-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecurity_data.json
30 lines (30 loc) · 12.6 KB
/
security_data.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[
{ "detection_time": "2024-12-23 10:15:00", "index": "security", "host": "win-srv-prod-01", "department": "finance", "security_zone": "restricted", "event_count": 28, "unique_src_ips": 6, "avg_risk_score": 7.8, "failed_logins": 12, "process_creates": 8, "network_connections": 8, "severity": "critical", "parent_process": "bash", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_admin", "jsmith", "system" ] },
{ "detection_time": "2024-12-23 10:20:00", "index": "linux", "host": "linux-db-000001", "department": "it", "security_zone": "restricted", "event_count": 22, "unique_src_ips": 4, "avg_risk_score": 7.2, "failed_logins": 8, "process_creates": 10, "network_connections": 4, "severity": "high", "parent_process": "explorer", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "root", "postgres", "admin" ] },
{ "detection_time": "2024-12-23 10:25:00", "index": "windows", "host": "win-client-1569", "department": "sales", "security_zone": "corporate", "event_count": 15, "unique_src_ips": 3, "avg_risk_score": 6.9, "failed_logins": 6, "process_creates": 5, "network_connections": 4, "severity": "high", "parent_process": "cmd.exe", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "mwilson", "system" ] },
{ "detection_time": "2024-12-23 10:20:00", "index": "windows", "host": "win-srv-prod-02", "department": "marketing", "security_zone": "public", "event_count": 15, "unique_src_ips": 4, "avg_risk_score": 5.5, "failed_logins": 8, "process_creates": 4, "network_connections": 3, "severity": "medium", "parent_process": "powershell.exe", "process_name": "bash", "actions": [ "failed_login", "process_create" ], "users": [ "svc_marketing", "jdoe" ] },
{ "detection_time": "2024-12-23 10:25:00", "index": "security", "host": "linux-srv-dev-01", "department": "development", "security_zone": "restricted", "event_count": 32, "unique_src_ips": 8, "avg_risk_score": 8.2, "failed_logins": 15, "process_creates": 10, "network_connections": 7, "severity": "critical", "parent_process": "wow.exe", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_dev", "jsmith", "system" ] },
{ "detection_time": "2024-12-23 10:30:00", "index": "windows", "host": "win-srv-prod-03", "department": "sales", "security_zone": "public", "event_count": 20, "unique_src_ips": 5, "avg_risk_score": 6.8, "failed_logins": 10, "process_creates": 6, "network_connections": 4, "severity": "medium", "parent_process": "virus.exe", "process_name": "bash", "actions": [ "failed_login", "process_create" ], "users": [ "svc_sales", "jane" ] },
{ "detection_time": "2024-12-23 10:35:00", "index": "linux", "host": "linux-srv-dev-02", "department": "development", "security_zone": "restricted", "event_count": 25, "unique_src_ips": 6, "avg_risk_score": 7.5, "failed_logins": 12, "process_creates": 8, "network_connections": 5, "severity": "critical", "parent_process": "cmd.exe", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_dev", "jdoe", "system" ] },
{ "detection_time": "2024-12-23 10:40:00", "index": "security", "host": "win-srv-prod-04", "department": "finance", "security_zone": "public", "event_count": 18, "unique_src_ips": 4, "avg_risk_score": 5.2, "failed_logins": 9, "process_creates": 5, "network_connections": 4, "severity": "medium", "parent_process": "cmd.exe", "process_name": "bash", "actions": [ "failed_login", "process_create" ], "users": [ "svc_finance", "bob" ] },
{ "detection_time": "2024-12-23 10:45:00", "index": "linux", "host": "linux-srv-dev-03", "department": "development", "security_zone": "restricted", "event_count": 30, "unique_src_ips": 7, "avg_risk_score": 8.5, "failed_logins": 14, "process_creates": 9, "network_connections": 7, "severity": "critical", "parent_process": "explorer.exe", "process_name": "powershell.exe", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_dev", "jsmith", "system" ] },
{ "detection_time": "2024-12-23 10:50:00", "index": "windows", "host": "win-srv-prod-05", "department": "marketing", "security_zone": "public", "event_count": 22, "unique_src_ips": 5, "avg_risk_score": 6.2, "failed_logins": 11, "process_creates": 7, "network_connections": 4, "severity": "medium", "parent_process": "cmd.exe", "actions": [ "failed_login", "process_create" ], "users": [ "svc_marketing", "jane" ] },
{ "detection_time": "2024-12-23 10:55:00", "index": "network", "host": "linux-srv-dev-04", "department": "development", "security_zone": "restricted", "event_count": 28, "unique_src_ips": 6, "avg_risk_score": 7.8, "failed_logins": 13, "process_creates": 8, "network_connections": 7, "severity": "critical", "parent_process": "powershell.exe", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_dev", "jdoe", "system" ] },
{ "detection_time": "2024-12-23 11:00:00", "index": "windows", "host": "win-srv-prod-06", "department": "sales", "security_zone": "public", "event_count": 20, "unique_src_ips": 4, "avg_risk_score": 5.8, "failed_logins": 10, "process_creates": 6, "network_connections": 4, "severity": "medium", "parent_process": "powershell.exe", "process_name": "bash", "actions": [ "failed_login", "process_create" ], "users": [ "svc_sales", "bob" ] },
{ "detection_time": "2024-12-23 11:05:00", "index": "linux", "host": "linux-srv-dev-05", "department": "development", "security_zone": "restricted", "event_count": 32, "unique_src_ips": 7, "avg_risk_score": 8.2, "failed_logins": 15, "process_creates": 10, "network_connections": 7, "severity": "critical", "parent_process": "explorer.exe", "process_name": "powershell.exe", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_dev", "jsmith", "system" ] },
{ "detection_time": "2024-12-23 11:10:00", "index": "windows", "host": "win-srv-prod-07", "department": "finance", "security_zone": "public", "event_count": 25, "unique_src_ips": 5, "avg_risk_score": 6.5, "failed_logins": 12, "process_creates": 8, "network_connections": 5, "severity": "medium", "parent_process": "bash", "process_name": "bash", "actions": [ "failed_login", "process_create" ], "users": [ "svc_finance", "jane" ] },
{ "detection_time": "2024-12-23 10:15:00", "index": "windows", "host": "win-srv-prod-01", "department": "finance", "security_zone": "restricted", "event_count": 28, "unique_src_ips": 6, "avg_risk_score": 7.8, "failed_logins": 12, "process_creates": 8, "network_connections": 8, "severity": "critical", "parent_process": "bash", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_admin", "jsmith", "system" ] },
{ "detection_time": "2024-12-23 10:20:00", "index": "linux", "host": "linux-db-000001", "department": "it", "security_zone": "restricted", "event_count": 22, "unique_src_ips": 4, "avg_risk_score": 7.2, "failed_logins": 8, "process_creates": 10, "network_connections": 4, "severity": "high", "parent_process": "explorer", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "root", "postgres", "admin" ] },
{ "detection_time": "2024-12-23 10:25:00", "index": "windows", "host": "win-client-1569", "department": "sales", "security_zone": "corporate", "event_count": 15, "unique_src_ips": 3, "avg_risk_score": 6.9, "failed_logins": 6, "process_creates": 5, "network_connections": 4, "severity": "high", "parent_process": "cmd.exe", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "mwilson", "system" ] },
{ "detection_time": "2024-12-23 10:20:00", "index": "windows", "host": "win-srv-prod-02", "department": "marketing", "security_zone": "public", "event_count": 15, "unique_src_ips": 4, "avg_risk_score": 5.5, "failed_logins": 8, "process_creates": 4, "network_connections": 3, "severity": "medium", "parent_process": "powershell.exe", "process_name": "bash", "actions": [ "failed_login", "process_create" ], "users": [ "svc_marketing", "jdoe" ] },
{ "detection_time": "2024-12-23 10:25:00", "index": "linux", "host": "linux-srv-dev-01", "department": "development", "security_zone": "restricted", "event_count": 32, "unique_src_ips": 8, "avg_risk_score": 8.2, "failed_logins": 15, "process_creates": 10, "network_connections": 7, "severity": "critical", "parent_process": "wow.exe", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_dev", "jsmith", "system" ] },
{ "detection_time": "2024-12-23 10:30:00", "index": "network", "host": "win-srv-prod-03", "department": "sales", "security_zone": "public", "event_count": 20, "unique_src_ips": 5, "avg_risk_score": 6.8, "failed_logins": 10, "process_creates": 6, "network_connections": 4, "severity": "medium", "parent_process": "virus.exe", "process_name": "bash", "actions": [ "failed_login", "process_create" ], "users": [ "svc_sales", "jane" ] },
{ "detection_time": "2024-12-23 10:35:00", "index": "linux", "host": "linux-srv-dev-02", "department": "development", "security_zone": "restricted", "event_count": 25, "unique_src_ips": 6, "avg_risk_score": 7.5, "failed_logins": 12, "process_creates": 8, "network_connections": 5, "severity": "critical", "parent_process": "cmd.exe", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_dev", "jdoe", "system" ] },
{ "detection_time": "2024-12-23 10:40:00", "index": "network", "host": "win-srv-prod-04", "department": "finance", "security_zone": "public", "event_count": 18, "unique_src_ips": 4, "avg_risk_score": 5.2, "failed_logins": 9, "process_creates": 5, "network_connections": 4, "severity": "medium", "parent_process": "cmd.exe", "process_name": "bash", "actions": [ "failed_login", "process_create" ], "users": [ "svc_finance", "bob" ] },
{ "detection_time": "2024-12-23 10:45:00", "index": "linux", "host": "linux-srv-dev-03", "department": "development", "security_zone": "restricted", "event_count": 30, "unique_src_ips": 7, "avg_risk_score": 8.5, "failed_logins": 14, "process_creates": 9, "network_connections": 7, "severity": "critical", "parent_process": "explorer.exe", "process_name": "powershell.exe", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_dev", "jsmith", "system" ] },
{ "detection_time": "2024-12-23 10:50:00", "index": "network", "host": "win-srv-prod-05", "department": "marketing", "security_zone": "public", "event_count": 22, "unique_src_ips": 5, "avg_risk_score": 6.2, "failed_logins": 11, "process_creates": 7, "network_connections": 4, "severity": "medium", "parent_process": "cmd.exe", "actions": [ "failed_login", "process_create" ], "users": [ "svc_marketing", "jane" ] },
{ "detection_time": "2024-12-23 10:55:00", "index": "linux", "host": "linux-srv-dev-04", "department": "development", "security_zone": "restricted", "event_count": 28, "unique_src_ips": 6, "avg_risk_score": 7.8, "failed_logins": 13, "process_creates": 8, "network_connections": 7, "severity": "critical", "parent_process": "powershell.exe", "process_name": "bash", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_dev", "jdoe", "system" ] },
{ "detection_time": "2024-12-23 11:00:00", "index": "network", "host": "win-srv-prod-06", "department": "sales", "security_zone": "public", "event_count": 20, "unique_src_ips": 4, "avg_risk_score": 5.8, "failed_logins": 10, "process_creates": 6, "network_connections": 4, "severity": "medium", "parent_process": "powershell.exe", "process_name": "bash", "actions": [ "failed_login", "process_create" ], "users": [ "svc_sales", "bob" ] },
{ "detection_time": "2024-12-23 11:05:00", "index": "linux", "host": "linux-srv-dev-05", "department": "development", "security_zone": "restricted", "event_count": 32, "unique_src_ips": 7, "avg_risk_score": 8.2, "failed_logins": 15, "process_creates": 10, "network_connections": 7, "severity": "critical", "parent_process": "explorer.exe", "process_name": "powershell.exe", "actions": [ "failed_login", "process_create", "network_connection" ], "users": [ "svc_dev", "jsmith", "system" ] },
{ "detection_time": "2024-12-23 11:10:00", "index": "network", "host": "win-srv-prod-07", "department": "finance", "security_zone": "public", "event_count": 25, "unique_src_ips": 5, "avg_risk_score": 6.5, "failed_logins": 12, "process_creates": 8, "network_connections": 5, "severity": "medium", "parent_process": "bash", "process_name": "bash", "actions": [ "failed_login", "process_create" ], "users": [ "svc_finance", "jane" ] }
]