.start": "2012-04-10T04:39:48.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7192,7 +7192,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:48.000-02:00", + "@timestamp": "2012-04-10T04:39:48.000-02:00", "client.bytes": 581, "client.ip": "192.168.0.2", "client.packets": 7, @@ -7218,10 +7218,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2012-04-10T02:39:18.000-02:00", + "event.end": "2012-04-10T04:39:18.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:17.000-02:00", + "event.start": "2012-04-10T04:39:17.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7272,7 +7272,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:48.000-02:00", + "@timestamp": "2012-04-10T04:39:48.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -7298,10 +7298,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:48.000-02:00", + "event.end": "2012-04-10T04:39:48.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:48.000-02:00", + "event.start": "2012-04-10T04:39:48.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7352,7 +7352,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:47.000-02:00", + "@timestamp": "2012-04-10T04:39:47.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -7378,10 +7378,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:48.000-02:00", + "event.end": "2012-04-10T04:39:48.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:48.000-02:00", + "event.start": "2012-04-10T04:39:48.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7432,7 +7432,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:47.000-02:00", + "@timestamp": "2012-04-10T04:39:47.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -7458,10 +7458,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:47.000-02:00", + "event.end": "2012-04-10T04:39:47.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:47.000-02:00", + "event.start": "2012-04-10T04:39:47.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7512,7 +7512,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:47.000-02:00", + "@timestamp": "2012-04-10T04:39:47.000-02:00", "client.bytes": 166, "client.ip": "192.168.0.2", "client.packets": 0, @@ -7529,10 +7529,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2012-04-10T02:39:17.000-02:00", + "event.end": "2012-04-10T04:39:17.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:16.000-02:00", + "event.start": "2012-04-10T04:39:16.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7583,7 +7583,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:47.000-02:00", + "@timestamp": "2012-04-10T04:39:47.000-02:00", "client.bytes": 351, "client.ip": "192.168.0.2", "client.packets": 1, @@ -7609,10 +7609,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:47.000-02:00", + "event.end": "2012-04-10T04:39:47.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:47.000-02:00", + "event.start": "2012-04-10T04:39:47.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7663,7 +7663,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:47.000-02:00", + "@timestamp": "2012-04-10T04:39:47.000-02:00", "client.bytes": 351, "client.ip": "192.168.0.2", "client.packets": 1, @@ -7689,10 +7689,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:47.000-02:00", + "event.end": "2012-04-10T04:39:47.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:47.000-02:00", + "event.start": "2012-04-10T04:39:47.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7743,7 +7743,7 @@ ] }, { - "@timestamp": "2012-04-10T02:39:46.000-02:00", + "@timestamp": "2012-04-10T04:39:46.000-02:00", "client.bytes": 78, "client.ip": "192.168.0.2", "client.packets": 0, @@ -7769,10 +7769,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2012-04-10T02:39:46.000-02:00", + "event.end": "2012-04-10T04:39:46.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2012-04-10T02:39:46.000-02:00", + "event.start": "2012-04-10T04:39:46.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index 8a1d5ee4445b..9cb683823744 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52984, "destination.address": "152.195.55.192", @@ -73,7 +73,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52983, "destination.address": "152.195.55.192", @@ -146,7 +146,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52986, "destination.address": "152.195.55.192", @@ -219,7 +219,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52985, "destination.address": "152.195.55.192", @@ -292,7 +292,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52987, "destination.address": "152.195.55.192", @@ -365,7 +365,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52988, "destination.address": "152.195.55.192", @@ -438,7 +438,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52990, "destination.address": "152.195.55.192", @@ -511,7 +511,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52989, "destination.address": "152.195.55.192", @@ -584,7 +584,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52992, "destination.address": "152.195.55.192", @@ -657,7 +657,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52991, "destination.address": "152.195.55.192", @@ -730,7 +730,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52994, "destination.address": "152.195.55.192", @@ -803,7 +803,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52993, "destination.address": "152.195.55.192", @@ -876,7 +876,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52995, "destination.address": "152.195.55.192", @@ -949,7 +949,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52996, "destination.address": "152.195.55.192", @@ -1022,7 +1022,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:36.000-02:00", + "@timestamp": "2018-11-30T16:44:36.000-02:00", "client.ip": "192.168.15.224", "client.port": 52997, "destination.address": "152.195.55.192", @@ -1095,7 +1095,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:37.000-02:00", + "@timestamp": "2018-11-30T16:44:37.000-02:00", "client.ip": "192.168.15.224", "client.port": 52998, "destination.address": "152.195.55.192", @@ -1168,7 +1168,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:37.000-02:00", + "@timestamp": "2018-11-30T16:44:37.000-02:00", "client.ip": "192.168.15.224", "client.port": 52999, "destination.address": "152.195.55.192", @@ -1241,7 +1241,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:37.000-02:00", + "@timestamp": "2018-11-30T16:44:37.000-02:00", "client.ip": "192.168.15.224", "client.port": 53001, "destination.address": "152.195.55.192", @@ -1314,7 +1314,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:37.000-02:00", + "@timestamp": "2018-11-30T16:44:37.000-02:00", "client.ip": "192.168.15.224", "client.port": 53002, "destination.address": "152.195.55.192", @@ -1387,7 +1387,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:38.000-02:00", + "@timestamp": "2018-11-30T16:44:38.000-02:00", "client.ip": "192.168.15.224", "client.port": 53003, "destination.address": "152.195.55.192", @@ -1460,7 +1460,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:38.000-02:00", + "@timestamp": "2018-11-30T16:44:38.000-02:00", "client.ip": "192.168.15.224", "client.port": 53004, "destination.address": "23.72.137.131", @@ -1533,7 +1533,7 @@ "url.original": "b.scorecardresearch.com/" }, { - "@timestamp": "2018-11-30T14:44:38.000-02:00", + "@timestamp": "2018-11-30T16:44:38.000-02:00", "client.ip": "192.168.15.224", "client.port": 53000, "destination.address": "152.195.55.192", @@ -1606,7 +1606,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53006, "destination.address": "152.195.55.192", @@ -1679,7 +1679,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53007, "destination.address": "152.195.55.192", @@ -1752,7 +1752,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53008, "destination.address": "152.195.55.192", @@ -1825,7 +1825,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53010, "destination.address": "152.195.55.192", @@ -1898,7 +1898,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53011, "destination.address": "152.195.55.192", @@ -1971,7 +1971,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53012, "destination.address": "152.195.55.192", @@ -2044,7 +2044,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53013, "destination.address": "152.195.55.192", @@ -2117,7 +2117,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53014, "destination.address": "152.195.55.192", @@ -2190,7 +2190,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53022, "destination.address": "152.195.55.192", @@ -2263,7 +2263,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53023, "destination.address": "152.195.55.192", @@ -2336,7 +2336,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53024, "destination.address": "152.195.55.192", @@ -2409,7 +2409,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53025, "destination.address": "152.195.55.192", @@ -2482,7 +2482,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:46.000-02:00", + "@timestamp": "2018-11-30T16:44:46.000-02:00", "client.ip": "192.168.15.224", "client.port": 53026, "destination.address": "152.195.55.192", @@ -2555,7 +2555,7 @@ "url.original": "consent.cmp.oath.com/" }, { - "@timestamp": "2018-11-30T14:44:53.000-02:00", + "@timestamp": "2018-11-30T16:44:53.000-02:00", "client.ip": "192.168.15.224", "client.port": 53041, "destination.address": "151.101.2.2", @@ -2628,7 +2628,7 @@ "url.original": "cdn.taboola.com/" }, { - "@timestamp": "2018-11-30T14:44:54.000-02:00", + "@timestamp": "2018-11-30T16:44:54.000-02:00", "client.ip": "192.168.15.224", "client.port": 53040, "destination.address": "54.192.7.152", @@ -2704,7 +2704,7 @@ "url.original": "rules.quantcount.com/" }, { - "@timestamp": "2018-11-30T14:44:58.000-02:00", + "@timestamp": "2018-11-30T16:44:58.000-02:00", "client.ip": "192.168.15.224", "client.port": 53093, "destination.address": "52.4.120.175", @@ -2780,7 +2780,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:44:58.000-02:00", + "@timestamp": "2018-11-30T16:44:58.000-02:00", "client.ip": "192.168.15.224", "client.port": 53094, "destination.address": "52.4.120.175", @@ -2856,7 +2856,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:44:58.000-02:00", + "@timestamp": "2018-11-30T16:44:58.000-02:00", "client.ip": "192.168.15.224", "client.port": 53095, "destination.address": "52.4.120.175", @@ -2932,7 +2932,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:44:58.000-02:00", + "@timestamp": "2018-11-30T16:44:58.000-02:00", "client.ip": "192.168.15.224", "client.port": 53096, "destination.address": "52.4.120.175", @@ -3008,7 +3008,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:44:59.000-02:00", + "@timestamp": "2018-11-30T16:44:59.000-02:00", "client.ip": "192.168.15.224", "client.port": 53097, "destination.address": "52.4.120.175", @@ -3084,7 +3084,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:44:59.000-02:00", + "@timestamp": "2018-11-30T16:44:59.000-02:00", "client.ip": "192.168.15.224", "client.port": 53099, "destination.address": "52.4.120.175", @@ -3160,7 +3160,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:44:59.000-02:00", + "@timestamp": "2018-11-30T16:44:59.000-02:00", "client.ip": "192.168.15.224", "client.port": 53100, "destination.address": "52.4.120.175", @@ -3236,7 +3236,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:45:00.000-02:00", + "@timestamp": "2018-11-30T16:45:00.000-02:00", "client.ip": "192.168.15.224", "client.port": 53101, "destination.address": "52.4.120.175", @@ -3312,7 +3312,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:45:00.000-02:00", + "@timestamp": "2018-11-30T16:45:00.000-02:00", "client.ip": "192.168.15.224", "client.port": 53104, "destination.address": "52.4.120.175", @@ -3388,7 +3388,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:45:00.000-02:00", + "@timestamp": "2018-11-30T16:45:00.000-02:00", "client.ip": "192.168.15.224", "client.port": 53107, "destination.address": "52.4.120.175", @@ -3464,7 +3464,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:45:00.000-02:00", + "@timestamp": "2018-11-30T16:45:00.000-02:00", "client.ip": "192.168.15.224", "client.port": 53108, "destination.address": "52.4.120.175", @@ -3540,7 +3540,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:45:00.000-02:00", + "@timestamp": "2018-11-30T16:45:00.000-02:00", "client.ip": "192.168.15.224", "client.port": 53109, "destination.address": "52.4.120.175", @@ -3616,7 +3616,7 @@ "url.original": "srv-2018-11-30-22.config.parsely.com/" }, { - "@timestamp": "2018-11-30T14:45:13.000-02:00", + "@timestamp": "2018-11-30T16:45:13.000-02:00", "client.ip": "192.168.15.224", "client.port": 53118, "destination.address": "216.58.194.98", @@ -3692,7 +3692,7 @@ "url.original": "www.googleadservices.com/" }, { - "@timestamp": "2018-11-30T14:45:15.000-02:00", + "@timestamp": "2018-11-30T16:45:15.000-02:00", "client.ip": "192.168.15.224", "client.port": 53126, "destination.address": "23.72.145.245", @@ -3765,7 +3765,7 @@ "url.original": "service.maxymiser.net/" }, { - "@timestamp": "2018-11-30T14:45:15.000-02:00", + "@timestamp": "2018-11-30T16:45:15.000-02:00", "client.ip": "192.168.15.224", "client.port": 53127, "destination.address": "23.72.145.245", @@ -3838,7 +3838,7 @@ "url.original": "service.maxymiser.net/" }, { - "@timestamp": "2018-11-30T14:45:15.000-02:00", + "@timestamp": "2018-11-30T16:45:15.000-02:00", "client.ip": "192.168.15.224", "client.port": 53128, "destination.address": "23.72.145.245", @@ -3911,7 +3911,7 @@ "url.original": "service.maxymiser.net/" }, { - "@timestamp": "2018-11-30T14:45:15.000-02:00", + "@timestamp": "2018-11-30T16:45:15.000-02:00", "client.ip": "192.168.15.224", "client.port": 53129, "destination.address": "23.72.145.245", @@ -3984,7 +3984,7 @@ "url.original": "service.maxymiser.net/" }, { - "@timestamp": "2018-11-30T14:45:16.000-02:00", + "@timestamp": "2018-11-30T16:45:16.000-02:00", "client.ip": "192.168.15.224", "client.port": 53130, "destination.address": "23.72.145.245", @@ -4057,7 +4057,7 @@ "url.original": "service.maxymiser.net/" }, { - "@timestamp": "2018-11-30T14:45:16.000-02:00", + "@timestamp": "2018-11-30T16:45:16.000-02:00", "client.ip": "192.168.15.224", "client.port": 53131, "destination.address": "23.72.145.245", @@ -4130,7 +4130,7 @@ "url.original": "service.maxymiser.net/" }, { - "@timestamp": "2018-11-30T14:45:16.000-02:00", + "@timestamp": "2018-11-30T16:45:16.000-02:00", "client.ip": "192.168.15.224", "client.port": 53132, "destination.address": "23.72.145.245", @@ -4203,7 +4203,7 @@ "url.original": "service.maxymiser.net/" }, { - "@timestamp": "2018-11-30T14:45:16.000-02:00", + "@timestamp": "2018-11-30T16:45:16.000-02:00", "client.ip": "192.168.15.224", "client.port": 53133, "destination.address": "23.72.145.245", @@ -4276,7 +4276,7 @@ "url.original": "service.maxymiser.net/" }, { - "@timestamp": "2018-11-30T14:45:16.000-02:00", + "@timestamp": "2018-11-30T16:45:16.000-02:00", "client.ip": "192.168.15.224", "client.port": 53134, "destination.address": "23.72.145.245", @@ -4349,7 +4349,7 @@ "url.original": "service.maxymiser.net/" }, { - "@timestamp": "2018-11-30T14:45:16.000-02:00", + "@timestamp": "2018-11-30T16:45:16.000-02:00", "client.ip": "192.168.15.224", "client.port": 53135, "destination.address": "23.72.145.245", @@ -4422,7 +4422,7 @@ "url.original": "service.maxymiser.net/" }, { - "@timestamp": "2018-11-30T14:45:26.000-02:00", + "@timestamp": "2018-11-30T16:45:26.000-02:00", "client.ip": "192.168.15.224", "client.port": 53152, "destination.address": "54.209.101.70", @@ -4498,7 +4498,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:26.000-02:00", + "@timestamp": "2018-11-30T16:45:26.000-02:00", "client.ip": "192.168.15.224", "client.port": 53155, "destination.address": "54.209.101.70", @@ -4574,7 +4574,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:26.000-02:00", + "@timestamp": "2018-11-30T16:45:26.000-02:00", "client.ip": "192.168.15.224", "client.port": 53158, "destination.address": "54.209.101.70", @@ -4650,7 +4650,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:26.000-02:00", + "@timestamp": "2018-11-30T16:45:26.000-02:00", "client.ip": "192.168.15.224", "client.port": 53160, "destination.address": "54.209.101.70", @@ -4726,7 +4726,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:26.000-02:00", + "@timestamp": "2018-11-30T16:45:26.000-02:00", "client.ip": "192.168.15.224", "client.port": 53161, "destination.address": "54.209.101.70", @@ -4802,7 +4802,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:27.000-02:00", + "@timestamp": "2018-11-30T16:45:27.000-02:00", "client.ip": "192.168.15.224", "client.port": 53162, "destination.address": "54.209.101.70", @@ -4878,7 +4878,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:27.000-02:00", + "@timestamp": "2018-11-30T16:45:27.000-02:00", "client.ip": "192.168.15.224", "client.port": 53163, "destination.address": "54.209.101.70", @@ -4954,7 +4954,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:27.000-02:00", + "@timestamp": "2018-11-30T16:45:27.000-02:00", "client.ip": "192.168.15.224", "client.port": 53164, "destination.address": "54.209.101.70", @@ -5030,7 +5030,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:27.000-02:00", + "@timestamp": "2018-11-30T16:45:27.000-02:00", "client.ip": "192.168.15.224", "client.port": 53165, "destination.address": "54.209.101.70", @@ -5106,7 +5106,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:27.000-02:00", + "@timestamp": "2018-11-30T16:45:27.000-02:00", "client.ip": "192.168.15.224", "client.port": 53166, "destination.address": "54.209.101.70", @@ -5182,7 +5182,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:27.000-02:00", + "@timestamp": "2018-11-30T16:45:27.000-02:00", "client.ip": "192.168.15.224", "client.port": 53167, "destination.address": "54.209.101.70", @@ -5258,7 +5258,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:27.000-02:00", + "@timestamp": "2018-11-30T16:45:27.000-02:00", "client.ip": "192.168.15.224", "client.port": 53150, "destination.address": "54.209.101.70", @@ -5334,7 +5334,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:28.000-02:00", + "@timestamp": "2018-11-30T16:45:28.000-02:00", "client.ip": "192.168.15.224", "client.port": 53185, "destination.address": "54.209.101.70", @@ -5410,7 +5410,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:28.000-02:00", + "@timestamp": "2018-11-30T16:45:28.000-02:00", "client.ip": "192.168.15.224", "client.port": 53187, "destination.address": "54.209.101.70", @@ -5486,7 +5486,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:28.000-02:00", + "@timestamp": "2018-11-30T16:45:28.000-02:00", "client.ip": "192.168.15.224", "client.port": 53188, "destination.address": "54.209.101.70", @@ -5562,7 +5562,7 @@ "url.original": "segment-data.zqtk.net/" }, { - "@timestamp": "2018-11-30T14:45:29.000-02:00", + "@timestamp": "2018-11-30T16:45:29.000-02:00", "client.ip": "192.168.15.224", "client.port": 53178, "destination.address": "54.209.101.70", diff --git a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index 81eb531e7273..d0476c2165d5 100644 --- a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -1,6 +1,6 @@ [ { - "@timestamp": "2018-11-30T14:09:07.000-02:00", + "@timestamp": "2018-11-30T16:09:07.000-02:00", "client.bytes": 1758, "client.ip": "192.168.15.207", "client.packets": 20, @@ -22,10 +22,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 586000000000, - "event.end": "2018-11-30T14:08:50.000-02:00", + "event.end": "2018-11-30T16:08:50.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T13:59:04.000-02:00", + "event.start": "2018-11-30T15:59:04.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -80,7 +80,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:09.000-02:00", + "@timestamp": "2018-11-30T16:09:09.000-02:00", "client.bytes": 588, "client.ip": "192.168.15.224", "client.packets": 6, @@ -102,10 +102,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:08:55.000-02:00", + "event.end": "2018-11-30T16:08:55.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:55.000-02:00", + "event.start": "2018-11-30T16:08:55.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -160,7 +160,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:09.000-02:00", + "@timestamp": "2018-11-30T16:09:09.000-02:00", "client.bytes": 539, "client.ip": "192.168.15.207", "client.packets": 5, @@ -182,10 +182,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2018-11-30T14:08:52.000-02:00", + "event.end": "2018-11-30T16:08:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:51.000-02:00", + "event.start": "2018-11-30T16:08:51.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -240,7 +240,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:15.000-02:00", + "@timestamp": "2018-11-30T16:09:15.000-02:00", "client.bytes": 588, "client.ip": "192.168.15.224", "client.packets": 6, @@ -262,10 +262,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:01.000-02:00", + "event.end": "2018-11-30T16:09:01.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:01.000-02:00", + "event.start": "2018-11-30T16:09:01.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -320,7 +320,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:15.000-02:00", + "@timestamp": "2018-11-30T16:09:15.000-02:00", "client.bytes": 2014, "client.ip": "192.168.15.196", "client.packets": 3, @@ -345,10 +345,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:07:13.000-02:00", + "event.end": "2018-11-30T16:07:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:07:13.000-02:00", + "event.start": "2018-11-30T16:07:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -403,7 +403,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:15.000-02:00", + "@timestamp": "2018-11-30T16:09:15.000-02:00", "client.bytes": 20642, "client.ip": "192.168.15.224", "client.packets": 51, @@ -425,10 +425,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 85000000000, - "event.end": "2018-11-30T14:08:58.000-02:00", + "event.end": "2018-11-30T16:08:58.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:07:33.000-02:00", + "event.start": "2018-11-30T16:07:33.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -483,7 +483,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:21.000-02:00", + "@timestamp": "2018-11-30T16:09:21.000-02:00", "client.bytes": 588, "client.ip": "192.168.15.224", "client.packets": 6, @@ -505,10 +505,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:07.000-02:00", + "event.end": "2018-11-30T16:09:07.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:07.000-02:00", + "event.start": "2018-11-30T16:09:07.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -563,7 +563,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:21.000-02:00", + "@timestamp": "2018-11-30T16:09:21.000-02:00", "client.bytes": 3365, "client.ip": "192.168.15.224", "client.packets": 9, @@ -585,10 +585,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 15000000000, - "event.end": "2018-11-30T14:07:19.000-02:00", + "event.end": "2018-11-30T16:07:19.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:07:04.000-02:00", + "event.start": "2018-11-30T16:07:04.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -643,7 +643,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:22.000-02:00", + "@timestamp": "2018-11-30T16:09:22.000-02:00", "client.bytes": 80, "client.ip": "192.168.15.207", "client.packets": 1, @@ -665,10 +665,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:08:50.000-02:00", + "event.end": "2018-11-30T16:08:50.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:50.000-02:00", + "event.start": "2018-11-30T16:08:50.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -723,7 +723,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:23.000-02:00", + "@timestamp": "2018-11-30T16:09:23.000-02:00", "client.bytes": 77, "client.ip": "192.168.15.207", "client.packets": 1, @@ -745,10 +745,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:08:51.000-02:00", + "event.end": "2018-11-30T16:08:51.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:51.000-02:00", + "event.start": "2018-11-30T16:08:51.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -803,7 +803,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:24.000-02:00", + "@timestamp": "2018-11-30T16:09:24.000-02:00", "client.bytes": 4509, "client.ip": "192.168.15.207", "client.packets": 16, @@ -825,10 +825,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 593000000000, - "event.end": "2018-11-30T14:08:52.000-02:00", + "event.end": "2018-11-30T16:08:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T13:58:59.000-02:00", + "event.start": "2018-11-30T15:58:59.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -883,7 +883,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:24.000-02:00", + "@timestamp": "2018-11-30T16:09:24.000-02:00", "client.bytes": 73, "client.ip": "192.168.15.207", "client.packets": 1, @@ -905,10 +905,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:08:52.000-02:00", + "event.end": "2018-11-30T16:08:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:52.000-02:00", + "event.start": "2018-11-30T16:08:52.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -963,7 +963,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:24.000-02:00", + "@timestamp": "2018-11-30T16:09:24.000-02:00", "client.bytes": 69, "client.ip": "192.168.15.207", "client.packets": 1, @@ -985,10 +985,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:08:52.000-02:00", + "event.end": "2018-11-30T16:08:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:52.000-02:00", + "event.start": "2018-11-30T16:08:52.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1043,7 +1043,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:24.000-02:00", + "@timestamp": "2018-11-30T16:09:24.000-02:00", "client.bytes": 85, "client.ip": "192.168.15.207", "client.packets": 1, @@ -1065,10 +1065,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:08:52.000-02:00", + "event.end": "2018-11-30T16:08:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:52.000-02:00", + "event.start": "2018-11-30T16:08:52.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1123,7 +1123,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:24.000-02:00", + "@timestamp": "2018-11-30T16:09:24.000-02:00", "client.bytes": 75, "client.ip": "192.168.15.207", "client.packets": 1, @@ -1145,10 +1145,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:08:52.000-02:00", + "event.end": "2018-11-30T16:08:52.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:52.000-02:00", + "event.start": "2018-11-30T16:08:52.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1203,7 +1203,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:27.000-02:00", + "@timestamp": "2018-11-30T16:09:27.000-02:00", "client.bytes": 588, "client.ip": "192.168.15.224", "client.packets": 6, @@ -1225,10 +1225,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1283,7 +1283,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:27.000-02:00", + "@timestamp": "2018-11-30T16:09:27.000-02:00", "client.bytes": 97, "client.ip": "192.168.15.224", "client.packets": 1, @@ -1305,10 +1305,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2018-11-30T14:08:55.000-02:00", + "event.end": "2018-11-30T16:08:55.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:54.000-02:00", + "event.start": "2018-11-30T16:08:54.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1363,7 +1363,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:28.000-02:00", + "@timestamp": "2018-11-30T16:09:28.000-02:00", "client.bytes": 2086, "client.ip": "192.168.15.224", "client.packets": 13, @@ -1385,10 +1385,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 17000000000, - "event.end": "2018-11-30T14:09:11.000-02:00", + "event.end": "2018-11-30T16:09:11.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:54.000-02:00", + "event.start": "2018-11-30T16:08:54.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1443,7 +1443,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:28.000-02:00", + "@timestamp": "2018-11-30T16:09:28.000-02:00", "client.bytes": 2354, "client.ip": "192.168.15.224", "client.packets": 11, @@ -1465,10 +1465,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 17000000000, - "event.end": "2018-11-30T14:09:11.000-02:00", + "event.end": "2018-11-30T16:09:11.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:54.000-02:00", + "event.start": "2018-11-30T16:08:54.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1523,7 +1523,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:29.000-02:00", + "@timestamp": "2018-11-30T16:09:29.000-02:00", "client.bytes": 196, "client.ip": "192.168.15.196", "client.packets": 2, @@ -1545,10 +1545,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:15.000-02:00", + "event.end": "2018-11-30T16:09:15.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:15.000-02:00", + "event.start": "2018-11-30T16:09:15.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1603,7 +1603,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:29.000-02:00", + "@timestamp": "2018-11-30T16:09:29.000-02:00", "client.bytes": 2545, "client.ip": "192.168.15.224", "client.packets": 17, @@ -1625,10 +1625,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 116000000000, - "event.end": "2018-11-30T14:09:12.000-02:00", + "event.end": "2018-11-30T16:09:12.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:07:16.000-02:00", + "event.start": "2018-11-30T16:07:16.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1683,7 +1683,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:29.000-02:00", + "@timestamp": "2018-11-30T16:09:29.000-02:00", "client.bytes": 82, "client.ip": "192.168.15.207", "client.packets": 1, @@ -1705,10 +1705,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:08:57.000-02:00", + "event.end": "2018-11-30T16:08:57.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:08:57.000-02:00", + "event.start": "2018-11-30T16:08:57.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1763,7 +1763,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:30.000-02:00", + "@timestamp": "2018-11-30T16:09:30.000-02:00", "client.bytes": 1758, "client.ip": "192.168.15.224", "client.packets": 12, @@ -1788,10 +1788,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1846,7 +1846,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:32.000-02:00", + "@timestamp": "2018-11-30T16:09:32.000-02:00", "client.bytes": 624, "client.ip": "192.168.15.224", "client.packets": 0, @@ -1869,10 +1869,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 13000000000, - "event.end": "2018-11-30T14:09:25.000-02:00", + "event.end": "2018-11-30T16:09:25.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:12.000-02:00", + "event.start": "2018-11-30T16:09:12.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -1927,7 +1927,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:33.000-02:00", + "@timestamp": "2018-11-30T16:09:33.000-02:00", "client.bytes": 588, "client.ip": "192.168.15.224", "client.packets": 6, @@ -1949,10 +1949,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:19.000-02:00", + "event.end": "2018-11-30T16:09:19.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:19.000-02:00", + "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2007,7 +2007,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:34.000-02:00", + "@timestamp": "2018-11-30T16:09:34.000-02:00", "client.bytes": 85, "client.ip": "192.168.15.210", "client.packets": 1, @@ -2028,10 +2028,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:02.000-02:00", + "event.end": "2018-11-30T16:09:02.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:02.000-02:00", + "event.start": "2018-11-30T16:09:02.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2086,7 +2086,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:37.000-02:00", + "@timestamp": "2018-11-30T16:09:37.000-02:00", "client.bytes": 2876, "client.ip": "192.168.15.224", "client.packets": 6, @@ -2107,10 +2107,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 15000000000, - "event.end": "2018-11-30T14:07:35.000-02:00", + "event.end": "2018-11-30T16:07:35.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:07:20.000-02:00", + "event.start": "2018-11-30T16:07:20.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2165,7 +2165,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:38.000-02:00", + "@timestamp": "2018-11-30T16:09:38.000-02:00", "client.bytes": 1100, "client.ip": "192.168.15.224", "client.packets": 5, @@ -2187,10 +2187,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:21.000-02:00", + "event.end": "2018-11-30T16:09:21.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:21.000-02:00", + "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2245,7 +2245,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:38.000-02:00", + "@timestamp": "2018-11-30T16:09:38.000-02:00", "client.bytes": 1977, "client.ip": "192.168.15.224", "client.packets": 4, @@ -2270,10 +2270,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:07:36.000-02:00", + "event.end": "2018-11-30T16:07:36.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:07:36.000-02:00", + "event.start": "2018-11-30T16:07:36.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2328,7 +2328,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:39.000-02:00", + "@timestamp": "2018-11-30T16:09:39.000-02:00", "client.bytes": 588, "client.ip": "192.168.15.224", "client.packets": 6, @@ -2350,10 +2350,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:25.000-02:00", + "event.end": "2018-11-30T16:09:25.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:25.000-02:00", + "event.start": "2018-11-30T16:09:25.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2408,7 +2408,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:39.000-02:00", + "@timestamp": "2018-11-30T16:09:39.000-02:00", "client.bytes": 196, "client.ip": "192.168.15.210", "client.packets": 2, @@ -2430,10 +2430,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:25.000-02:00", + "event.end": "2018-11-30T16:09:25.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:25.000-02:00", + "event.start": "2018-11-30T16:09:25.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2488,7 +2488,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:39.000-02:00", + "@timestamp": "2018-11-30T16:09:39.000-02:00", "client.bytes": 2228, "client.ip": "192.168.15.224", "client.packets": 10, @@ -2510,10 +2510,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:22.000-02:00", + "event.end": "2018-11-30T16:09:22.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:22.000-02:00", + "event.start": "2018-11-30T16:09:22.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2568,7 +2568,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:40.000-02:00", + "@timestamp": "2018-11-30T16:09:40.000-02:00", "client.bytes": 96, "client.ip": "192.168.15.224", "client.packets": 1, @@ -2590,10 +2590,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:08.000-02:00", + "event.end": "2018-11-30T16:09:08.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:08.000-02:00", + "event.start": "2018-11-30T16:09:08.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2648,7 +2648,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:40.000-02:00", + "@timestamp": "2018-11-30T16:09:40.000-02:00", "client.bytes": 78, "client.ip": "192.168.15.224", "client.packets": 0, @@ -2671,10 +2671,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:33.000-02:00", + "event.end": "2018-11-30T16:09:33.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:33.000-02:00", + "event.start": "2018-11-30T16:09:33.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2729,7 +2729,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:42.000-02:00", + "@timestamp": "2018-11-30T16:09:42.000-02:00", "client.bytes": 1086, "client.ip": "192.168.15.224", "client.packets": 9, @@ -2754,10 +2754,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:25.000-02:00", + "event.end": "2018-11-30T16:09:25.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:25.000-02:00", + "event.start": "2018-11-30T16:09:25.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2812,7 +2812,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:42.000-02:00", + "@timestamp": "2018-11-30T16:09:42.000-02:00", "client.bytes": 2628, "client.ip": "192.168.15.224", "client.packets": 19, @@ -2837,10 +2837,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 4000000000, - "event.end": "2018-11-30T14:09:25.000-02:00", + "event.end": "2018-11-30T16:09:25.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:21.000-02:00", + "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2895,7 +2895,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 79, "client.ip": "192.168.15.224", "client.packets": 1, @@ -2917,10 +2917,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:12.000-02:00", + "event.end": "2018-11-30T16:09:12.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:12.000-02:00", + "event.start": "2018-11-30T16:09:12.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -2975,7 +2975,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 95, "client.ip": "192.168.15.224", "client.packets": 1, @@ -2997,10 +2997,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:12.000-02:00", + "event.end": "2018-11-30T16:09:12.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:12.000-02:00", + "event.start": "2018-11-30T16:09:12.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3055,7 +3055,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 4296, "client.ip": "192.168.15.224", "client.packets": 20, @@ -3080,10 +3080,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 8000000000, - "event.end": "2018-11-30T14:09:27.000-02:00", + "event.end": "2018-11-30T16:09:27.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:19.000-02:00", + "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3138,7 +3138,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 58831, "client.ip": "192.168.15.224", "client.packets": 41, @@ -3159,10 +3159,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 8000000000, - "event.end": "2018-11-30T14:09:27.000-02:00", + "event.end": "2018-11-30T16:09:27.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:19.000-02:00", + "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3217,7 +3217,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 4069, "client.ip": "192.168.15.224", "client.packets": 15, @@ -3242,10 +3242,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 6000000000, - "event.end": "2018-11-30T14:09:27.000-02:00", + "event.end": "2018-11-30T16:09:27.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:21.000-02:00", + "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3300,7 +3300,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 1100, "client.ip": "192.168.15.224", "client.packets": 7, @@ -3322,10 +3322,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 13000000000, - "event.end": "2018-11-30T14:09:27.000-02:00", + "event.end": "2018-11-30T16:09:27.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:14.000-02:00", + "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3380,7 +3380,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 3596, "client.ip": "192.168.15.224", "client.packets": 16, @@ -3405,10 +3405,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 8000000000, - "event.end": "2018-11-30T14:09:27.000-02:00", + "event.end": "2018-11-30T16:09:27.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:19.000-02:00", + "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3463,7 +3463,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 3596, "client.ip": "192.168.15.224", "client.packets": 16, @@ -3488,10 +3488,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 8000000000, - "event.end": "2018-11-30T14:09:27.000-02:00", + "event.end": "2018-11-30T16:09:27.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:19.000-02:00", + "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3546,7 +3546,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 84, "client.ip": "192.168.15.224", "client.packets": 1, @@ -3568,10 +3568,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:12.000-02:00", + "event.end": "2018-11-30T16:09:12.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:12.000-02:00", + "event.start": "2018-11-30T16:09:12.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3626,7 +3626,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 74, "client.ip": "192.168.15.224", "client.packets": 1, @@ -3648,10 +3648,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:12.000-02:00", + "event.end": "2018-11-30T16:09:12.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:12.000-02:00", + "event.start": "2018-11-30T16:09:12.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3706,7 +3706,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 2731, "client.ip": "192.168.15.224", "client.packets": 13, @@ -3731,10 +3731,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 6000000000, - "event.end": "2018-11-30T14:09:27.000-02:00", + "event.end": "2018-11-30T16:09:27.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:21.000-02:00", + "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3789,7 +3789,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 1100, "client.ip": "192.168.15.224", "client.packets": 7, @@ -3811,10 +3811,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 13000000000, - "event.end": "2018-11-30T14:09:27.000-02:00", + "event.end": "2018-11-30T16:09:27.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:14.000-02:00", + "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3869,7 +3869,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:45.000-02:00", + "@timestamp": "2018-11-30T16:09:45.000-02:00", "client.bytes": 3596, "client.ip": "192.168.15.224", "client.packets": 16, @@ -3890,10 +3890,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 8000000000, - "event.end": "2018-11-30T14:09:27.000-02:00", + "event.end": "2018-11-30T16:09:27.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:19.000-02:00", + "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -3948,7 +3948,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 588, "client.ip": "192.168.15.224", "client.packets": 6, @@ -3970,10 +3970,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:31.000-02:00", + "event.end": "2018-11-30T16:09:31.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:31.000-02:00", + "event.start": "2018-11-30T16:09:31.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4026,7 +4026,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 84, "client.ip": "192.168.15.224", "client.packets": 1, @@ -4048,10 +4048,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4106,7 +4106,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 131, "client.ip": "192.168.15.224", "client.packets": 1, @@ -4128,10 +4128,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4186,7 +4186,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 131, "client.ip": "192.168.15.224", "client.packets": 1, @@ -4208,10 +4208,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4266,7 +4266,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 83, "client.ip": "192.168.15.224", "client.packets": 1, @@ -4288,10 +4288,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4346,7 +4346,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 100, "client.ip": "192.168.15.224", "client.packets": 1, @@ -4368,10 +4368,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4426,7 +4426,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 79, "client.ip": "192.168.15.224", "client.packets": 1, @@ -4448,10 +4448,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4506,7 +4506,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 89, "client.ip": "192.168.15.196", "client.packets": 1, @@ -4528,10 +4528,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4586,7 +4586,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 97, "client.ip": "192.168.15.224", "client.packets": 1, @@ -4608,10 +4608,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4666,7 +4666,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 78, "client.ip": "192.168.15.224", "client.packets": 1, @@ -4688,10 +4688,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4746,7 +4746,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 73, "client.ip": "192.168.15.224", "client.packets": 1, @@ -4768,10 +4768,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4826,7 +4826,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 90, "client.ip": "192.168.15.224", "client.packets": 1, @@ -4848,10 +4848,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4906,7 +4906,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 77, "client.ip": "192.168.15.224", "client.packets": 1, @@ -4928,10 +4928,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -4986,7 +4986,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:46.000-02:00", + "@timestamp": "2018-11-30T16:09:46.000-02:00", "client.bytes": 74, "client.ip": "192.168.15.224", "client.packets": 1, @@ -5008,10 +5008,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:13.000-02:00", + "event.end": "2018-11-30T16:09:13.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5066,7 +5066,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:47.000-02:00", + "@timestamp": "2018-11-30T16:09:47.000-02:00", "client.bytes": 76, "client.ip": "192.168.15.224", "client.packets": 1, @@ -5091,10 +5091,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:14.000-02:00", + "event.end": "2018-11-30T16:09:14.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:14.000-02:00", + "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5149,7 +5149,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:47.000-02:00", + "@timestamp": "2018-11-30T16:09:47.000-02:00", "client.bytes": 89, "client.ip": "192.168.15.224", "client.packets": 1, @@ -5171,10 +5171,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:14.000-02:00", + "event.end": "2018-11-30T16:09:14.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:14.000-02:00", + "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5229,7 +5229,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:47.000-02:00", + "@timestamp": "2018-11-30T16:09:47.000-02:00", "client.bytes": 71, "client.ip": "192.168.15.224", "client.packets": 1, @@ -5251,10 +5251,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:14.000-02:00", + "event.end": "2018-11-30T16:09:14.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:14.000-02:00", + "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5309,7 +5309,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:47.000-02:00", + "@timestamp": "2018-11-30T16:09:47.000-02:00", "client.bytes": 80, "client.ip": "192.168.15.224", "client.packets": 1, @@ -5331,10 +5331,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:14.000-02:00", + "event.end": "2018-11-30T16:09:14.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:14.000-02:00", + "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5389,7 +5389,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:47.000-02:00", + "@timestamp": "2018-11-30T16:09:47.000-02:00", "client.bytes": 72, "client.ip": "192.168.15.224", "client.packets": 1, @@ -5411,10 +5411,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:14.000-02:00", + "event.end": "2018-11-30T16:09:14.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:14.000-02:00", + "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5469,7 +5469,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:47.000-02:00", + "@timestamp": "2018-11-30T16:09:47.000-02:00", "client.bytes": 76, "client.ip": "192.168.15.224", "client.packets": 1, @@ -5491,10 +5491,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:14.000-02:00", + "event.end": "2018-11-30T16:09:14.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:14.000-02:00", + "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5549,7 +5549,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:47.000-02:00", + "@timestamp": "2018-11-30T16:09:47.000-02:00", "client.bytes": 681, "client.ip": "192.168.15.224", "client.packets": 5, @@ -5571,10 +5571,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:29.000-02:00", + "event.end": "2018-11-30T16:09:29.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:29.000-02:00", + "event.start": "2018-11-30T16:09:29.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5629,7 +5629,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:47.000-02:00", + "@timestamp": "2018-11-30T16:09:47.000-02:00", "client.bytes": 79, "client.ip": "192.168.15.224", "client.packets": 1, @@ -5651,10 +5651,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 1000000000, - "event.end": "2018-11-30T14:09:14.000-02:00", + "event.end": "2018-11-30T16:09:14.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:13.000-02:00", + "event.start": "2018-11-30T16:09:13.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5709,7 +5709,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:47.000-02:00", + "@timestamp": "2018-11-30T16:09:47.000-02:00", "client.bytes": 82, "client.ip": "192.168.15.224", "client.packets": 1, @@ -5731,10 +5731,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:14.000-02:00", + "event.end": "2018-11-30T16:09:14.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:14.000-02:00", + "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5789,7 +5789,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:47.000-02:00", + "@timestamp": "2018-11-30T16:09:47.000-02:00", "client.bytes": 354, "client.ip": "192.168.15.224", "client.packets": 4, @@ -5814,10 +5814,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 12000000000, - "event.end": "2018-11-30T14:09:29.000-02:00", + "event.end": "2018-11-30T16:09:29.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:17.000-02:00", + "event.start": "2018-11-30T16:09:17.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5872,7 +5872,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:47.000-02:00", + "@timestamp": "2018-11-30T16:09:47.000-02:00", "client.bytes": 76, "client.ip": "192.168.15.224", "client.packets": 1, @@ -5894,10 +5894,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:14.000-02:00", + "event.end": "2018-11-30T16:09:14.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:14.000-02:00", + "event.start": "2018-11-30T16:09:14.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -5952,7 +5952,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:48.000-02:00", + "@timestamp": "2018-11-30T16:09:48.000-02:00", "client.bytes": 71, "client.ip": "192.168.15.224", "client.packets": 1, @@ -5974,10 +5974,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:15.000-02:00", + "event.end": "2018-11-30T16:09:15.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:15.000-02:00", + "event.start": "2018-11-30T16:09:15.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6032,7 +6032,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:48.000-02:00", + "@timestamp": "2018-11-30T16:09:48.000-02:00", "client.bytes": 75, "client.ip": "192.168.15.224", "client.packets": 1, @@ -6054,10 +6054,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:15.000-02:00", + "event.end": "2018-11-30T16:09:15.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:15.000-02:00", + "event.start": "2018-11-30T16:09:15.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6112,7 +6112,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:48.000-02:00", + "@timestamp": "2018-11-30T16:09:48.000-02:00", "client.bytes": 90, "client.ip": "192.168.15.195", "client.packets": 1, @@ -6134,10 +6134,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:15.000-02:00", + "event.end": "2018-11-30T16:09:15.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:15.000-02:00", + "event.start": "2018-11-30T16:09:15.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6192,7 +6192,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:49.000-02:00", + "@timestamp": "2018-11-30T16:09:49.000-02:00", "client.bytes": 148, "client.ip": "192.168.15.196", "client.packets": 2, @@ -6214,10 +6214,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:16.000-02:00", + "event.end": "2018-11-30T16:09:16.000-02:00", "event.module": "panw", "event.outcome": "drop-icmp", - "event.start": "2018-11-30T14:09:16.000-02:00", + "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6272,7 +6272,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:49.000-02:00", + "@timestamp": "2018-11-30T16:09:49.000-02:00", "client.bytes": 83, "client.ip": "192.168.15.224", "client.packets": 1, @@ -6294,10 +6294,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:16.000-02:00", + "event.end": "2018-11-30T16:09:16.000-02:00", "event.module": "panw", "event.outcome": "reset-client", - "event.start": "2018-11-30T14:09:16.000-02:00", + "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6352,7 +6352,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:49.000-02:00", + "@timestamp": "2018-11-30T16:09:49.000-02:00", "client.bytes": 84, "client.ip": "192.168.15.224", "client.packets": 1, @@ -6374,10 +6374,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:16.000-02:00", + "event.end": "2018-11-30T16:09:16.000-02:00", "event.module": "panw", "event.outcome": "reset-server", - "event.start": "2018-11-30T14:09:16.000-02:00", + "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6432,7 +6432,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:49.000-02:00", + "@timestamp": "2018-11-30T16:09:49.000-02:00", "client.bytes": 2053, "client.ip": "192.168.15.224", "client.packets": 11, @@ -6456,10 +6456,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 10000000000, - "event.end": "2018-11-30T14:09:31.000-02:00", + "event.end": "2018-11-30T16:09:31.000-02:00", "event.module": "panw", "event.outcome": "reset-both", - "event.start": "2018-11-30T14:09:21.000-02:00", + "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6514,7 +6514,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:49.000-02:00", + "@timestamp": "2018-11-30T16:09:49.000-02:00", "client.bytes": 93, "client.ip": "192.168.15.224", "client.packets": 1, @@ -6536,10 +6536,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:16.000-02:00", + "event.end": "2018-11-30T16:09:16.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:16.000-02:00", + "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6594,7 +6594,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:49.000-02:00", + "@timestamp": "2018-11-30T16:09:49.000-02:00", "client.bytes": 84, "client.ip": "192.168.15.224", "client.packets": 1, @@ -6616,10 +6616,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:16.000-02:00", + "event.end": "2018-11-30T16:09:16.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:16.000-02:00", + "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6674,7 +6674,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:49.000-02:00", + "@timestamp": "2018-11-30T16:09:49.000-02:00", "client.bytes": 64, "client.ip": "192.168.15.224", "client.packets": 1, @@ -6696,10 +6696,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:16.000-02:00", + "event.end": "2018-11-30T16:09:16.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:16.000-02:00", + "event.start": "2018-11-30T16:09:16.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6754,7 +6754,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:50.000-02:00", + "@timestamp": "2018-11-30T16:09:50.000-02:00", "client.bytes": 1100, "client.ip": "192.168.15.224", "client.packets": 7, @@ -6779,10 +6779,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 11000000000, - "event.end": "2018-11-30T14:09:32.000-02:00", + "event.end": "2018-11-30T16:09:32.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:21.000-02:00", + "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6837,7 +6837,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:50.000-02:00", + "@timestamp": "2018-11-30T16:09:50.000-02:00", "client.bytes": 1100, "client.ip": "192.168.15.224", "client.packets": 7, @@ -6862,10 +6862,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 11000000000, - "event.end": "2018-11-30T14:09:32.000-02:00", + "event.end": "2018-11-30T16:09:32.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:21.000-02:00", + "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -6920,7 +6920,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:50.000-02:00", + "@timestamp": "2018-11-30T16:09:50.000-02:00", "client.bytes": 1100, "client.ip": "192.168.15.224", "client.packets": 7, @@ -6945,10 +6945,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 11000000000, - "event.end": "2018-11-30T14:09:32.000-02:00", + "event.end": "2018-11-30T16:09:32.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:21.000-02:00", + "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7003,7 +7003,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:50.000-02:00", + "@timestamp": "2018-11-30T16:09:50.000-02:00", "client.bytes": 2691, "client.ip": "192.168.15.224", "client.packets": 10, @@ -7025,10 +7025,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 11000000000, - "event.end": "2018-11-30T14:09:32.000-02:00", + "event.end": "2018-11-30T16:09:32.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:21.000-02:00", + "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7083,7 +7083,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:50.000-02:00", + "@timestamp": "2018-11-30T16:09:50.000-02:00", "client.bytes": 1100, "client.ip": "192.168.15.224", "client.packets": 7, @@ -7108,10 +7108,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 11000000000, - "event.end": "2018-11-30T14:09:32.000-02:00", + "event.end": "2018-11-30T16:09:32.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:21.000-02:00", + "event.start": "2018-11-30T16:09:21.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7166,7 +7166,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:50.000-02:00", + "@timestamp": "2018-11-30T16:09:50.000-02:00", "client.bytes": 276, "client.ip": "192.168.15.224", "client.packets": 3, @@ -7191,10 +7191,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 12000000000, - "event.end": "2018-11-30T14:09:32.000-02:00", + "event.end": "2018-11-30T16:09:32.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:20.000-02:00", + "event.start": "2018-11-30T16:09:20.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7249,7 +7249,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:50.000-02:00", + "@timestamp": "2018-11-30T16:09:50.000-02:00", "client.bytes": 276, "client.ip": "192.168.15.224", "client.packets": 3, @@ -7274,10 +7274,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 12000000000, - "event.end": "2018-11-30T14:09:32.000-02:00", + "event.end": "2018-11-30T16:09:32.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:20.000-02:00", + "event.start": "2018-11-30T16:09:20.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7332,7 +7332,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:50.000-02:00", + "@timestamp": "2018-11-30T16:09:50.000-02:00", "client.bytes": 276, "client.ip": "192.168.15.224", "client.packets": 3, @@ -7357,10 +7357,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 12000000000, - "event.end": "2018-11-30T14:09:32.000-02:00", + "event.end": "2018-11-30T16:09:32.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:20.000-02:00", + "event.start": "2018-11-30T16:09:20.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7415,7 +7415,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:50.000-02:00", + "@timestamp": "2018-11-30T16:09:50.000-02:00", "client.bytes": 276, "client.ip": "192.168.15.224", "client.packets": 4, @@ -7440,10 +7440,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 12000000000, - "event.end": "2018-11-30T14:09:32.000-02:00", + "event.end": "2018-11-30T16:09:32.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:20.000-02:00", + "event.start": "2018-11-30T16:09:20.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7498,7 +7498,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:51.000-02:00", + "@timestamp": "2018-11-30T16:09:51.000-02:00", "client.bytes": 97, "client.ip": "192.168.15.224", "client.packets": 1, @@ -7520,10 +7520,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:18.000-02:00", + "event.end": "2018-11-30T16:09:18.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:18.000-02:00", + "event.start": "2018-11-30T16:09:18.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7578,7 +7578,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:52.000-02:00", + "@timestamp": "2018-11-30T16:09:52.000-02:00", "client.bytes": 588, "client.ip": "192.168.15.224", "client.packets": 6, @@ -7600,10 +7600,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:37.000-02:00", + "event.end": "2018-11-30T16:09:37.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:37.000-02:00", + "event.start": "2018-11-30T16:09:37.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7658,7 +7658,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:52.000-02:00", + "@timestamp": "2018-11-30T16:09:52.000-02:00", "client.bytes": 78, "client.ip": "192.168.15.224", "client.packets": 1, @@ -7680,10 +7680,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:19.000-02:00", + "event.end": "2018-11-30T16:09:19.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:19.000-02:00", + "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7738,7 +7738,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:52.000-02:00", + "@timestamp": "2018-11-30T16:09:52.000-02:00", "client.bytes": 72, "client.ip": "192.168.15.224", "client.packets": 1, @@ -7760,10 +7760,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:19.000-02:00", + "event.end": "2018-11-30T16:09:19.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:19.000-02:00", + "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7818,7 +7818,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:52.000-02:00", + "@timestamp": "2018-11-30T16:09:52.000-02:00", "client.bytes": 78, "client.ip": "192.168.15.224", "client.packets": 1, @@ -7840,10 +7840,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:19.000-02:00", + "event.end": "2018-11-30T16:09:19.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:19.000-02:00", + "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7898,7 +7898,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:52.000-02:00", + "@timestamp": "2018-11-30T16:09:52.000-02:00", "client.bytes": 78, "client.ip": "192.168.15.224", "client.packets": 1, @@ -7920,10 +7920,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:19.000-02:00", + "event.end": "2018-11-30T16:09:19.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:19.000-02:00", + "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", @@ -7978,7 +7978,7 @@ ] }, { - "@timestamp": "2018-11-30T14:09:52.000-02:00", + "@timestamp": "2018-11-30T16:09:52.000-02:00", "client.bytes": 72, "client.ip": "192.168.15.224", "client.packets": 1, @@ -8000,10 +8000,10 @@ "event.category": "network_traffic", "event.dataset": "panw.panos", "event.duration": 0, - "event.end": "2018-11-30T14:09:19.000-02:00", + "event.end": "2018-11-30T16:09:19.000-02:00", "event.module": "panw", "event.outcome": "allow", - "event.start": "2018-11-30T14:09:19.000-02:00", + "event.start": "2018-11-30T16:09:19.000-02:00", "event.timezone": "-02:00", "fileset.name": "panos", "input.type": "log", From b19eb8b783ce009d9d069b713d5e471aa9082e38 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Fri, 4 Oct 2019 19:08:32 +0200 Subject: [PATCH 4/5] Add changelog entry --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index a079ec3a7a2b..001cda299f41 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -157,6 +157,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix conditions and error checking of date processors in ingest pipelines that use `event.timezone` to parse dates. {pull}13883[13883] - Fix timezone parsing of logstash module ingest pipelines. {pull}13890[13890] - cisco asa and ftd filesets: Fix parsing of message 106001. {issue}13891[13891] {pull}13903[13903] +- Fix timezone parsing of iptables, mssql and panw module ingest pipelines. {pull}[] *Heartbeat* From a6a8cd0ca6d23fbd43c861d7b9bdb8a3b182bdab Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Fri, 4 Oct 2019 19:16:56 +0200 Subject: [PATCH 5/5] Remove unneedd target fields and fix changelog --- CHANGELOG.next.asciidoc | 2 +- x-pack/filebeat/module/mssql/log/ingest/pipeline.json | 2 -- x-pack/filebeat/module/panw/panos/ingest/pipeline.yml | 2 -- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 001cda299f41..c1a16f69394c 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -157,7 +157,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix conditions and error checking of date processors in ingest pipelines that use `event.timezone` to parse dates. {pull}13883[13883] - Fix timezone parsing of logstash module ingest pipelines. {pull}13890[13890] - cisco asa and ftd filesets: Fix parsing of message 106001. {issue}13891[13891] {pull}13903[13903] -- Fix timezone parsing of iptables, mssql and panw module ingest pipelines. {pull}[] +- Fix timezone parsing of iptables, mssql and panw module ingest pipelines. {pull}13926[13926] *Heartbeat* diff --git a/x-pack/filebeat/module/mssql/log/ingest/pipeline.json b/x-pack/filebeat/module/mssql/log/ingest/pipeline.json index 835331c0eaf3..05ec4030f4a5 100644 --- a/x-pack/filebeat/module/mssql/log/ingest/pipeline.json +++ b/x-pack/filebeat/module/mssql/log/ingest/pipeline.json @@ -14,7 +14,6 @@ "date": { "if": "ctx.event.timezone == null", "field": "date", - "target_field": "@timestamp", "formats": ["yyyy-MM-dd HH:mm:ss.SS"], "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] } @@ -23,7 +22,6 @@ "date": { "if": "ctx.event.timezone != null", "field": "date", - "target_field": "@timestamp", "formats": ["yyyy-MM-dd HH:mm:ss.SS"], "timezone": "{{ event.timezone }}", "on_failure": [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index b9484fd06aed..7f88aed3e766 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -10,14 +10,12 @@ processors: - date: if: "ctx.event.timezone == null" field: "_temp_.generated_time" - target_field: "@timestamp" formats: - "yyyy/MM/dd HH:mm:ss" on_failure: [{"append": {"field": "error.message", "value": "{{ _ingest.on_failure_message }}"}}] - date: if: "ctx.event.timezone != null" field: "_temp_.generated_time" - target_field: "@timestamp" formats: - "yyyy/MM/dd HH:mm:ss" timezone: "{{ event.timezone }}"