Spaces:
Sleeping
Sleeping
| { | |
| "scenario_1_triage": [ | |
| { | |
| "timestamp": "2026-03-31T10:00:00Z", | |
| "log_type": "zeek_conn", | |
| "src_ip": "10.0.0.15", | |
| "dest_ip": "10.0.0.2", | |
| "dest_port": 443, | |
| "severity": "low", | |
| "context": "Standard HTTPS traffic" | |
| }, | |
| { | |
| "timestamp": "2026-03-31T10:01:22Z", | |
| "log_type": "zeek_conn", | |
| "src_ip": "10.0.0.16", | |
| "dest_ip": "10.0.0.2", | |
| "dest_port": 80, | |
| "severity": "low", | |
| "context": "Standard HTTP traffic" | |
| }, | |
| { | |
| "timestamp": "2026-03-31T10:05:11Z", | |
| "log_type": "suricata_alert", | |
| "src_ip": "198.51.100.44", | |
| "dest_ip": "10.0.0.50", | |
| "dest_port": 22, | |
| "severity": "critical", | |
| "context": "ET SCAN Suspicious inbound SSH brute force detected" | |
| } | |
| ], | |
| "scenario_2_false_positive": [ | |
| { | |
| "timestamp": "2026-03-31T23:00:00Z", | |
| "log_type": "suricata_alert", | |
| "src_ip": "10.0.0.250", | |
| "dest_ip": "203.0.113.10", | |
| "dest_port": 443, | |
| "severity": "high", | |
| "context": "Massive outbound data transfer detected (Exfiltration?)", | |
| "host_info": "Primary Backup Server" | |
| } | |
| ], | |
| "scenario_3_kill_chain": [ | |
| { | |
| "timestamp": "2026-04-01T08:15:00Z", | |
| "log_type": "email_gateway", | |
| "src_ip": "external", | |
| "dest_ip": "10.0.1.55", | |
| "severity": "medium", | |
| "context": "Phishing link clicked by user" | |
| }, | |
| { | |
| "timestamp": "2026-04-01T08:30:00Z", | |
| "log_type": "zeek_conn", | |
| "src_ip": "10.0.1.55", | |
| "dest_ip": "10.0.1.0/24", | |
| "dest_port": 445, | |
| "severity": "high", | |
| "context": "Internal subnet SMB scanning detected" | |
| }, | |
| { | |
| "timestamp": "2026-04-01T08:45:00Z", | |
| "log_type": "zeek_conn", | |
| "src_ip": "10.0.1.55", | |
| "dest_ip": "10.0.0.99", | |
| "dest_port": 3306, | |
| "severity": "critical", | |
| "context": "Connection attempt to Core Database Server" | |
| } | |
| ] | |
| } | |