Sure thing - just removed some IP info etc
{
"_index": "logstash-2018.09.18",
"_type": "doc",
"_id": "wFsz82UBERgXOhVDd-6V",
"_version": 1,
"_score": null,
"_source": {
"event_type": "alert",
"input": {
"type": "log"
},
"flow_id": 326428362774953,
"in_iface": "xxxxxxxx",
"stream": 0,
"tags": [
"SuricataIDPS",
"JSON",
"beats_input_codec_plain_applied",
"ET-Sig"
],
"source": "/var/xx/xx/xxxxx/eve.json",
"src_port": xxxxxxx,
"offset": 1926251246,
"proto": "UDP",
"beat": {
"hostname": "xxxxxxxxxxxxxxxxxxxxxxs",
"version": "6.3.2",
"name": "xxxxxxxxxxxxxxxxxx"
},
"payload": "xxxxxxxxxxxxxx",
"prospector": {
"type": "log"
},
"@version": "1",
"@timestamp": "2018-09-18T23:14:02.904Z",
"message": "{"timestamp":"2018-09-19T01:14:02.904248+0200","flow_id":326428362774953,"in_iface":"xxxx","event_type":"alert","src_ip":"xxxxxxxxxxxxx","src_port":xxx,"dest_ip":"xxxxxxxxx","dest_port":xxxx,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2016149,"rev":2,"signature":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","category":"Attempted User Privilege Gain","severity":1},"app_proto":"failed","payload":"xxxxxxx","payload_printable":"xxxxxxxxxxxx","stream":0,"packet":"xxxxxxxxxxx","packet_info":{"linktype":0}}",
"alert": {
"category": "Attempted User Privilege Gain",
"signature_id": 2016149,
"gid": 1,
"severity": 1,
"action": "allowed",
"rev": 2,
"signature": "ET INFO Session Traversal Utilities for NAT (STUN Binding Request)"
},
"dest_FQDN": "ec2-54-172-47-69.compute-1.amazonaws.com",
"payload_printable": "xxxxxxxxxxxxxxxxxxxxx",
"dest_port_serviceName": "stun",
"ids_rule_type": "Emerging Threats",
"geoip": {
"country_code2": "xx",
"ip": "xxxxxxxxxxxxxxx",
"country_code3": "xx",
"longitude": xx,
"timezone": "Africa/Johannesburg",
"continent_code": "AF",
"country_name": "South Africa",
"region_name": "xxxxxxxxxxxxxxxxxxx",
"location": {
"lon": 27.9667,
"lat": -26.05
},
"city_name": "xxxxxxxxxxxxxxxxxx",
"region_code": "xx",
"postal_code": "xx",
"latitude": -xx
},
"src_FQDN": "xxxxxxxxxxxxxxxxxxxxxxx",
"type": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"packet": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"packet_info": {
"linktype": 0
},
"dest_port": 3478,
"src_ip": "xxxxxxxxxxx",
"app_proto": "failed",
"host": {
"name": "xxxxxxxxxx"
},
"dest_ip": "xxxxxxxxxxxxxx",
"Signature_Info": "http://doc.emergingthreats.net/bin/view/Main/2016149",
"timestamp": "2018-09-19T01:14:02.904248+0200"
},
"fields": {
"@timestamp": [
"2018-09-18T23:14:02.904Z"
],
"timestamp": [
"2018-09-18T23:14:02.904Z"
]
},
"highlight": {
"event_type": [
"@kibana-highlighted-field@alert@/kibana-highlighted-field@"
],
"type": [
"@kibana-highlighted-field@suricataIDPS@/kibana-highlighted-field@"
],
"alert.category.keyword": [
"@kibana-highlighted-field@Attempted User Privilege Gain@/kibana-highlighted-field@"
]
},
"sort": [
1537312442904
]
}