forked from jerry-frady/STIX
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathaws2.json
More file actions
76 lines (76 loc) · 4.66 KB
/
aws2.json
File metadata and controls
76 lines (76 loc) · 4.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
{
"type": "bundle",
"id": "bundle--abe952aa-b943-4a9d-98d4-c6c073b4e8dc",
"objects": [
{
"type": "identity",
"id": "identity--f165428c-7b6a-4d77-89cc-33e66a10c541",
"name": "QRadar",
"identity_class": "events"
},
{
"id": "observed-data--81afa14f-5463-4251-83ba-4aac261a5ea1",
"type": "observed-data",
"created_by_ref": "identity--f165428c-7b6a-4d77-89cc-33e66a10c541",
"created": "2019-10-20T17:19:32.138Z",
"modified": "2019-10-20T17:19:32.138Z",
"objects": {
"0": {
"type": "ipv4-addr",
"value": "67.229.97.229",
"resolves_to_refs": "2"
},
"1": {
"type": "network-traffic",
"src_ref": "0",
"src_port": 0,
"dst_ref": "3",
"dst_port": 0,
"protocols": [
"reserved"
]
},
"2": {
"type": "mac-addr",
"value": "00:00:00:00:00:00"
},
"3": {
"type": "ipv4-addr",
"value": "192.168.0.8",
"resolves_to_refs": "4"
},
"4": {
"type": "mac-addr",
"value": "00:00:00:00:00:00"
},
"5": {
"type": "user-account",
"user_id": "DanielJones"
},
"9": {
"type": "domain",
"path": "s3.amazonaws.com"
},
"10": {
"type": "artifact",
"payload_bin": "localhost:accountId:911534260404,accessKeyId:ASIA5IO5NAC2OIBXQ4NY,userName:DanielJones,sessionContext:{attributes:{mfaAuthenticated:false,creationDate:2018-09-28T13:40:25Z}},invokedBy:Daniel},eventTime:2018-06-09T21:08:04Z,eventSource:s3.amazonaws.com,eventName:GetObject,awsRegion:us-west-2,sourceIPAddress:67.229.97.229,userAgent:[aws-cli/1.15.57 Python/2.7.14+ Linux/4.15.0-kali2-amd64 botocore/1.10.56],requestParameters:{X-Amz-Date:20180609T210803Z,bucketName:db_backups2032,response-content-disposition:inline,X-Amz-Algorithm:AWS4-HMAC-SHA256,X-Amz-SignedHeaders:host,X-Amz-Expires:300,key:fullDB_dump30102018.dump,responseElements:null,additionalEventData:{x-amz-id-2:aOFvDQjetBtTbrR6zfhmvFJEFS1dOdmSucSEVzd70yIwpLg6pSCalFewtoVchOzcSLKQswDjlAQ=},requestID:4D551A01693DE04D,eventID:73de1499-c6d0-4faa-84b3-f19f607a7a8d,readOnly:true,resources:[{type:AWS::S3::Object,ARN:arn:aws:s3:::mystorage2007/fullDB_dump30102018.dump},{accountId:911534260404,type:AWS::S3::Bucket,ARN:arn:aws:s3:::db_backups2032}],eventType:AwsApiCall,recipientAccountId:911534260404"
}
},
"x_com_ibm_ariel": {
"devicetype": 18,
"qid_name": "Object Downloaded",
"qid": 67500346,
"category_name": "AWS CloudTrail Message",
"category_id": 7036,
"log_source_id": 63,
"log_source_name": "AWS CloudTrail",
"identity_ip": "0.0.0.0",
"utf8_payload": "localhost:accountId:911534260404,accessKeyId:ASIA5IO5NAC2OIBXQ4NY,userName:DanielJones,sessionContext:{attributes:{mfaAuthenticated:false,creationDate:2018-09-28T13:40:25Z}},invokedBy:Daniel},eventTime:2018-06-09T21:08:04Z,eventSource:s3.amazonaws.com,eventName:GetObject,awsRegion:us-west-2,sourceIPAddress:67.229.97.229,userAgent:[aws-cli/1.15.57 Python/2.7.14+ Linux/4.15.0-kali2-amd64 botocore/1.10.56],requestParameters:{X-Amz-Date:20180609T210803Z,bucketName:db_backups2032,response-content-disposition:inline,X-Amz-Algorithm:AWS4-HMAC-SHA256,X-Amz-SignedHeaders:host,X-Amz-Expires:300,key:fullDB_dump30102018.dump,responseElements:null,additionalEventData:{x-amz-id-2:aOFvDQjetBtTbrR6zfhmvFJEFS1dOdmSucSEVzd70yIwpLg6pSCalFewtoVchOzcSLKQswDjlAQ=},requestID:4D551A01693DE04D,eventID:73de1499-c6d0-4faa-84b3-f19f607a7a8d,readOnly:true,resources:[{type:AWS::S3::Object,ARN:arn:aws:s3:::mystorage2007/fullDB_dump30102018.dump},{accountId:911534260404,type:AWS::S3::Bucket,ARN:arn:aws:s3:::db_backups2032}],eventType:AwsApiCall,recipientAccountId:911534260404",
"magnitude": 5
},
"first_observed": "2019-10-20T16:42:58.140Z",
"last_observed": "2019-10-20T16:42:58.140Z",
"number_observed": 1
}
]
}