Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-10-18 06:35:38.392 192.168.1.6 [VT] 49184 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:35:49.377 192.168.1.6 [VT] 49189 52.109.76.6 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:35:52.612 192.168.1.6 [VT] 49194 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-10-18 06:35:53.002 192.168.1.6 [VT] 49195 52.142.114.176 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3
2020-10-18 06:35:55.667 192.168.1.6 [VT] 49197 23.54.113.244 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3
2020-10-18 06:36:09.233 192.168.1.6 [VT] 49201 23.54.113.244 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3
2020-10-18 06:37:44.137 192.168.1.6 [VT] 56219 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:37:45.139 192.168.1.6 [VT] 56219 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:37:46.136 192.168.1.6 [VT] 56219 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:37:48.140 192.168.1.6 [VT] 56219 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:37:52.136 192.168.1.6 [VT] 56219 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:37:56.138 192.168.1.6 [VT] 49918 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:37:57.137 192.168.1.6 [VT] 49918 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:37:58.137 192.168.1.6 [VT] 49918 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:00.138 192.168.1.6 [VT] 49918 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:04.136 192.168.1.6 [VT] 49918 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:08.159 192.168.1.6 [VT] 60922 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:09.152 192.168.1.6 [VT] 60922 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:10.152 192.168.1.6 [VT] 60922 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:12.152 192.168.1.6 [VT] 60922 1.1.1.1 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:12.152 192.168.1.6 [VT] 60922 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:16.154 192.168.1.6 [VT] 60922 1.1.1.1 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:16.154 192.168.1.6 [VT] 60922 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:26.624 192.168.1.6 [VT] 63576 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:27.621 192.168.1.6 [VT] 63576 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:28.621 192.168.1.6 [VT] 63576 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:30.621 192.168.1.6 [VT] 63576 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:34.621 192.168.1.6 [VT] 63576 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:38.073 192.168.1.6 [VT] 62653 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:38.439 192.168.1.6 [VT] 62653 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:38.736 192.168.1.6 [VT] 62653 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:39.062 192.168.1.6 [VT] 62653 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:39.397 192.168.1.6 [VT] 62653 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:39.682 192.168.1.6 [VT] 60164 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:44.814 192.168.1.6 [VT] 50574 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:45.169 192.168.1.6 [VT] 50574 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:45.496 192.168.1.6 [VT] 50574 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:45.757 192.168.1.6 [VT] 50574 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:46.352 192.168.1.6 [VT] 50574 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:46.693 192.168.1.6 [VT] 57781 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:47.174 192.168.1.6 [VT] 57781 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:47.700 192.168.1.6 [VT] 57781 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:48.182 192.168.1.6 [VT] 57781 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:50.328 192.168.1.6 [VT] 57781 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:55.372 192.168.1.6 [VT] 60486 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:56.371 192.168.1.6 [VT] 60486 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:38:57.369 192.168.1.6 [VT] 60486 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:39:01.809 192.168.1.6 [VT] 54487 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:39:02.622 192.168.1.6 [VT] 54487 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:39:03.462 192.168.1.6 [VT] 54487 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:39:04.749 192.168.1.6 [VT] 54487 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:39:05.830 192.168.1.6 [VT] 54487 8.8.8.8 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:39:06.153 192.168.1.6 [VT] 53025 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:39:06.600 192.168.1.6 [VT] 53025 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:39:06.890 192.168.1.6 [VT] 53025 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:39:07.176 192.168.1.6 [VT] 53025 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1
2020-10-18 06:39:07.506 192.168.1.6 [VT] 53025 8.8.4.4 [VT] 53 UDP 1 2022642 5 ET POLICY DNS Query to a *.ngrok domain (ngrok.io) Potential Corporate Privacy Violation 1