diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index ce804b5b212..708266ecf00 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -274,6 +274,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add module for ingesting IBM MQ logs. {pull}8782[8782] - Add S3 input to retrieve logs from AWS S3 buckets. {pull}12640[12640] {issue}12582[12582] - Add aws module s3access metricset. {pull}13170[13170] {issue}12880[12880] +- Update PAN-OS fileset to use the ECS NAT fields. {issue}13320[13320] {pull}13330[13330] *Heartbeat* diff --git a/x-pack/filebeat/module/panw/panos/config/input.yml b/x-pack/filebeat/module/panw/panos/config/input.yml index 5ff8f7216fa..f4991e40280 100644 --- a/x-pack/filebeat/module/panw/panos/config/input.yml +++ b/x-pack/filebeat/module/panw/panos/config/input.yml @@ -49,8 +49,8 @@ processors: server.ip: 8 destination.ip: 8 destination.address: 8 - panw.panos.source.nat.ip: 9 - panw.panos.destination.nat.ip: 10 + source.nat.ip: 9 + destination.nat.ip: 10 panw.panos.ruleset: 11 client.user.name: 12 source.user.name: 12 @@ -66,8 +66,8 @@ processors: source.port: 24 destination.port: 25 server.port: 25 - panw.panos.source.nat.port: 26 - panw.panos.destination.nat.port: 27 + source.nat.port: 26 + destination.nat.port: 27 _temp_.labels: 28 network.transport: 29 event.outcome: 30 @@ -102,8 +102,8 @@ processors: server.ip: 8 destination.ip: 8 destination.address: 8 - panw.panos.source.nat.ip: 9 - panw.panos.destination.nat.ip: 10 + source.nat.ip: 9 + destination.nat.ip: 10 panw.panos.ruleset: 11 client.user.name: 12 source.user.name: 12 @@ -119,8 +119,8 @@ processors: source.port: 24 destination.port: 25 server.port: 25 - panw.panos.source.nat.port: 26 - panw.panos.destination.nat.port: 27 + source.nat.port: 26 + destination.nat.port: 27 _temp_.labels: 28 network.transport: 29 event.outcome: 30 @@ -152,7 +152,17 @@ processors: - community_id: target: panw.panos.network.nat.community_id fields: - source_ip: panw.panos.source.nat.ip - source_port: panw.panos.source.nat.port - destination_ip: panw.panos.destination.nat.ip - destination_port: panw.panos.destination.nat.port + source_ip: source.nat.ip + source_port: source.nat.port + destination_ip: destination.nat.ip + destination_port: destination.nat.port + + # Copy NAT data from ECS fields to the original non-ECS fields to retain + # backward compatibility. This should be removed for 8.0. + - convert: + ignore_missing: true + fields: + - {from: source.nat.ip, to: panw.panos.source.nat.ip, type: ip} + - {from: destination.nat.ip, to: panw.panos.destination.nat.ip, type: ip} + - {from: source.nat.port, to: panw.panos.source.nat.port, type: long} + - {from: destination.nat.port, to: panw.panos.destination.nat.port, type: long} diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index 0be6f2299df..17ae7788db0 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -67,8 +67,8 @@ processors: - convert: { type: long, ignore_missing: true, field: event.duration } - convert: { type: long, ignore_missing: true, field: _temp_.labels } - convert: { type: long, ignore_missing: true, field: panw.panos.sequence_number } - - convert: { type: long, ignore_missing: true, field: panw.panos.source.nat.port } - - convert: { type: long, ignore_missing: true, field: panw.panos.destination.nat.port } + - convert: { type: long, ignore_missing: true, field: source.nat.port } + - convert: { type: long, ignore_missing: true, field: destination.nat.port } # Remove PCAP ID when zero (no packet capture). - remove: @@ -298,15 +298,15 @@ processors: value: - '{{destination.ip}}' - append: - if: 'ctx?.panw?.panos?.source?.nat?.ip != null' + if: 'ctx?.source?.nat?.ip != null' field: related.ip value: - - '{{panw.panos.source.nat.ip}}' + - '{{source.nat.ip}}' - append: - if: 'ctx?.panw?.panos?.destination?.nat?.ip != null' + if: 'ctx?.destination?.nat?.ip != null' field: related.ip value: - - '{{panw.panos.destination.nat.ip}}' + - '{{destination.nat.ip}}' # Geolocation for source. - geoip: diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index be454c71317..55ded203c41 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -18,6 +18,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -68,6 +70,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59309, "source.user.name": "crusher", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index 58cebb1e705..cc5bcd53772 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -15,6 +15,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -61,6 +63,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59309, "source.user.name": "crusher", "tags": [ @@ -84,6 +88,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -130,6 +136,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59313, "source.user.name": "crusher", "tags": [ @@ -153,6 +161,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -199,6 +209,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59314, "source.user.name": "crusher", "tags": [ @@ -222,6 +234,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -268,6 +282,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59315, "source.user.name": "crusher", "tags": [ @@ -291,6 +307,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -337,6 +355,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59316, "source.user.name": "crusher", "tags": [ @@ -360,6 +380,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -406,6 +428,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59317, "source.user.name": "crusher", "tags": [ @@ -429,6 +453,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -475,6 +501,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59302, "source.user.name": "crusher", "tags": [ @@ -498,6 +526,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -544,6 +574,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59301, "source.user.name": "crusher", "tags": [ @@ -567,6 +599,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -613,6 +647,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59303, "source.user.name": "crusher", "tags": [ @@ -636,6 +672,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -682,6 +720,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59304, "source.user.name": "crusher", "tags": [ @@ -705,6 +745,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -751,6 +793,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59297, "source.user.name": "crusher", "tags": [ @@ -774,6 +818,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -820,6 +866,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59299, "source.user.name": "crusher", "tags": [ @@ -843,6 +891,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -889,6 +939,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59298, "source.user.name": "crusher", "tags": [ @@ -912,6 +964,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -957,6 +1011,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59300, "source.user.name": "crusher", "tags": [ @@ -980,6 +1036,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1026,6 +1084,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59295, "source.user.name": "crusher", "tags": [ @@ -1049,6 +1109,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1095,6 +1157,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59291, "source.user.name": "crusher", "tags": [ @@ -1115,6 +1179,8 @@ "destination.geo.location.lat": 51.2993, "destination.geo.location.lon": 9.491, "destination.ip": "78.159.99.224", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1160,6 +1226,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59296, "source.user.name": "crusher", "tags": [ @@ -1183,6 +1251,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1229,6 +1299,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59280, "source.user.name": "crusher", "tags": [ @@ -1252,6 +1324,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1298,6 +1372,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59281, "source.user.name": "crusher", "tags": [ @@ -1321,6 +1397,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1367,6 +1445,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59282, "source.user.name": "crusher", "tags": [ @@ -1390,6 +1470,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1436,6 +1518,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59290, "source.user.name": "crusher", "tags": [ @@ -1459,6 +1543,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1505,6 +1591,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59286, "source.user.name": "crusher", "tags": [ @@ -1528,6 +1616,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1574,6 +1664,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59275, "source.user.name": "crusher", "tags": [ @@ -1597,6 +1689,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1643,6 +1737,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59277, "source.user.name": "crusher", "tags": [ @@ -1666,6 +1762,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1712,6 +1810,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59276, "source.user.name": "crusher", "tags": [ @@ -1735,6 +1835,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1781,6 +1883,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59278, "source.user.name": "crusher", "tags": [ @@ -1804,6 +1908,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1850,6 +1956,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59279, "source.user.name": "crusher", "tags": [ @@ -1873,6 +1981,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1919,6 +2029,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59271, "source.user.name": "crusher", "tags": [ @@ -1942,6 +2054,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -1988,6 +2102,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59269, "source.user.name": "crusher", "tags": [ @@ -2011,6 +2127,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2057,6 +2175,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59270, "source.user.name": "crusher", "tags": [ @@ -2080,6 +2200,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2126,6 +2248,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59274, "source.user.name": "crusher", "tags": [ @@ -2149,6 +2273,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2195,6 +2321,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59273, "source.user.name": "crusher", "tags": [ @@ -2218,6 +2346,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2264,6 +2394,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59272, "source.user.name": "crusher", "tags": [ @@ -2284,6 +2416,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "69.43.161.167", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2329,6 +2463,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59261, "source.user.name": "crusher", "tags": [ @@ -2349,6 +2485,8 @@ "destination.geo.location.lat": 37.5112, "destination.geo.location.lon": 126.97409999999999, "destination.ip": "202.31.187.154", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2394,6 +2532,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59248, "source.user.name": "crusher", "tags": [ @@ -2417,6 +2557,8 @@ "destination.geo.region_iso_code": "RU-MOW", "destination.geo.region_name": "Moscow", "destination.ip": "89.111.176.67", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2462,6 +2604,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59251, "source.user.name": "crusher", "tags": [ @@ -2485,6 +2629,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2530,6 +2676,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59244, "source.user.name": "crusher", "tags": [ @@ -2550,6 +2698,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "208.73.210.29", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2595,6 +2745,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59237, "source.user.name": "crusher", "tags": [ @@ -2615,6 +2767,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "208.73.210.29", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2660,6 +2814,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59238, "source.user.name": "crusher", "tags": [ @@ -2683,6 +2839,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2728,6 +2886,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59010, "source.user.name": "crusher", "tags": [ @@ -2748,6 +2908,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "208.73.210.29", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2793,6 +2955,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58969, "source.user.name": "crusher", "tags": [ @@ -2813,6 +2977,8 @@ "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.ip": "89.108.64.156", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2858,6 +3024,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58941, "source.user.name": "crusher", "tags": [ @@ -2878,6 +3046,8 @@ "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.ip": "89.108.64.156", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -2923,6 +3093,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58942, "source.user.name": "crusher", "tags": [ @@ -2937,6 +3109,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 58849, "destination.user.name": "crusher", "event.action": "spyware_detected", @@ -2992,6 +3166,8 @@ "source.geo.region_iso_code": "US-NC", "source.geo.region_name": "North Carolina", "source.ip": "204.232.231.46", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -3014,6 +3190,8 @@ "destination.geo.region_iso_code": "CA-ON", "destination.geo.region_name": "Ontario", "destination.ip": "216.8.179.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -3059,6 +3237,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58856, "source.user.name": "crusher", "tags": [ @@ -3079,6 +3259,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "69.43.161.154", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -3124,6 +3306,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58847, "source.user.name": "crusher", "tags": [ @@ -3144,6 +3328,8 @@ "destination.geo.location.lat": 18.5, "destination.geo.location.lon": -64.5, "destination.ip": "208.91.196.252", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -3189,6 +3375,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58841, "source.user.name": "crusher", "tags": [ @@ -3209,6 +3397,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "208.73.210.29", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -3254,6 +3444,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58795, "source.user.name": "crusher", "tags": [ @@ -3277,6 +3469,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -3322,6 +3516,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58753, "source.user.name": "crusher", "tags": [ @@ -3345,6 +3541,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -3390,6 +3588,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58708, "source.user.name": "crusher", "tags": [ @@ -3413,6 +3613,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -3458,6 +3660,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58707, "source.user.name": "crusher", "tags": [ @@ -3481,6 +3685,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -3526,6 +3732,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58603, "source.user.name": "crusher", "tags": [ @@ -3549,6 +3757,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -3594,6 +3804,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58603, "source.user.name": "crusher", "tags": [ @@ -3608,6 +3820,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 54431, "destination.user.name": "crusher", "event.action": "file_match", @@ -3663,6 +3877,8 @@ "source.geo.region_iso_code": "US-CA", "source.geo.region_name": "California", "source.ip": "173.236.179.57", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -3685,6 +3901,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -3730,6 +3948,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 58603, "source.user.name": "crusher", "tags": [ @@ -3744,6 +3964,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 61220, "destination.user.name": "crusher", "event.action": "file_match", @@ -3791,6 +4013,8 @@ "source.address": "91.209.163.202", "source.geo.country_iso_code": "European Union", "source.ip": "91.209.163.202", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -3804,6 +4028,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 61726, "destination.user.name": "crusher", "event.action": "file_match", @@ -3858,6 +4084,8 @@ "source.geo.region_iso_code": "CN-ZJ", "source.geo.region_name": "Zhejiang", "source.ip": "122.226.169.183", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -3880,6 +4108,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -3925,6 +4155,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 63007, "source.user.name": "crusher", "tags": [ @@ -3939,6 +4171,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 60212, "destination.user.name": "crusher", "event.action": "file_match", @@ -3991,6 +4225,8 @@ "source.geo.location.lat": 52.3824, "source.geo.location.lon": 4.8995, "source.ip": "109.201.131.15", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -4004,6 +4240,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 60392, "destination.user.name": "crusher", "event.action": "file_match", @@ -4051,6 +4289,8 @@ "source.address": "91.209.163.202", "source.geo.country_iso_code": "European Union", "source.ip": "91.209.163.202", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -4070,6 +4310,8 @@ "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.ip": "213.180.199.61", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -4115,6 +4357,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59709, "source.user.name": "crusher", "tags": [ @@ -4135,6 +4379,8 @@ "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.ip": "213.180.199.61", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -4180,6 +4426,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59721, "source.user.name": "crusher", "tags": [ @@ -4200,6 +4448,8 @@ "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.ip": "213.180.199.61", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -4245,6 +4495,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59752, "source.user.name": "crusher", "tags": [ @@ -4259,6 +4511,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 54431, "destination.user.name": "crusher", "event.action": "file_match", @@ -4314,6 +4568,8 @@ "source.geo.region_iso_code": "US-CA", "source.geo.region_name": "California", "source.ip": "173.236.179.57", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -4336,6 +4592,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "url_filtering", "event.category": "security_threat", @@ -4381,6 +4639,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 63183, "source.user.name": "crusher", "tags": [ @@ -4404,6 +4664,8 @@ "destination.geo.region_iso_code": "HK-HCW", "destination.geo.region_name": "Central and Western District", "destination.ip": "207.46.140.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", "event.category": "security_threat", @@ -4449,6 +4711,8 @@ "source.address": "192.168.0.6", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.6", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 1047, "source.user.name": "jordy", "tags": [ @@ -4463,6 +4727,8 @@ "destination.address": "192.168.0.6", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 1039, "destination.user.name": "jordy", "event.action": "data_match", @@ -4518,6 +4784,8 @@ "source.geo.region_iso_code": "US-WA", "source.geo.region_name": "Washington", "source.ip": "65.54.161.34", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -4531,6 +4799,8 @@ "destination.address": "192.168.0.6", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 1064, "destination.user.name": "jordy", "event.action": "data_match", @@ -4586,6 +4856,8 @@ "source.geo.region_iso_code": "US-WA", "source.geo.region_name": "Washington", "source.ip": "65.55.5.231", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -4608,6 +4880,8 @@ "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "65.54.71.11", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", "event.category": "security_threat", @@ -4653,6 +4927,8 @@ "source.address": "192.168.0.6", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.6", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 1048, "source.user.name": "jordy", "tags": [ @@ -4667,6 +4943,8 @@ "destination.address": "192.168.0.6", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 1071, "destination.user.name": "jordy", "event.action": "data_match", @@ -4719,6 +4997,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.239.17", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -4738,6 +5018,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "208.85.40.48", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", "event.category": "security_threat", @@ -4783,6 +5065,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 57502, "source.user.name": "picard", "tags": [ @@ -4797,6 +5081,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 57876, "destination.user.name": "picard", "event.action": "data_match", @@ -4849,6 +5135,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.198", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -4862,6 +5150,8 @@ "destination.address": "192.168.0.6", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 1082, "destination.user.name": "jordy", "event.action": "file_match", @@ -4909,6 +5199,8 @@ "source.address": "188.190.124.75", "source.geo.country_iso_code": "Ukraine", "source.ip": "188.190.124.75", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -4922,6 +5214,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 50986, "destination.user.name": "picard", "event.action": "data_match", @@ -4974,6 +5268,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -4987,6 +5283,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 51716, "destination.user.name": "picard", "event.action": "data_match", @@ -5039,6 +5337,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.239.3", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5052,6 +5352,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 52119, "destination.user.name": "picard", "event.action": "data_match", @@ -5104,6 +5406,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.239.3", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5117,6 +5421,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 52411, "destination.user.name": "picard", "event.action": "data_match", @@ -5169,6 +5475,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5188,6 +5496,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "74.125.239.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", "event.category": "security_threat", @@ -5233,6 +5543,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 52366, "source.user.name": "picard", "tags": [ @@ -5247,6 +5559,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 53026, "destination.user.name": "picard", "event.action": "data_match", @@ -5299,6 +5613,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.193", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5312,6 +5628,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 53809, "destination.user.name": "picard", "event.action": "data_match", @@ -5364,6 +5682,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.239.20", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5377,6 +5697,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 55912, "destination.user.name": "picard", "event.action": "data_match", @@ -5429,6 +5751,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "208.80.154.225", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5442,6 +5766,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 55916, "destination.user.name": "picard", "event.action": "data_match", @@ -5494,6 +5820,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "208.80.154.234", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5507,6 +5835,8 @@ "destination.address": "192.168.0.6", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.6", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 1046, "destination.user.name": "jordy", "event.action": "data_match", @@ -5562,6 +5892,8 @@ "source.geo.region_iso_code": "US-CA", "source.geo.region_name": "California", "source.ip": "65.54.75.25", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5575,6 +5907,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 61734, "destination.user.name": "jordy", "event.action": "data_match", @@ -5627,6 +5961,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.206", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5640,6 +5976,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 62292, "destination.user.name": "jordy", "event.action": "data_match", @@ -5692,6 +6030,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.195", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5705,6 +6045,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 64669, "destination.user.name": "jordy", "event.action": "data_match", @@ -5760,6 +6102,8 @@ "source.geo.region_iso_code": "US-KS", "source.geo.region_name": "Kansas", "source.ip": "207.178.96.34", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5773,6 +6117,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 65265, "destination.user.name": "picard", "event.action": "data_match", @@ -5825,6 +6171,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.195", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5838,6 +6186,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 64979, "destination.user.name": "picard", "event.action": "data_match", @@ -5890,6 +6240,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.239.20", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5903,6 +6255,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 49432, "destination.user.name": "picard", "event.action": "data_match", @@ -5955,6 +6309,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "66.152.109.24", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -5968,6 +6324,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 49722, "destination.user.name": "picard", "event.action": "data_match", @@ -6020,6 +6378,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -6039,6 +6399,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "74.125.224.201", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", "event.category": "security_threat", @@ -6084,6 +6446,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 49681, "source.user.name": "picard", "tags": [ @@ -6098,6 +6462,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 50108, "destination.user.name": "picard", "event.action": "data_match", @@ -6150,6 +6516,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -6163,6 +6531,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 50387, "destination.user.name": "picard", "event.action": "data_match", @@ -6215,6 +6585,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -6234,6 +6606,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "208.85.40.48", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 80, "event.action": "data_match", "event.category": "security_threat", @@ -6279,6 +6653,8 @@ "source.address": "192.168.0.2", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 59781, "source.user.name": "jordy", "tags": [ @@ -6293,6 +6669,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 60005, "destination.user.name": "jordy", "event.action": "data_match", @@ -6345,6 +6723,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.201", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -6358,6 +6738,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 60443, "destination.user.name": "jordy", "event.action": "data_match", @@ -6410,6 +6792,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.201", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -6423,6 +6807,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 60822, "destination.user.name": "jordy", "event.action": "data_match", @@ -6475,6 +6861,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -6488,6 +6876,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 61105, "destination.user.name": "jordy", "event.action": "data_match", @@ -6540,6 +6930,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -6553,6 +6945,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 60782, "destination.user.name": "jordy", "event.action": "data_match", @@ -6605,6 +6999,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.198", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" @@ -6618,6 +7014,8 @@ "destination.address": "192.168.0.2", "destination.geo.country_iso_code": "192.168.0.0-192.168.255.255", "destination.ip": "192.168.0.2", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.port": 61470, "destination.user.name": "jordy", "event.action": "data_match", @@ -6670,6 +7068,8 @@ "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "74.125.224.200", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.port": 80, "tags": [ "pan-os" diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json index 59c3c5ce9b8..6ca823c115e 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -18,6 +18,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -68,6 +70,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59324, "source.user.name": "crusher", @@ -91,6 +95,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -141,6 +147,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 54448, "source.user.name": "crusher", @@ -164,6 +172,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -214,6 +224,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 53121, "source.user.name": "crusher", @@ -240,6 +252,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -290,6 +304,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59323, "source.user.name": "crusher", @@ -316,6 +332,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -366,6 +384,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59322, "source.user.name": "crusher", @@ -389,6 +409,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -439,6 +461,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 55766, "source.user.name": "crusher", @@ -462,6 +486,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -512,6 +538,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 55072, "source.user.name": "crusher", @@ -538,6 +566,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -588,6 +618,8 @@ "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 4, "source.port": 59207, "source.user.name": "crusher", @@ -614,6 +646,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -664,6 +698,8 @@ "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 4, "source.port": 59209, "source.user.name": "crusher", @@ -690,6 +726,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -740,6 +778,8 @@ "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 4, "source.port": 59208, "source.user.name": "crusher", @@ -766,6 +806,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -816,6 +858,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59318, "source.user.name": "crusher", @@ -842,6 +886,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -892,6 +938,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59317, "source.user.name": "crusher", @@ -918,6 +966,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -968,6 +1018,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59316, "source.user.name": "crusher", @@ -994,6 +1046,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -1044,6 +1098,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59315, "source.user.name": "crusher", @@ -1070,6 +1126,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -1120,6 +1178,8 @@ "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 4, "source.port": 59206, "source.user.name": "crusher", @@ -1146,6 +1206,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -1196,6 +1258,8 @@ "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 4, "source.port": 59205, "source.user.name": "crusher", @@ -1222,6 +1286,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 18, "destination.port": 80, "event.action": "flow_terminated", @@ -1272,6 +1338,8 @@ "source.address": "192.168.0.2", "source.bytes": 551, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 3, "source.port": 56858, "source.user.name": "crusher", @@ -1298,6 +1366,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -1348,6 +1418,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59314, "source.user.name": "crusher", @@ -1374,6 +1446,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -1424,6 +1498,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59313, "source.user.name": "crusher", @@ -1447,6 +1523,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -1497,6 +1575,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 52139, "source.user.name": "crusher", @@ -1520,6 +1600,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -1570,6 +1652,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 60592, "source.user.name": "crusher", @@ -1596,6 +1680,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -1646,6 +1732,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59309, "source.user.name": "crusher", @@ -1669,6 +1757,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -1719,6 +1809,8 @@ "source.address": "192.168.0.2", "source.bytes": 98, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 57322, "source.user.name": "crusher", @@ -1745,6 +1837,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -1795,6 +1889,8 @@ "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 4, "source.port": 59204, "source.user.name": "crusher", @@ -1821,6 +1917,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -1871,6 +1969,8 @@ "source.address": "192.168.0.2", "source.bytes": 806, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 4, "source.port": 59203, "source.user.name": "crusher", @@ -1897,6 +1997,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -1947,6 +2049,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59305, "source.user.name": "crusher", @@ -1970,6 +2074,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -2020,6 +2126,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 64005, "source.user.name": "crusher", @@ -2043,6 +2151,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -2093,6 +2203,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 58768, "source.user.name": "crusher", @@ -2116,6 +2228,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "98.149.55.63", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 8, "destination.port": 13069, "event.action": "flow_started", @@ -2166,6 +2280,8 @@ "source.address": "192.168.0.2", "source.bytes": 504, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 8, "source.port": 47752, "source.user.name": "crusher", @@ -2192,6 +2308,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -2242,6 +2360,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59304, "source.user.name": "crusher", @@ -2265,6 +2385,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -2315,6 +2437,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 54533, "source.user.name": "crusher", @@ -2341,6 +2465,8 @@ "destination.geo.region_iso_code": "IT-MI", "destination.geo.region_name": "Milan", "destination.ip": "212.48.10.58", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 10, "destination.port": 80, "event.action": "flow_terminated", @@ -2391,6 +2517,8 @@ "source.address": "192.168.0.2", "source.bytes": 9130, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 10, "source.port": 59201, "source.user.name": "crusher", @@ -2417,6 +2545,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -2467,6 +2597,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59303, "source.user.name": "crusher", @@ -2490,6 +2622,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -2540,6 +2674,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 50876, "source.user.name": "crusher", @@ -2563,6 +2699,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -2613,6 +2751,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 57657, "source.user.name": "crusher", @@ -2639,6 +2779,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -2689,6 +2831,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59302, "source.user.name": "crusher", @@ -2715,6 +2859,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -2765,6 +2911,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59301, "source.user.name": "crusher", @@ -2788,6 +2936,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -2838,6 +2988,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 64844, "source.user.name": "crusher", @@ -2861,6 +3013,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -2911,6 +3065,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 52257, "source.user.name": "crusher", @@ -2933,6 +3089,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -2982,6 +3140,8 @@ "source.address": "192.168.0.100", "source.bytes": 111, "source.ip": "192.168.0.100", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 38796, "tags": [ @@ -3007,6 +3167,8 @@ "destination.geo.region_iso_code": "IT-LT", "destination.geo.region_name": "Provincia di Latina", "destination.ip": "62.211.68.12", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -3057,6 +3219,8 @@ "source.address": "192.168.0.2", "source.bytes": 906, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 7, "source.port": 59200, "source.user.name": "crusher", @@ -3082,6 +3246,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "50.19.102.116", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 10, "destination.port": 443, "event.action": "flow_terminated", @@ -3131,6 +3297,8 @@ "source.address": "192.168.0.100", "source.bytes": 5013, "source.ip": "192.168.0.100", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 7, "source.port": 48412, "tags": [ @@ -3156,6 +3324,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "65.55.223.19", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 40026, "event.action": "flow_terminated", @@ -3206,6 +3376,8 @@ "source.address": "192.168.0.2", "source.bytes": 99, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 47752, "source.user.name": "crusher", @@ -3232,6 +3404,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "65.55.223.24", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 40029, "event.action": "flow_terminated", @@ -3282,6 +3456,8 @@ "source.address": "192.168.0.2", "source.bytes": 902, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 47752, "source.user.name": "crusher", @@ -3304,6 +3480,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -3353,6 +3531,8 @@ "source.address": "192.168.0.100", "source.bytes": 141, "source.ip": "192.168.0.100", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 52189, "tags": [ @@ -3378,6 +3558,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -3428,6 +3610,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59300, "source.user.name": "crusher", @@ -3451,6 +3635,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -3501,6 +3687,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 54414, "source.user.name": "crusher", @@ -3527,6 +3715,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -3577,6 +3767,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59299, "source.user.name": "crusher", @@ -3600,6 +3792,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -3650,6 +3844,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 60399, "source.user.name": "crusher", @@ -3673,6 +3869,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 2, "destination.port": 53, "event.action": "flow_terminated", @@ -3723,6 +3921,8 @@ "source.address": "192.168.0.2", "source.bytes": 316, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 2, "source.port": 59626, "source.user.name": "crusher", @@ -3746,6 +3946,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -3796,6 +3998,8 @@ "source.address": "192.168.0.2", "source.bytes": 121, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 51542, "source.user.name": "crusher", @@ -3819,6 +4023,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -3869,6 +4075,8 @@ "source.address": "192.168.0.2", "source.bytes": 169, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 54182, "source.user.name": "crusher", @@ -3895,6 +4103,8 @@ "destination.geo.region_iso_code": "IT-LT", "destination.geo.region_name": "Provincia di Latina", "destination.ip": "62.211.68.12", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -3945,6 +4155,8 @@ "source.address": "192.168.0.2", "source.bytes": 954, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 7, "source.port": 59199, "source.user.name": "crusher", @@ -3971,6 +4183,8 @@ "destination.geo.region_iso_code": "IT-MI", "destination.geo.region_name": "Milan", "destination.ip": "212.48.10.58", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 12, "destination.port": 80, "event.action": "flow_terminated", @@ -4021,6 +4235,8 @@ "source.address": "192.168.0.2", "source.bytes": 9130, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 10, "source.port": 59198, "source.user.name": "crusher", @@ -4047,6 +4263,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 18, "destination.port": 80, "event.action": "flow_terminated", @@ -4097,6 +4315,8 @@ "source.address": "192.168.0.2", "source.bytes": 555, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 3, "source.port": 56856, "source.user.name": "crusher", @@ -4120,6 +4340,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -4170,6 +4392,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 52489, "source.user.name": "crusher", @@ -4196,6 +4420,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -4246,6 +4472,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59298, "source.user.name": "crusher", @@ -4269,6 +4497,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -4319,6 +4549,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 60185, "source.user.name": "crusher", @@ -4342,6 +4574,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -4392,6 +4626,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 51817, "source.user.name": "crusher", @@ -4418,6 +4654,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "65.55.223.31", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 40043, "event.action": "flow_started", @@ -4468,6 +4706,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 47752, "source.user.name": "crusher", @@ -4494,6 +4734,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -4544,6 +4786,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59297, "source.user.name": "crusher", @@ -4567,6 +4811,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -4617,6 +4863,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 52537, "source.user.name": "crusher", @@ -4640,6 +4888,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -4690,6 +4940,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 53155, "source.user.name": "crusher", @@ -4716,6 +4968,8 @@ "destination.geo.region_iso_code": "IT-LT", "destination.geo.region_name": "Provincia di Latina", "destination.ip": "62.211.68.12", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -4766,6 +5020,8 @@ "source.address": "192.168.0.2", "source.bytes": 906, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 7, "source.port": 59197, "source.user.name": "crusher", @@ -4789,6 +5045,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4839,6 +5097,8 @@ "source.address": "192.168.0.2", "source.bytes": 163, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 56995, "source.user.name": "crusher", @@ -4862,6 +5122,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -4912,6 +5174,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59069, "source.user.name": "crusher", @@ -4935,6 +5199,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -4985,6 +5251,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 55697, "source.user.name": "crusher", @@ -5011,6 +5279,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -5061,6 +5331,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59295, "source.user.name": "crusher", @@ -5087,6 +5359,8 @@ "destination.geo.region_iso_code": "IT-LT", "destination.geo.region_name": "Provincia di Latina", "destination.ip": "62.211.68.12", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -5137,6 +5411,8 @@ "source.address": "192.168.0.2", "source.bytes": 922, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 7, "source.port": 59196, "source.user.name": "crusher", @@ -5163,6 +5439,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -5213,6 +5491,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59291, "source.user.name": "crusher", @@ -5236,6 +5516,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -5286,6 +5568,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 52858, "source.user.name": "crusher", @@ -5309,6 +5593,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -5359,6 +5645,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 61383, "source.user.name": "crusher", @@ -5385,6 +5673,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -5435,6 +5725,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59290, "source.user.name": "crusher", @@ -5458,6 +5750,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.5.1.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 17, "destination.port": 80, "event.action": "flow_terminated", @@ -5508,6 +5802,8 @@ "source.address": "192.168.0.2", "source.bytes": 26786, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 22, "source.port": 59195, "source.user.name": "crusher", @@ -5531,6 +5827,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -5581,6 +5879,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 49812, "source.user.name": "crusher", @@ -5604,6 +5904,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -5654,6 +5956,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 50185, "source.user.name": "crusher", @@ -5680,6 +5984,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -5730,6 +6036,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59286, "source.user.name": "crusher", @@ -5747,6 +6055,8 @@ "destination.address": "192.168.0.1", "destination.bytes": 75, "destination.ip": "192.168.0.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -5797,6 +6107,8 @@ "source.address": "192.168.0.2", "source.bytes": 169, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 52531, "source.user.name": "crusher", @@ -5823,6 +6135,8 @@ "destination.geo.region_iso_code": "IT-MI", "destination.geo.region_name": "Milan", "destination.ip": "212.48.10.58", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 12, "destination.port": 80, "event.action": "flow_terminated", @@ -5873,6 +6187,8 @@ "source.address": "192.168.0.2", "source.bytes": 9064, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 9, "source.port": 59194, "source.user.name": "crusher", @@ -5899,6 +6215,8 @@ "destination.geo.region_iso_code": "IT-MI", "destination.geo.region_name": "Milan", "destination.ip": "212.48.10.58", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 12, "destination.port": 80, "event.action": "flow_terminated", @@ -5949,6 +6267,8 @@ "source.address": "192.168.0.2", "source.bytes": 9124, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 10, "source.port": 59192, "source.user.name": "crusher", @@ -5966,6 +6286,8 @@ "destination.address": "192.168.0.1", "destination.bytes": 77, "destination.ip": "192.168.0.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -6016,6 +6338,8 @@ "source.address": "192.168.0.2", "source.bytes": 137, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 56463, "source.user.name": "crusher", @@ -6033,6 +6357,8 @@ "destination.address": "192.168.0.1", "destination.bytes": 77, "destination.ip": "192.168.0.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -6083,6 +6409,8 @@ "source.address": "192.168.0.2", "source.bytes": 93, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 55849, "source.user.name": "crusher", @@ -6109,6 +6437,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -6159,6 +6489,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59282, "source.user.name": "crusher", @@ -6182,6 +6514,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -6232,6 +6566,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 57846, "source.user.name": "crusher", @@ -6255,6 +6591,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -6305,6 +6643,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 51008, "source.user.name": "crusher", @@ -6331,6 +6671,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -6381,6 +6723,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59281, "source.user.name": "crusher", @@ -6404,6 +6748,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -6454,6 +6800,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 55252, "source.user.name": "crusher", @@ -6471,6 +6819,8 @@ "destination.address": "192.168.0.1", "destination.bytes": 176, "destination.ip": "192.168.0.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 2, "destination.port": 53, "event.action": "flow_terminated", @@ -6521,6 +6871,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 56995, "source.user.name": "crusher", @@ -6544,6 +6896,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -6594,6 +6948,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 60989, "source.user.name": "crusher", @@ -6620,6 +6976,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -6670,6 +7028,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59280, "source.user.name": "crusher", @@ -6693,6 +7053,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -6743,6 +7105,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 53766, "source.user.name": "crusher", @@ -6766,6 +7130,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 53, "event.action": "flow_started", @@ -6816,6 +7182,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 56032, "source.user.name": "crusher", @@ -6842,6 +7210,8 @@ "destination.geo.region_iso_code": "IT-LT", "destination.geo.region_name": "Provincia di Latina", "destination.ip": "62.211.68.12", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -6892,6 +7262,8 @@ "source.address": "192.168.0.2", "source.bytes": 906, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 7, "source.port": 59193, "source.user.name": "crusher", @@ -6918,6 +7290,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -6968,6 +7342,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59279, "source.user.name": "crusher", @@ -6994,6 +7370,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -7044,6 +7422,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59278, "source.user.name": "crusher", @@ -7070,6 +7450,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -7120,6 +7502,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59277, "source.user.name": "crusher", @@ -7137,6 +7521,8 @@ "destination.address": "192.168.0.1", "destination.bytes": 166, "destination.ip": "192.168.0.1", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 2, "destination.port": 53, "event.action": "flow_terminated", @@ -7187,6 +7573,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 60026, "source.user.name": "crusher", @@ -7213,6 +7601,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 3, "destination.port": 80, "event.action": "flow_started", @@ -7263,6 +7653,8 @@ "source.address": "192.168.0.2", "source.bytes": 78, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 59276, "source.user.name": "crusher", @@ -7289,6 +7681,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 3, "destination.port": 80, "event.action": "flow_started", @@ -7339,6 +7733,8 @@ "source.address": "192.168.0.2", "source.bytes": 78, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 1, "source.port": 59275, "source.user.name": "crusher", @@ -7365,6 +7761,8 @@ "destination.geo.region_iso_code": "US-NC", "destination.geo.region_name": "North Carolina", "destination.ip": "204.232.231.46", + "destination.nat.ip": "0.0.0.0", + "destination.nat.port": 0, "destination.packets": 1, "destination.port": 80, "event.action": "flow_started", @@ -7415,6 +7813,8 @@ "source.address": "192.168.0.2", "source.bytes": 0, "source.ip": "192.168.0.2", + "source.nat.ip": "0.0.0.0", + "source.nat.port": 0, "source.packets": 0, "source.port": 59274, "source.user.name": "crusher", diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index 8d65d87baa7..5752731d2fb 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -11,6 +11,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -62,6 +64,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 37679, "source.port": 52984, "tags": [ "pan-os" @@ -80,6 +84,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -131,6 +137,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 28249, "source.port": 52983, "tags": [ "pan-os" @@ -149,6 +157,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -200,6 +210,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 63898, "source.port": 52986, "tags": [ "pan-os" @@ -218,6 +230,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -269,6 +283,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 7515, "source.port": 52985, "tags": [ "pan-os" @@ -287,6 +303,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -338,6 +356,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 3225, "source.port": 52987, "tags": [ "pan-os" @@ -356,6 +376,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -407,6 +429,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 60449, "source.port": 52988, "tags": [ "pan-os" @@ -425,6 +449,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -476,6 +502,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 60559, "source.port": 52990, "tags": [ "pan-os" @@ -494,6 +522,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -545,6 +575,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 47414, "source.port": 52989, "tags": [ "pan-os" @@ -563,6 +595,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -614,6 +648,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 37673, "source.port": 52992, "tags": [ "pan-os" @@ -632,6 +668,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -683,6 +721,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 8232, "source.port": 52991, "tags": [ "pan-os" @@ -701,6 +741,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -752,6 +794,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 32982, "source.port": 52994, "tags": [ "pan-os" @@ -770,6 +814,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -821,6 +867,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 10473, "source.port": 52993, "tags": [ "pan-os" @@ -839,6 +887,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -890,6 +940,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 20446, "source.port": 52995, "tags": [ "pan-os" @@ -908,6 +960,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -959,6 +1013,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 34699, "source.port": 52996, "tags": [ "pan-os" @@ -977,6 +1033,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1028,6 +1086,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22820, "source.port": 52997, "tags": [ "pan-os" @@ -1046,6 +1106,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1097,6 +1159,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 41060, "source.port": 52998, "tags": [ "pan-os" @@ -1115,6 +1179,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1166,6 +1232,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 9058, "source.port": 52999, "tags": [ "pan-os" @@ -1184,6 +1252,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1235,6 +1305,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 54846, "source.port": 53001, "tags": [ "pan-os" @@ -1253,6 +1325,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1304,6 +1378,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 52731, "source.port": 53002, "tags": [ "pan-os" @@ -1322,6 +1398,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1373,6 +1451,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 15165, "source.port": 53003, "tags": [ "pan-os" @@ -1391,6 +1471,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.72.137.131", + "destination.nat.ip": "23.72.137.131", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1442,6 +1524,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 53918, "source.port": 53004, "tags": [ "pan-os" @@ -1460,6 +1544,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1511,6 +1597,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 40792, "source.port": 53000, "tags": [ "pan-os" @@ -1529,6 +1617,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1580,6 +1670,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 54044, "source.port": 53006, "tags": [ "pan-os" @@ -1598,6 +1690,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1649,6 +1743,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 19544, "source.port": 53007, "tags": [ "pan-os" @@ -1667,6 +1763,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1718,6 +1816,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 13462, "source.port": 53008, "tags": [ "pan-os" @@ -1736,6 +1836,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1787,6 +1889,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 44892, "source.port": 53010, "tags": [ "pan-os" @@ -1805,6 +1909,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1856,6 +1962,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 16487, "source.port": 53011, "tags": [ "pan-os" @@ -1874,6 +1982,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1925,6 +2035,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 23952, "source.port": 53012, "tags": [ "pan-os" @@ -1943,6 +2055,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -1994,6 +2108,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 2810, "source.port": 53013, "tags": [ "pan-os" @@ -2012,6 +2128,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2063,6 +2181,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 13272, "source.port": 53014, "tags": [ "pan-os" @@ -2081,6 +2201,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2132,6 +2254,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 8663, "source.port": 53022, "tags": [ "pan-os" @@ -2150,6 +2274,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2201,6 +2327,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 55738, "source.port": 53023, "tags": [ "pan-os" @@ -2219,6 +2347,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2270,6 +2400,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 10650, "source.port": 53024, "tags": [ "pan-os" @@ -2288,6 +2420,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2339,6 +2473,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 44087, "source.port": 53025, "tags": [ "pan-os" @@ -2357,6 +2493,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "152.195.55.192", + "destination.nat.ip": "152.195.55.192", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2408,6 +2546,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 15915, "source.port": 53026, "tags": [ "pan-os" @@ -2426,6 +2566,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "151.101.2.2", + "destination.nat.ip": "151.101.2.2", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2477,6 +2619,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 41165, "source.port": 53041, "tags": [ "pan-os" @@ -2498,6 +2642,8 @@ "destination.geo.region_iso_code": "US-WA", "destination.geo.region_name": "Washington", "destination.ip": "54.192.7.152", + "destination.nat.ip": "54.192.7.152", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2549,6 +2695,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 54133, "source.port": 53040, "tags": [ "pan-os" @@ -2570,6 +2718,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2621,6 +2771,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 8485, "source.port": 53093, "tags": [ "pan-os" @@ -2642,6 +2794,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2693,6 +2847,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 12496, "source.port": 53094, "tags": [ "pan-os" @@ -2714,6 +2870,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2765,6 +2923,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 17029, "source.port": 53095, "tags": [ "pan-os" @@ -2786,6 +2946,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2837,6 +2999,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 23696, "source.port": 53096, "tags": [ "pan-os" @@ -2858,6 +3022,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2909,6 +3075,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 34769, "source.port": 53097, "tags": [ "pan-os" @@ -2930,6 +3098,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -2981,6 +3151,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22486, "source.port": 53099, "tags": [ "pan-os" @@ -3002,6 +3174,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3053,6 +3227,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 12894, "source.port": 53100, "tags": [ "pan-os" @@ -3074,6 +3250,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3125,6 +3303,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 62348, "source.port": 53101, "tags": [ "pan-os" @@ -3146,6 +3326,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3197,6 +3379,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 6224, "source.port": 53104, "tags": [ "pan-os" @@ -3218,6 +3402,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3269,6 +3455,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 44120, "source.port": 53107, "tags": [ "pan-os" @@ -3290,6 +3478,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3341,6 +3531,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 44228, "source.port": 53108, "tags": [ "pan-os" @@ -3362,6 +3554,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.4.120.175", + "destination.nat.ip": "52.4.120.175", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3413,6 +3607,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 31322, "source.port": 53109, "tags": [ "pan-os" @@ -3434,6 +3630,8 @@ "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "216.58.194.98", + "destination.nat.ip": "216.58.194.98", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3485,6 +3683,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 1672, "source.port": 53118, "tags": [ "pan-os" @@ -3503,6 +3703,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3554,6 +3756,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 20801, "source.port": 53126, "tags": [ "pan-os" @@ -3572,6 +3776,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3623,6 +3829,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 24533, "source.port": 53127, "tags": [ "pan-os" @@ -3641,6 +3849,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3692,6 +3902,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 30150, "source.port": 53128, "tags": [ "pan-os" @@ -3710,6 +3922,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3761,6 +3975,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 36305, "source.port": 53129, "tags": [ "pan-os" @@ -3779,6 +3995,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3830,6 +4048,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42682, "source.port": 53130, "tags": [ "pan-os" @@ -3848,6 +4068,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3899,6 +4121,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22530, "source.port": 53131, "tags": [ "pan-os" @@ -3917,6 +4141,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -3968,6 +4194,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 43713, "source.port": 53132, "tags": [ "pan-os" @@ -3986,6 +4214,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4037,6 +4267,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 60608, "source.port": 53133, "tags": [ "pan-os" @@ -4055,6 +4287,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4106,6 +4340,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 9302, "source.port": 53134, "tags": [ "pan-os" @@ -4124,6 +4360,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.72.145.245", + "destination.nat.ip": "23.72.145.245", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4175,6 +4413,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 11634, "source.port": 53135, "tags": [ "pan-os" @@ -4196,6 +4436,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4247,6 +4489,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 30818, "source.port": 53152, "tags": [ "pan-os" @@ -4268,6 +4512,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4319,6 +4565,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 64260, "source.port": 53155, "tags": [ "pan-os" @@ -4340,6 +4588,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4391,6 +4641,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 7071, "source.port": 53158, "tags": [ "pan-os" @@ -4412,6 +4664,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4463,6 +4717,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 4512, "source.port": 53160, "tags": [ "pan-os" @@ -4484,6 +4740,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4535,6 +4793,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 3422, "source.port": 53161, "tags": [ "pan-os" @@ -4556,6 +4816,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4607,6 +4869,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 4651, "source.port": 53162, "tags": [ "pan-os" @@ -4628,6 +4892,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4679,6 +4945,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 19068, "source.port": 53163, "tags": [ "pan-os" @@ -4700,6 +4968,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4751,6 +5021,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 5831, "source.port": 53164, "tags": [ "pan-os" @@ -4772,6 +5044,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4823,6 +5097,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 7084, "source.port": 53165, "tags": [ "pan-os" @@ -4844,6 +5120,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4895,6 +5173,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 18633, "source.port": 53166, "tags": [ "pan-os" @@ -4916,6 +5196,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -4967,6 +5249,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 25557, "source.port": 53167, "tags": [ "pan-os" @@ -4988,6 +5272,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -5039,6 +5325,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 20661, "source.port": 53150, "tags": [ "pan-os" @@ -5060,6 +5348,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -5111,6 +5401,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 65438, "source.port": 53185, "tags": [ "pan-os" @@ -5132,6 +5424,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -5183,6 +5477,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 53101, "source.port": 53187, "tags": [ "pan-os" @@ -5204,6 +5500,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -5255,6 +5553,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 35463, "source.port": 53188, "tags": [ "pan-os" @@ -5276,6 +5576,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.209.101.70", + "destination.nat.ip": "54.209.101.70", + "destination.nat.port": 443, "destination.port": 443, "event.action": "url_filtering", "event.category": "security_threat", @@ -5327,6 +5629,8 @@ "source.address": "192.168.15.224", "source.geo.country_iso_code": "192.168.0.0-192.168.255.255", "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 45769, "source.port": 53178, "tags": [ "pan-os" diff --git a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index 843ecc6b7d6..53366644230 100644 --- a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -14,6 +14,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "184.51.253.152", + "destination.nat.ip": "184.51.253.152", + "destination.nat.port": 443, "destination.packets": 16, "destination.port": 443, "event.action": "flow_terminated", @@ -69,6 +71,8 @@ "source.address": "192.168.15.207", "source.bytes": 5976, "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 16418, "source.packets": 20, "source.port": 55113, "tags": [ @@ -90,6 +94,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", @@ -145,6 +151,8 @@ "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, "source.packets": 6, "source.port": 0, "tags": [ @@ -166,6 +174,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "17.253.3.202", + "destination.nat.ip": "17.253.3.202", + "destination.nat.port": 80, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -221,6 +231,8 @@ "source.address": "192.168.15.207", "source.bytes": 1035, "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 51990, "source.packets": 5, "source.port": 55114, "tags": [ @@ -242,6 +254,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", @@ -297,6 +311,8 @@ "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, "source.packets": 6, "source.port": 0, "tags": [ @@ -321,6 +337,8 @@ "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "216.58.194.99", + "destination.nat.ip": "216.58.194.99", + "destination.nat.port": 443, "destination.packets": 5, "destination.port": 443, "event.action": "flow_terminated", @@ -376,6 +394,8 @@ "source.address": "192.168.15.196", "source.bytes": 1613, "source.ip": "192.168.15.196", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 15252, "source.packets": 3, "source.port": 46774, "tags": [ @@ -397,6 +417,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "209.234.224.22", + "destination.nat.ip": "209.234.224.22", + "destination.nat.port": 443, "destination.packets": 62, "destination.port": 443, "event.action": "flow_terminated", @@ -452,6 +474,8 @@ "source.address": "192.168.15.224", "source.bytes": 21111, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 40763, "source.packets": 51, "source.port": 52408, "tags": [ @@ -473,6 +497,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", @@ -528,6 +554,8 @@ "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, "source.packets": 6, "source.port": 0, "tags": [ @@ -549,6 +577,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "172.217.2.238", + "destination.nat.ip": "172.217.2.238", + "destination.nat.port": 443, "destination.packets": 7, "destination.port": 443, "event.action": "flow_terminated", @@ -604,6 +634,8 @@ "source.address": "192.168.15.224", "source.bytes": 3732, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 52881, "source.packets": 9, "source.port": 59190, "tags": [ @@ -625,6 +657,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -680,6 +714,8 @@ "source.address": "192.168.15.207", "source.bytes": 221, "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 26654, "source.packets": 1, "source.port": 49728, "tags": [ @@ -701,6 +737,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -756,6 +794,8 @@ "source.address": "192.168.15.207", "source.bytes": 221, "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 2486, "source.packets": 1, "source.port": 50500, "tags": [ @@ -777,6 +817,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "17.249.60.78", + "destination.nat.ip": "17.249.60.78", + "destination.nat.port": 443, "destination.packets": 16, "destination.port": 443, "event.action": "flow_terminated", @@ -832,6 +874,8 @@ "source.address": "192.168.15.207", "source.bytes": 5469, "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42021, "source.packets": 16, "source.port": 55112, "tags": [ @@ -853,6 +897,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -908,6 +954,8 @@ "source.address": "192.168.15.207", "source.bytes": 224, "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 24377, "source.packets": 1, "source.port": 57632, "tags": [ @@ -929,6 +977,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -984,6 +1034,8 @@ "source.address": "192.168.15.207", "source.bytes": 117, "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 48792, "source.packets": 1, "source.port": 50271, "tags": [ @@ -1005,6 +1057,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -1060,6 +1114,8 @@ "source.address": "192.168.15.207", "source.bytes": 307, "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 2987, "source.packets": 1, "source.port": 54061, "tags": [ @@ -1081,6 +1137,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -1136,6 +1194,8 @@ "source.address": "192.168.15.207", "source.bytes": 365, "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 6945, "source.packets": 1, "source.port": 52701, "tags": [ @@ -1157,6 +1217,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", @@ -1212,6 +1274,8 @@ "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, "source.packets": 6, "source.port": 0, "tags": [ @@ -1233,6 +1297,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -1288,6 +1354,8 @@ "source.address": "192.168.15.224", "source.bytes": 161, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42208, "source.packets": 1, "source.port": 62503, "tags": [ @@ -1309,6 +1377,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "98.138.49.44", + "destination.nat.ip": "98.138.49.44", + "destination.nat.port": 443, "destination.packets": 14, "destination.port": 443, "event.action": "flow_terminated", @@ -1364,6 +1434,8 @@ "source.address": "192.168.15.224", "source.bytes": 7805, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 14660, "source.packets": 13, "source.port": 52442, "tags": [ @@ -1385,6 +1457,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "72.30.3.43", + "destination.nat.ip": "72.30.3.43", + "destination.nat.port": 443, "destination.packets": 13, "destination.port": 443, "event.action": "flow_terminated", @@ -1440,6 +1514,8 @@ "source.address": "192.168.15.224", "source.bytes": 6106, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 16483, "source.packets": 11, "source.port": 52441, "tags": [ @@ -1461,6 +1537,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, "destination.packets": 2, "destination.port": 0, "event.action": "flow_terminated", @@ -1516,6 +1594,8 @@ "source.address": "192.168.15.196", "source.bytes": 196, "source.ip": "192.168.15.196", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, "source.packets": 2, "source.port": 0, "tags": [ @@ -1537,6 +1617,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "172.217.9.142", + "destination.nat.ip": "172.217.9.142", + "destination.nat.port": 80, "destination.packets": 19, "destination.port": 80, "event.action": "flow_terminated", @@ -1592,6 +1674,8 @@ "source.address": "192.168.15.224", "source.bytes": 3245, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 5570, "source.packets": 17, "source.port": 52355, "tags": [ @@ -1613,6 +1697,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -1668,6 +1754,8 @@ "source.address": "192.168.15.207", "source.bytes": 179, "source.ip": "192.168.15.207", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 24430, "source.packets": 1, "source.port": 50196, "tags": [ @@ -1692,6 +1780,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "54.84.80.198", + "destination.nat.ip": "54.84.80.198", + "destination.nat.port": 443, "destination.packets": 13, "destination.port": 443, "event.action": "flow_started", @@ -1747,6 +1837,8 @@ "source.address": "192.168.15.224", "source.bytes": 4537, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 12122, "source.packets": 12, "source.port": 52454, "tags": [ @@ -1769,6 +1861,8 @@ "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "199.167.55.52", + "destination.nat.ip": "199.167.55.52", + "destination.nat.port": 4282, "destination.packets": 8, "destination.port": 4282, "event.action": "flow_dropped", @@ -1824,6 +1918,8 @@ "source.address": "192.168.15.224", "source.bytes": 0, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 49145, "source.packets": 0, "source.port": 52445, "tags": [ @@ -1845,6 +1941,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 0, "event.action": "flow_denied", @@ -1900,6 +1998,8 @@ "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, "source.packets": 6, "source.port": 0, "tags": [ @@ -1921,6 +2021,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.category": "network_traffic", @@ -1975,6 +2077,8 @@ "source.address": "192.168.15.210", "source.bytes": 130, "source.ip": "192.168.15.210", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 33110, "source.packets": 1, "source.port": 35485, "tags": [ @@ -1996,6 +2100,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "172.217.9.142", + "destination.nat.ip": "172.217.9.142", + "destination.nat.port": 443, "destination.packets": 6, "destination.port": 443, "event.category": "network_traffic", @@ -2050,6 +2156,8 @@ "source.address": "192.168.15.224", "source.bytes": 1991, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 9299, "source.packets": 6, "source.port": 62730, "tags": [ @@ -2071,6 +2179,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "151.101.2.2", + "destination.nat.ip": "151.101.2.2", + "destination.nat.port": 443, "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", @@ -2126,6 +2236,8 @@ "source.address": "192.168.15.224", "source.bytes": 523, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 47194, "source.packets": 5, "source.port": 52506, "tags": [ @@ -2150,6 +2262,8 @@ "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "216.58.194.66", + "destination.nat.ip": "216.58.194.66", + "destination.nat.port": 443, "destination.packets": 5, "destination.port": 443, "event.action": "flow_terminated", @@ -2205,6 +2319,8 @@ "source.address": "192.168.15.224", "source.bytes": 2428, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 62921, "source.packets": 4, "source.port": 60596, "tags": [ @@ -2226,6 +2342,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", @@ -2281,6 +2399,8 @@ "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, "source.packets": 6, "source.port": 0, "tags": [ @@ -2302,6 +2422,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, "destination.packets": 2, "destination.port": 0, "event.action": "flow_terminated", @@ -2357,6 +2479,8 @@ "source.address": "192.168.15.210", "source.bytes": 196, "source.ip": "192.168.15.210", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, "source.packets": 2, "source.port": 0, "tags": [ @@ -2378,6 +2502,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "184.51.253.193", + "destination.nat.ip": "184.51.253.193", + "destination.nat.port": 443, "destination.packets": 12, "destination.port": 443, "event.action": "flow_terminated", @@ -2433,6 +2559,8 @@ "source.address": "192.168.15.224", "source.bytes": 5003, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 41958, "source.packets": 10, "source.port": 52514, "tags": [ @@ -2454,6 +2582,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -2509,6 +2639,8 @@ "source.address": "192.168.15.224", "source.bytes": 171, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 51374, "source.packets": 1, "source.port": 55155, "tags": [ @@ -2531,6 +2663,8 @@ "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "199.167.55.52", + "destination.nat.ip": "199.167.55.52", + "destination.nat.port": 4282, "destination.packets": 1, "destination.port": 4282, "event.action": "flow_terminated", @@ -2586,6 +2720,8 @@ "source.address": "192.168.15.224", "source.bytes": 0, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 25566, "source.packets": 0, "source.port": 52445, "tags": [ @@ -2610,6 +2746,8 @@ "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "199.167.52.219", + "destination.nat.ip": "199.167.52.219", + "destination.nat.port": 17472, "destination.packets": 11, "destination.port": 17472, "event.action": "flow_terminated", @@ -2665,6 +2803,8 @@ "source.address": "192.168.15.224", "source.bytes": 2316, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 63757, "source.packets": 9, "source.port": 52516, "tags": [ @@ -2689,6 +2829,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.71.117.196", + "destination.nat.ip": "52.71.117.196", + "destination.nat.port": 443, "destination.packets": 19, "destination.port": 443, "event.action": "flow_terminated", @@ -2744,6 +2886,8 @@ "source.address": "192.168.15.224", "source.bytes": 13966, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 3803, "source.packets": 19, "source.port": 52511, "tags": [ @@ -2765,6 +2909,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -2820,6 +2966,8 @@ "source.address": "192.168.15.224", "source.bytes": 244, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 34994, "source.packets": 1, "source.port": 3018, "tags": [ @@ -2841,6 +2989,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -2896,6 +3046,8 @@ "source.address": "192.168.15.224", "source.bytes": 205, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 38064, "source.packets": 1, "source.port": 16569, "tags": [ @@ -2920,6 +3072,8 @@ "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "35.186.194.41", + "destination.nat.ip": "35.186.194.41", + "destination.nat.port": 443, "destination.packets": 24, "destination.port": 443, "event.action": "flow_terminated", @@ -2975,6 +3129,8 @@ "source.address": "192.168.15.224", "source.bytes": 2302, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42924, "source.packets": 20, "source.port": 52479, "tags": [ @@ -2995,6 +3151,8 @@ "destination.geo.location.lat": 35.0, "destination.geo.location.lon": 105.0, "destination.ip": "35.201.124.9", + "destination.nat.ip": "35.201.124.9", + "destination.nat.port": 443, "destination.packets": 63, "destination.port": 443, "event.action": "flow_terminated", @@ -3050,6 +3208,8 @@ "source.address": "192.168.15.224", "source.bytes": 6757, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 58977, "source.packets": 41, "source.port": 52478, "tags": [ @@ -3074,6 +3234,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "100.24.131.237", + "destination.nat.ip": "100.24.131.237", + "destination.nat.port": 443, "destination.packets": 17, "destination.port": 443, "event.action": "flow_terminated", @@ -3129,6 +3291,8 @@ "source.address": "192.168.15.224", "source.bytes": 9007, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 64732, "source.packets": 15, "source.port": 52502, "tags": [ @@ -3150,6 +3314,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "184.51.252.247", + "destination.nat.ip": "184.51.252.247", + "destination.nat.port": 443, "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", @@ -3205,6 +3371,8 @@ "source.address": "192.168.15.224", "source.bytes": 661, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 58292, "source.packets": 7, "source.port": 52458, "tags": [ @@ -3229,6 +3397,8 @@ "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "35.190.88.148", + "destination.nat.ip": "35.190.88.148", + "destination.nat.port": 443, "destination.packets": 15, "destination.port": 443, "event.action": "flow_terminated", @@ -3284,6 +3454,8 @@ "source.address": "192.168.15.224", "source.bytes": 11136, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 32209, "source.packets": 16, "source.port": 52484, "tags": [ @@ -3308,6 +3480,8 @@ "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "35.186.243.83", + "destination.nat.ip": "35.186.243.83", + "destination.nat.port": 443, "destination.packets": 15, "destination.port": 443, "event.action": "flow_terminated", @@ -3363,6 +3537,8 @@ "source.address": "192.168.15.224", "source.bytes": 11136, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 38822, "source.packets": 16, "source.port": 52482, "tags": [ @@ -3384,6 +3560,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -3439,6 +3617,8 @@ "source.address": "192.168.15.224", "source.bytes": 182, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 16044, "source.packets": 1, "source.port": 33769, "tags": [ @@ -3460,6 +3640,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -3515,6 +3697,8 @@ "source.address": "192.168.15.224", "source.bytes": 90, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 56614, "source.packets": 1, "source.port": 14106, "tags": [ @@ -3539,6 +3723,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "100.24.165.74", + "destination.nat.ip": "100.24.165.74", + "destination.nat.port": 443, "destination.packets": 17, "destination.port": 443, "event.action": "flow_terminated", @@ -3594,6 +3780,8 @@ "source.address": "192.168.15.224", "source.bytes": 6669, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 53168, "source.packets": 13, "source.port": 52503, "tags": [ @@ -3615,6 +3803,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "184.51.252.247", + "destination.nat.ip": "184.51.252.247", + "destination.nat.port": 443, "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", @@ -3670,6 +3860,8 @@ "source.address": "192.168.15.224", "source.bytes": 661, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 28012, "source.packets": 7, "source.port": 52459, "tags": [ @@ -3690,6 +3882,8 @@ "destination.geo.location.lat": 35.0, "destination.geo.location.lon": 105.0, "destination.ip": "35.201.94.140", + "destination.nat.ip": "35.201.94.140", + "destination.nat.port": 443, "destination.packets": 15, "destination.port": 443, "event.action": "flow_terminated", @@ -3745,6 +3939,8 @@ "source.address": "192.168.15.224", "source.bytes": 11136, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 16050, "source.packets": 16, "source.port": 52483, "tags": [ @@ -3766,6 +3962,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", @@ -3819,6 +4017,8 @@ "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, "source.packets": 6, "source.port": 0, "tags": [ @@ -3840,6 +4040,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -3895,6 +4097,8 @@ "source.address": "192.168.15.224", "source.bytes": 144, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 61722, "source.packets": 1, "source.port": 38663, "tags": [ @@ -3916,6 +4120,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -3971,6 +4177,8 @@ "source.address": "192.168.15.224", "source.bytes": 206, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 14247, "source.packets": 1, "source.port": 50443, "tags": [ @@ -3992,6 +4200,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4047,6 +4257,8 @@ "source.address": "192.168.15.224", "source.bytes": 206, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 33580, "source.packets": 1, "source.port": 54215, "tags": [ @@ -4068,6 +4280,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4123,6 +4337,8 @@ "source.address": "192.168.15.224", "source.bytes": 169, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 13498, "source.packets": 1, "source.port": 35827, "tags": [ @@ -4144,6 +4360,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4199,6 +4417,8 @@ "source.address": "192.168.15.224", "source.bytes": 132, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 20365, "source.packets": 1, "source.port": 60609, "tags": [ @@ -4220,6 +4440,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4275,6 +4497,8 @@ "source.address": "192.168.15.224", "source.bytes": 127, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 61464, "source.packets": 1, "source.port": 3248, "tags": [ @@ -4296,6 +4520,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4351,6 +4577,8 @@ "source.address": "192.168.15.196", "source.bytes": 105, "source.ip": "192.168.15.196", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42877, "source.packets": 1, "source.port": 49284, "tags": [ @@ -4372,6 +4600,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4427,6 +4657,8 @@ "source.address": "192.168.15.224", "source.bytes": 172, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 5918, "source.packets": 1, "source.port": 57732, "tags": [ @@ -4448,6 +4680,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4503,6 +4737,8 @@ "source.address": "192.168.15.224", "source.bytes": 134, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 28944, "source.packets": 1, "source.port": 49195, "tags": [ @@ -4524,6 +4760,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4579,6 +4817,8 @@ "source.address": "192.168.15.224", "source.bytes": 179, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 13415, "source.packets": 1, "source.port": 17266, "tags": [ @@ -4600,6 +4840,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4655,6 +4897,8 @@ "source.address": "192.168.15.224", "source.bytes": 218, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 2489, "source.packets": 1, "source.port": 48631, "tags": [ @@ -4676,6 +4920,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4731,6 +4977,8 @@ "source.address": "192.168.15.224", "source.bytes": 172, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 49328, "source.packets": 1, "source.port": 58540, "tags": [ @@ -4752,6 +5000,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4807,6 +5057,8 @@ "source.address": "192.168.15.224", "source.bytes": 305, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 36036, "source.packets": 1, "source.port": 42678, "tags": [ @@ -4831,6 +5083,8 @@ "destination.geo.region_iso_code": "US-MD", "destination.geo.region_name": "Maryland", "destination.ip": "66.28.0.45", + "destination.nat.ip": "66.28.0.45", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4886,6 +5140,8 @@ "source.address": "192.168.15.224", "source.bytes": 527, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 33744, "source.packets": 1, "source.port": 16576, "tags": [ @@ -4907,6 +5163,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -4962,6 +5220,8 @@ "source.address": "192.168.15.224", "source.bytes": 153, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 45809, "source.packets": 1, "source.port": 39830, "tags": [ @@ -4983,6 +5243,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -5038,6 +5300,8 @@ "source.address": "192.168.15.224", "source.bytes": 169, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 3675, "source.packets": 1, "source.port": 6185, "tags": [ @@ -5059,6 +5323,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -5114,6 +5380,8 @@ "source.address": "192.168.15.224", "source.bytes": 128, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 5787, "source.packets": 1, "source.port": 8781, "tags": [ @@ -5135,6 +5403,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -5190,6 +5460,8 @@ "source.address": "192.168.15.224", "source.bytes": 181, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 12342, "source.packets": 1, "source.port": 16788, "tags": [ @@ -5211,6 +5483,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -5266,6 +5540,8 @@ "source.address": "192.168.15.224", "source.bytes": 121, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 18729, "source.packets": 1, "source.port": 45307, "tags": [ @@ -5287,6 +5563,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "23.52.174.25", + "destination.nat.ip": "23.52.174.25", + "destination.nat.port": 80, "destination.packets": 6, "destination.port": 80, "event.action": "flow_terminated", @@ -5342,6 +5620,8 @@ "source.address": "192.168.15.224", "source.bytes": 1246, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 57858, "source.packets": 5, "source.port": 52520, "tags": [ @@ -5363,6 +5643,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -5418,6 +5700,8 @@ "source.address": "192.168.15.224", "source.bytes": 315, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 2722, "source.packets": 1, "source.port": 8503, "tags": [ @@ -5439,6 +5723,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -5494,6 +5780,8 @@ "source.address": "192.168.15.224", "source.bytes": 130, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 6674, "source.packets": 1, "source.port": 6910, "tags": [ @@ -5518,6 +5806,8 @@ "destination.geo.region_iso_code": "US-WA", "destination.geo.region_name": "Washington", "destination.ip": "54.230.5.228", + "destination.nat.ip": "54.230.5.228", + "destination.nat.port": 443, "destination.packets": 5, "destination.port": 443, "event.action": "flow_terminated", @@ -5573,6 +5863,8 @@ "source.address": "192.168.15.224", "source.bytes": 288, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 37427, "source.packets": 4, "source.port": 52475, "tags": [ @@ -5594,6 +5886,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -5649,6 +5943,8 @@ "source.address": "192.168.15.224", "source.bytes": 149, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22408, "source.packets": 1, "source.port": 14342, "tags": [ @@ -5670,6 +5966,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -5725,6 +6023,8 @@ "source.address": "192.168.15.224", "source.bytes": 202, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 27899, "source.packets": 1, "source.port": 48197, "tags": [ @@ -5746,6 +6046,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -5801,6 +6103,8 @@ "source.address": "192.168.15.224", "source.bytes": 195, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 52939, "source.packets": 1, "source.port": 32296, "tags": [ @@ -5822,6 +6126,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "208.83.246.20", + "destination.nat.ip": "208.83.246.20", + "destination.nat.port": 123, "destination.packets": 1, "destination.port": 123, "event.action": "flow_terminated", @@ -5877,6 +6183,8 @@ "source.address": "192.168.15.195", "source.bytes": 90, "source.ip": "192.168.15.195", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 42907, "source.packets": 1, "source.port": 33870, "tags": [ @@ -5898,6 +6206,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 2, "destination.port": 53, "event.action": "flow_terminated", @@ -5953,6 +6263,8 @@ "source.address": "192.168.15.196", "source.bytes": 192, "source.ip": "192.168.15.196", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 19658, "source.packets": 2, "source.port": 54659, "tags": [ @@ -5974,6 +6286,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -6029,6 +6343,8 @@ "source.address": "192.168.15.224", "source.bytes": 208, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 64352, "source.packets": 1, "source.port": 57446, "tags": [ @@ -6050,6 +6366,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -6105,6 +6423,8 @@ "source.address": "192.168.15.224", "source.bytes": 100, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 60126, "source.packets": 1, "source.port": 22655, "tags": [ @@ -6128,6 +6448,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "35.185.88.112", + "destination.nat.ip": "35.185.88.112", + "destination.nat.port": 443, "destination.packets": 13, "destination.port": 443, "event.action": "flow_terminated", @@ -6183,6 +6505,8 @@ "source.address": "192.168.15.224", "source.bytes": 7237, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 59771, "source.packets": 11, "source.port": 52509, "tags": [ @@ -6204,6 +6528,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -6259,6 +6585,8 @@ "source.address": "192.168.15.224", "source.bytes": 109, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 35748, "source.packets": 1, "source.port": 27192, "tags": [ @@ -6280,6 +6608,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -6335,6 +6665,8 @@ "source.address": "192.168.15.224", "source.bytes": 116, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 63701, "source.packets": 1, "source.port": 30221, "tags": [ @@ -6356,6 +6688,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -6411,6 +6745,8 @@ "source.address": "192.168.15.224", "source.bytes": 96, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 57872, "source.packets": 1, "source.port": 30570, "tags": [ @@ -6435,6 +6771,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "50.19.85.24", + "destination.nat.ip": "50.19.85.24", + "destination.nat.port": 443, "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", @@ -6490,6 +6828,8 @@ "source.address": "192.168.15.224", "source.bytes": 654, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 37581, "source.packets": 7, "source.port": 52497, "tags": [ @@ -6514,6 +6854,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "50.19.85.24", + "destination.nat.ip": "50.19.85.24", + "destination.nat.port": 443, "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", @@ -6569,6 +6911,8 @@ "source.address": "192.168.15.224", "source.bytes": 654, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 19226, "source.packets": 7, "source.port": 52498, "tags": [ @@ -6593,6 +6937,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "50.19.85.24", + "destination.nat.ip": "50.19.85.24", + "destination.nat.port": 443, "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", @@ -6648,6 +6994,8 @@ "source.address": "192.168.15.224", "source.bytes": 654, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 61721, "source.packets": 7, "source.port": 52496, "tags": [ @@ -6669,6 +7017,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.254.150.9", + "destination.nat.ip": "104.254.150.9", + "destination.nat.port": 443, "destination.packets": 12, "destination.port": 443, "event.action": "flow_terminated", @@ -6724,6 +7074,8 @@ "source.address": "192.168.15.224", "source.bytes": 7820, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 10098, "source.packets": 10, "source.port": 52510, "tags": [ @@ -6748,6 +7100,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "50.19.85.24", + "destination.nat.ip": "50.19.85.24", + "destination.nat.port": 443, "destination.packets": 8, "destination.port": 443, "event.action": "flow_terminated", @@ -6803,6 +7157,8 @@ "source.address": "192.168.15.224", "source.bytes": 654, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 4564, "source.packets": 7, "source.port": 52495, "tags": [ @@ -6827,6 +7183,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.0.218.108", + "destination.nat.ip": "52.0.218.108", + "destination.nat.port": 443, "destination.packets": 4, "destination.port": 443, "event.action": "flow_terminated", @@ -6882,6 +7240,8 @@ "source.address": "192.168.15.224", "source.bytes": 214, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 32104, "source.packets": 3, "source.port": 52486, "tags": [ @@ -6906,6 +7266,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "52.6.117.19", + "destination.nat.ip": "52.6.117.19", + "destination.nat.port": 443, "destination.packets": 4, "destination.port": 443, "event.action": "flow_terminated", @@ -6961,6 +7323,8 @@ "source.address": "192.168.15.224", "source.bytes": 214, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 14172, "source.packets": 3, "source.port": 52489, "tags": [ @@ -6985,6 +7349,8 @@ "destination.geo.region_iso_code": "US-VA", "destination.geo.region_name": "Virginia", "destination.ip": "34.238.96.22", + "destination.nat.ip": "34.238.96.22", + "destination.nat.port": 443, "destination.packets": 4, "destination.port": 443, "event.action": "flow_terminated", @@ -7040,6 +7406,8 @@ "source.address": "192.168.15.224", "source.bytes": 214, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 10286, "source.packets": 3, "source.port": 52490, "tags": [ @@ -7064,6 +7432,8 @@ "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "130.211.47.17", + "destination.nat.ip": "130.211.47.17", + "destination.nat.port": 443, "destination.packets": 4, "destination.port": 443, "event.action": "flow_terminated", @@ -7119,6 +7489,8 @@ "source.address": "192.168.15.224", "source.bytes": 280, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 30799, "source.packets": 4, "source.port": 52493, "tags": [ @@ -7140,6 +7512,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -7195,6 +7569,8 @@ "source.address": "192.168.15.224", "source.bytes": 172, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 13490, "source.packets": 1, "source.port": 59320, "tags": [ @@ -7216,6 +7592,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 0, "destination.packets": 6, "destination.port": 0, "event.action": "flow_terminated", @@ -7271,6 +7649,8 @@ "source.address": "192.168.15.224", "source.bytes": 588, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 0, "source.packets": 6, "source.port": 0, "tags": [ @@ -7292,6 +7672,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -7347,6 +7729,8 @@ "source.address": "192.168.15.224", "source.bytes": 94, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 53751, "source.packets": 1, "source.port": 13076, "tags": [ @@ -7368,6 +7752,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -7423,6 +7809,8 @@ "source.address": "192.168.15.224", "source.bytes": 170, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 21643, "source.packets": 1, "source.port": 5511, "tags": [ @@ -7444,6 +7832,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -7499,6 +7889,8 @@ "source.address": "192.168.15.224", "source.bytes": 94, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22446, "source.packets": 1, "source.port": 9799, "tags": [ @@ -7520,6 +7912,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -7575,6 +7969,8 @@ "source.address": "192.168.15.224", "source.bytes": 94, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 22301, "source.packets": 1, "source.port": 39169, "tags": [ @@ -7596,6 +7992,8 @@ "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", + "destination.nat.ip": "8.8.8.8", + "destination.nat.port": 53, "destination.packets": 1, "destination.port": 53, "event.action": "flow_terminated", @@ -7651,6 +8049,8 @@ "source.address": "192.168.15.224", "source.bytes": 166, "source.ip": "192.168.15.224", + "source.nat.ip": "192.168.1.63", + "source.nat.port": 58124, "source.packets": 1, "source.port": 42476, "tags": [