diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 2df5cf01c58f..056aff10854e 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -12,6 +12,12 @@ # https://github.community/t/codeowners-file-with-a-not-file-type-condition/1423/9 CHANGELOG* +# The tech leads of the teams working in Beats share ownership of the Go module dependencies and related files. +/.github/CODEOWNERS/ @elastic/beats-tech-leads +/.go.mod/ @elastic/beats-tech-leads +/.go.sum/ @elastic/beats-tech-leads +/NOTICE.txt/ @elastic/beats-tech-leads + /.ci/ @elastic/elastic-agent-data-plane /.github/ @elastic/elastic-agent-data-plane /auditbeat/ @elastic/security-external-integrations @@ -24,25 +30,23 @@ CHANGELOG* /filebeat/input/syslog/ @elastic/security-external-integrations /filebeat/input/winlog/ @elastic/security-external-integrations /filebeat/module/ @elastic/integrations -/filebeat/module/apache @elastic/integrations +/filebeat/module/apache @elastic/obs-infraobs-integrations /filebeat/module/auditd @elastic/security-external-integrations /filebeat/module/elasticsearch/ @elastic/infra-monitoring-ui -/filebeat/module/haproxy @elastic/integrations +/filebeat/module/haproxy @elastic/obs-infraobs-integrations /filebeat/module/icinga @elastic/integrations -/filebeat/module/iis @elastic/integrations -/filebeat/module/kafka @elastic/integrations -/filebeat/module/kibana @elastic/integrations +/filebeat/module/iis @elastic/obs-infraobs-integrations +/filebeat/module/kafka @elastic/obs-infraobs-integrations /filebeat/module/kibana/ @elastic/infra-monitoring-ui -/filebeat/module/logstash @elastic/integrations /filebeat/module/logstash/ @elastic/infra-monitoring-ui -/filebeat/module/mongodb @elastic/integrations +/filebeat/module/mongodb @elastic/obs-infraobs-integrations /filebeat/module/mysql @elastic/security-external-integrations /filebeat/module/nats @elastic/integrations -/filebeat/module/nginx @elastic/integrations +/filebeat/module/nginx @elastic/obs-infraobs-integrations /filebeat/module/osquery @elastic/security-asset-management /filebeat/module/pensando @elastic/security-external-integrations -/filebeat/module/postgresql @elastic/integrations -/filebeat/module/redis @elastic/integrations +/filebeat/module/postgresql @elastic/obs-infraobs-integrations +/filebeat/module/redis @elastic/obs-infraobs-integrations /filebeat/module/santa @elastic/security-external-integrations /filebeat/module/system @elastic/elastic-agent-data-plane /filebeat/module/traefik @elastic/integrations @@ -63,14 +67,34 @@ CHANGELOG* /metricbeat/ @elastic/elastic-agent-data-plane /metricbeat/docs/ # Listed without an owner to avoid maintaining doc ownership for each input and module. /metricbeat/module/ @elastic/integrations +/metricbeat/module/apache @elastic/obs-infraobs-integrations /metricbeat/module/beat/ @elastic/infra-monitoring-ui +/metricbeat/module/ceph @elastic/obs-infraobs-integrations +/metricbeat/module/couchbase @elastic/obs-infraobs-integrations +/metricbeat/module/couchdb @elastic/obs-infraobs-integrations /metricbeat/module/elasticsearch/ @elastic/infra-monitoring-ui +/metricbeat/module/etcd @elastic/obs-infraobs-integrations +/metricbeat/module/golang @elastic/obs-infraobs-integrations +/metricbeat/module/haproxy @elastic/obs-infraobs-integrations +/metricbeat/module/http @elastic/obs-infraobs-integrations +/metricbeat/module/jolokia @elastic/obs-infraobs-integrations +/metricbeat/module/kafka @elastic/obs-infraobs-integrations /metricbeat/module/kibana/ @elastic/infra-monitoring-ui /metricbeat/module/kubernetes/ @elastic/obs-cloudnative-monitoring /metricbeat/module/logstash/ @elastic/infra-monitoring-ui +/metricbeat/module/memcached @elastic/obs-infraobs-integrations +/metricbeat/module/mongodb @elastic/obs-infraobs-integrations +/metricbeat/module/mysql @elastic/obs-infraobs-integrations /metricbeat/module/nats/ @elastic/obs-cloudnative-monitoring +/metricbeat/module/nginx @elastic/obs-infraobs-integrations +/metricbeat/module/php_fpm @elastic/obs-infraobs-integrations /metricbeat/module/prometheus/ @elastic/obs-cloudnative-monitoring +/metricbeat/module/postgresql @elastic/obs-infraobs-integrations +/metricbeat/module/rabbitmq @elastic/obs-infraobs-integrations +/metricbeat/module/redis @elastic/obs-infraobs-integrations /metricbeat/module/system/ @elastic/elastic-agent-data-plane +/metricbeat/module/vsphere @elastic/obs-infraobs-integrations +/metricbeat/module/zookeeper @elastic/obs-infraobs-integrations /packetbeat/ @elastic/security-external-integrations /script/ @elastic/elastic-agent-data-plane /testing/ @elastic/elastic-agent-data-plane @@ -85,6 +109,7 @@ CHANGELOG* /x-pack/filebeat/input/azureblobstorage/ @elastic/security-external-integrations /x-pack/filebeat/input/azureeventhub/ @elastic/obs-cloud-monitoring /x-pack/filebeat/input/cel/ @elastic/security-external-integrations +/x-pack/filebeat/input/cometd/ @elastic/obs-infraobs-integrations /x-pack/filebeat/input/entityanalytics/ @elastic/security-external-integrations /x-pack/filebeat/input/gcppubsub/ @elastic/security-external-integrations /x-pack/filebeat/input/gcs/ @elastic/security-external-integrations @@ -94,7 +119,7 @@ CHANGELOG* /x-pack/filebeat/input/netflow/ @elastic/security-external-integrations /x-pack/filebeat/input/o365audit/ @elastic/security-external-integrations /x-pack/filebeat/module/ @elastic/integrations -/x-pack/filebeat/module/activemq @elastic/integrations +/x-pack/filebeat/module/activemq @elastic/obs-infraobs-integrations /x-pack/filebeat/module/aws @elastic/obs-cloud-monitoring /x-pack/filebeat/module/awsfargate @elastic/obs-cloud-monitoring /x-pack/filebeat/module/azure @elastic/obs-cloud-monitoring @@ -112,14 +137,14 @@ CHANGELOG* /x-pack/filebeat/module/fortinet @elastic/security-external-integrations /x-pack/filebeat/module/gcp @elastic/security-external-integrations /x-pack/filebeat/module/google_workspace @elastic/security-external-integrations -/x-pack/filebeat/module/ibmmq @elastic/integrations +/x-pack/filebeat/module/ibmmq @elastic/obs-infraobs-integrations /x-pack/filebeat/module/imperva @elastic/security-external-integrations /x-pack/filebeat/module/infoblox @elastic/security-external-integrations /x-pack/filebeat/module/iptables @elastic/security-external-integrations /x-pack/filebeat/module/juniper @elastic/security-external-integrations /x-pack/filebeat/module/microsoft @elastic/security-external-integrations /x-pack/filebeat/module/misp @elastic/security-external-integrations -/x-pack/filebeat/module/mssql @elastic/integrations +/x-pack/filebeat/module/mssql @elastic/obs-infraobs-integrations /x-pack/filebeat/module/mysqlenterprise @elastic/security-external-integrations /x-pack/filebeat/module/netflow @elastic/security-external-integrations /x-pack/filebeat/module/netscout @elastic/security-external-integrations @@ -128,7 +153,7 @@ CHANGELOG* /x-pack/filebeat/module/oracle @elastic/security-external-integrations /x-pack/filebeat/module/panw @elastic/security-external-integrations /x-pack/filebeat/module/proofpoint @elastic/security-external-integrations -/x-pack/filebeat/module/rabbitmq @elastic/integrations +/x-pack/filebeat/module/rabbitmq @elastic/obs-infraobs-integrations /x-pack/filebeat/module/radware @elastic/security-external-integrations /x-pack/filebeat/module/snort @elastic/security-external-integrations /x-pack/filebeat/module/snyk @elastic/security-external-integrations @@ -139,19 +164,33 @@ CHANGELOG* /x-pack/filebeat/module/threatintel @elastic/security-external-integrations /x-pack/filebeat/module/tomcat @elastic/security-external-integrations /x-pack/filebeat/module/zeek @elastic/security-external-integrations -/x-pack/filebeat/module/zookeeper @elastic/integrations +/x-pack/filebeat/module/zookeeper @elastic/obs-infraobs-integrations /x-pack/filebeat/module/zoom @elastic/security-external-integrations /x-pack/filebeat/module/zscaler @elastic/security-external-integrations +/x-pack/filebeat/modules.d/zoom.yml.disabled @elastic/security-external-integrations /x-pack/filebeat/processors/decode_cef/ @elastic/security-external-integrations /x-pack/heartbeat/ @elastic/uptime /x-pack/metricbeat/ @elastic/elastic-agent-data-plane /x-pack/metricbeat/docs/ # Listed without an owner to avoid maintaining doc ownership for each input and module. /x-pack/metricbeat/module/ @elastic/integrations +/x-pack/metricbeat/module/activemq @elastic/obs-infraobs-integrations +/x-pack/metricbeat/module/airflow @elastic/obs-infraobs-integrations +/x-pack/metricbeat/module/cloudfoundry @elastic/obs-infraobs-integrations +/x-pack/metricbeat/module/cockroachdb @elastic/obs-infraobs-integrations /x-pack/metricbeat/module/containerd/ @elastic/obs-cloudnative-monitoring +/x-pack/metricbeat/module/coredns @elastic/obs-infraobs-integrations /x-pack/metricbeat/module/enterprisesearch @elastic/ent-search-application-backend +/x-pack/metricbeat/module/ibmmq @elastic/obs-infraobs-integrations +/x-pack/metricbeat/module/iis @elastic/obs-infraobs-integrations /x-pack/metricbeat/module/istio/ @elastic/obs-cloudnative-monitoring +/x-pack/metricbeat/module/mssql @elastic/obs-infraobs-integrations +/x-pack/metricbeat/module/oracle @elastic/obs-infraobs-integrations /x-pack/metricbeat/module/prometheus/ @elastic/obs-cloudnative-monitoring +/x-pack/metricbeat/module/redisenterprise @elastic/obs-infraobs-integrations +/x-pack/metricbeat/module/sql @elastic/obs-infraobs-integrations +/x-pack/metricbeat/module/statsd @elastic/obs-infraobs-integrations /x-pack/metricbeat/module/stan/ @elastic/obs-cloudnative-monitoring +/x-pack/metricbeat/module/tomcat @elastic/obs-infraobs-integrations /x-pack/osquerybeat/ @elastic/security-asset-management /x-pack/packetbeat/ @elastic/security-external-integrations /x-pack/winlogbeat/ @elastic/security-external-integrations diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ecb9a52d6772..0238179f29cf 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,15 +1,64 @@ --- version: 2 +# This section is segmented by the responsible GitHub teams in order +# to make it clear who is responsible for reviewing. updates: - - package-ecosystem: "gomod" - directory: "/" + - package-ecosystem: gomod + directory: / schedule: - interval: "daily" + interval: daily labels: - automation + - dependabot - Team:Elastic-Agent-Data-Plane allow: - - dependency-name: "github.com/elastic/*" + - dependency-name: github.com/elastic/elastic-agent-autodiscover + - dependency-name: github.com/elastic/elastic-agent-client/* + - dependency-name: github.com/elastic/elastic-agent-libs + - dependency-name: github.com/elastic/elastic-agent-shipper-client + - dependency-name: github.com/elastic/elastic-agent-system-metrics + - dependency-name: github.com/elastic/go-concert + - dependency-name: github.com/elastic/go-elasticsearch/* + - dependency-name: github.com/elastic/go-licenser + - dependency-name: github.com/elastic/go-lookslike + - dependency-name: github.com/elastic/go-lumber + - dependency-name: github.com/elastic/go-structform + - dependency-name: github.com/elastic/go-sysinfo + - dependency-name: github.com/elastic/go-ucfg + - dependency-name: github.com/elastic/gosigar + - dependency-name: go.elastic.co/apm/* + - dependency-name: go.elastic.co/ecszap + - dependency-name: go.elastic.co/go-licence-detector reviewers: - - "elastic/elastic-agent-data-plane" - open-pull-requests-limit: 10 + - elastic/elastic-agent-data-plane + open-pull-requests-limit: 2 + - package-ecosystem: gomod + directory: / + schedule: + interval: daily + labels: + - automation + - dependabot + - Team:Security-External Integrations + allow: + # Skip github.com/elastic/mito because it requires documentation updates. + - dependency-name: github.com/elastic/go-libaudit/* + - dependency-name: github.com/elastic/go-perf + - dependency-name: github.com/elastic/go-seccomp-bpf + - dependency-name: github.com/elastic/toutoumomoma + reviewers: + - elastic/security-external-integrations + open-pull-requests-limit: 2 + - package-ecosystem: gomod + directory: / + schedule: + interval: daily + labels: + - automation + - dependabot + - Team:Service-Integrations + allow: + - dependency-name: github.com/elastic/bayeux + reviewers: + - elastic/obs-infraobs-integrations + open-pull-requests-limit: 2 diff --git a/.github/workflows/post-dependabot.yml b/.github/workflows/post-dependabot.yml index 120558caa801..069f0d777e1f 100644 --- a/.github/workflows/post-dependabot.yml +++ b/.github/workflows/post-dependabot.yml @@ -27,7 +27,7 @@ jobs: - name: check for modified NOTICE.txt id: notice-check - run: echo "modified=$(if git diff-index --quiet HEAD -- NOTICE.txt; then echo "false"; else echo "true"; fi)" >> $GITHUB_OUTPUT + run: echo "modified=$(if git status --porcelain --untracked-files=no | grep -q -E ' NOTICE.txt$'; then echo "true"; else echo "false"; fi)" >> $GITHUB_OUTPUT - name: commit NOTICE.txt if: steps.notice-check.outputs.modified == 'true' diff --git a/.go-version b/.go-version index 91c48c058d7f..88ebadf2c322 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.19.9 +1.19.10 diff --git a/.golangci.yml b/.golangci.yml index 111fb70dbbdc..2cd359352da7 100755 --- a/.golangci.yml +++ b/.golangci.yml @@ -108,7 +108,7 @@ linters-settings: gosimple: # Select the Go version to target. The default is '1.13'. - go: "1.19.9" + go: "1.19.10" nakedret: # make an issue if func has more lines of code than this setting and it has naked returns; default is 30 @@ -126,19 +126,19 @@ linters-settings: staticcheck: # Select the Go version to target. The default is '1.13'. - go: "1.19.9" + go: "1.19.10" checks: ["all"] stylecheck: # Select the Go version to target. The default is '1.13'. - go: "1.19.9" + go: "1.19.10" # Disabled: # ST1005: error strings should not be capitalized checks: ["all", "-ST1005"] unused: # Select the Go version to target. The default is '1.13'. - go: "1.19.9" + go: "1.19.10" gosec: excludes: diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index 5d009736c342..fe7fb5c57287 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -81,6 +81,8 @@ The list below covers the major changes between 7.0.0-rc2 and main only. - Fix the integration testcase docker port mapping for sql and oracle modules {pull}34221[34221] - Fix the ingest pipeline for mysql slowlog to parse schema name with dash {pull}34371[34372] - Fix the multiple host support for mongodb module {pull}34624[34624] +- Skip HTTPJSON flakey test. {issue}34929[34929] {pull}35138[35138] +- Fix ingest pipeline for panw module to parse url scheme correctly {pull}35757[35757] ==== Added @@ -144,6 +146,7 @@ The list below covers the major changes between 7.0.0-rc2 and main only. - Add support for `credentials_json` in `gcp` module, all metricsets {pull}29584[29584] - Add gcp firestore metricset. {pull}29918[29918] - Added TESTING_FILEBEAT_FILEPATTERN option for filebeat module pytests {pull}30103[30103] +- Improve tests files with shorter statements. {pull}35667[35667] - Add gcp dataproc metricset. {pull}30008[30008] - Add Github action for linting - Add regex support for drop_fields processor. @@ -154,8 +157,13 @@ The list below covers the major changes between 7.0.0-rc2 and main only. - Add the file path of the instance lock on the error when it's is already locked {pull}33788[33788] - Add DropFields processor to js API {pull}33458[33458] - Add support for different folders when testing data {pull}34467[34467] +- Add logging of metric registration in inputmon. {pull}35647[35647] +- Add Okta API package for entity analytics. {pull}35478[35478] +- Add benchmarking to HTTPJSON input testing. {pull}35138[35138] +- Allow non-AWS endpoints for testing Filebeat awss3 input. {issue}35496[35496] {pull}35520[35520] ==== Deprecated - Deprecated the `common.Float` type. {issue}28279[28279] {pull}28280[28280] - Deprecate Beat generators. {pull}28814[28814] +- Remove garbled PE executable test from auditbeat FIM module testing. {issue}35705[35705] {pull}35724[35724] diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 3c5052bdc2b3..f49c6480c144 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -3,6 +3,124 @@ :issue: https://github.com/elastic/beats/issues/ :pull: https://github.com/elastic/beats/pull/ +[[release-notes-8.8.1]] +=== Beats version 8.8.1 +https://github.com/elastic/beats/compare/v8.8.0\...v8.8.1[View commits] + +==== Bugfixes + +*Affecting all Beats* + +- 'add_cloud_metadata' processor: add `cloud.region` field for GCE cloud provider +- 'add_cloud_metadata' processor: update Azure metadata API version to get missing `cloud.account.id` field + +*Filebeat* + +- Fix "Can only start an input when all related states are finished" error when running under Elastic Agent {pull}35250[35250] {issue}33653[33653] +- [system] Sync system/auth dataset with system integration 1.29.0. {pull}35581[35581] +- Fix filestream false positive log error "filestream input with ID 'xyz' already exists" {issue}31767[31767] +- Fix error when trying to use `include_message` parser {issue}35440[35440] + +==== Added + +*Filebeat* + +- Add sanitization capabilities to azure-eventhub input {pull}34874[34874] + +*Auditbeat* +- Migration of system/package module storage from gob encoding to flatbuffer encoding in bolt db. {pull}34817[34817] + +*Metricbeat* + +- Support collecting metrics from both the monitoring account and linked accounts from AWS CloudWatch. {pull}35540[35540] +- Add new parameter `include_linked_accounts` to enable/disable metrics collection from multiple linked AWS Accounts {pull}35648[35648] + + +[[release-notes-8.8.0]] +=== Beats version 8.8.0 +https://github.com/elastic/beats/compare/v8.7.1...v8.8.0[View commits] + + +==== Bugfixes + +*Affecting all Beats* +- Fix race condition when stopping runners {pull}32433[32433] +- Fix concurrent map writes when system/process code called from reporter code {pull}32491[32491] +- The Elasticsearch output now splits large requests instead of dropping them when it receives a StatusRequestEntityTooLarge error. {pull}34911[34911] +- In cases where the matcher detects a non-string type in a match statement, report the error as a debug statement, and not a warning statement. {pull}35119[35119] +- `add_cloud_metadata` processor: Add `cloud.region` field for GCE cloud provider. +- `add_cloud_metadata` processor: Update Azure metadata API version to get missing `cloud.account.id` field. + +*Filebeat* +- [GCS Input] Added missing locks for safe concurrency. {pull}34914[34914] +- Fix the `ignore_inactive` option being ignored in Filebeat's filestream input. {pull}34770[34770] +- Add input instance ID to request trace filename for httpjson and cel inputs. {pull}35024[35024] +- Sanitize filenames for request tracer in httpjson input. {pull}35143[35143] +- Sanitize filenames for request tracer in cel input. {pull}35154[35154] +- Fix the grok expression outputs of log files. {pull}35221[35221] +- Move repeated Windows event channel not found errors in winlog input to debug level. {issue}35314[35314] {pull}35317[35317] +- Fix crash when processing forwarded logs missing a message. {issue}34705[34705] {pull}34865[34865] +- Fix crash when loading azurewebstorage cursor with no partially processed data. {pull}35433[35433] + +*Heartbeat* + +- Fix panics when parsing when HTTP URL is not parseable. {pull}34702[34702] +- Fix broken state ID location naming. {pull}35336[35336] +- Fix project monitor temp directories permission to include group access. {pull}35398[35398] +- Fix output pipeline exit on `run_once`. {pull}35376[35376] +- Fix formatting issue with socket trace timeout. {pull}35434[35434] + +*Metricbeat* + +- Make generic SQL GA. {pull}34637[34637] +- Collect missing `remote_cluster` in Elasticsearch CCR metricset. {pull}34957[34957] +- Add context with timeout in AWS API calls. {pull}35425[35425] + +*Osquerybeat* + +- Adds the `elastic_file_analysis` table to the Osquery extension for macOS builds. {pull}35056[35056] + +*Packetbeat* + +- Fix BPF filter setting not being applied to sniffers. {issue}35363[35363] {pull}35484[35484] + +*Winlogbeat* + +- Move repeated channel not found errors to debug level. {issue}35314[35314] {pull}35317[35317] +- Fix panic due to misrepresented buffer use. {pull}35437[35437] +- Allow program termination when attempting to open an absent channel. {pull}35474[35474] + +==== Added + +*Filebeat* + +- Add metric `sqs_messages_waiting_gauge` for aws-s3 input. {pull}34488[34488] +- Add support for Okta debug attributes, `risk_reasons`, `risk_behaviors` and `factor`. {issue}33677[33677] {pull}34508[34508] +- Add `nginx.ingress_controller.upstream.ip` to `related.ip` {issue}34645[34645] {pull}34672[34672] +- Include NAT and firewall IPs in `related.ip` in Fortinet Firewall module. {issue}34640[34640] {pull}34673[34673] +- Add UNIX socket log parsing for NGINX `ingress_controller`. {pull}34732[34732] +- Add metric `sqs_worker_utilization` for aws-s3 input. {pull}34793[34793] +- Register MIME handlers for CSV types in CEL input. {pull}34934[34934] +- Add MySQL authentication message parsing and `related.ip` and `related.user` fields. {pull}34810[34810] +- Mention `mito` CEL tool in CEL input docs. {pull}34959[34959] +- Add nginx ingress_controller parsing if one of upstreams fails to return response. {pull}34787[34787] +- Allow neflow v9 and ipfix templates to be shared between source addresses. {pull}35036[35036] +- Add support for collecting IPv6 metrics. {pull}35123[35123] +- Add Oracle authentication messages parsing {pull}35127[35127] + +*Heartbeat* +- Add status to monitor run log report. +- Remov Beta label for browser monitors. {pull}35424[35424]. + +*Metricbeat* + +- Add GCP Carbon Footprint metricbeat data. {pull}34820[34820] +- Add event loop utilization metric to Kibana module. {pull}35020[35020] + +*Winlogbeat* + +- Add `event.category` and `event.type` to Sysmon module for EventIDs 8, 9, 19, 20, 27, 28, 255. {pull}35193[35193] + [[release-notes-8.7.1]] === Beats version 8.7.1 https://github.com/elastic/beats/compare/v8.7.0\...v8.7.1[View commits] @@ -123,6 +241,7 @@ automatic splitting at root level, if root level element is an array. {pull}3415 - Metrics hosted by the HTTP monitoring endpoint for the `aws-cloudwatch`, `aws-s3`, `cel`, and `lumberjack` inputs are now available under `/inputs/` instead of `/dataset`. *Heartbeat* + - Users can now configure max scheduler job limits per monitor type via env var. {pull}34307[34307] - Remove host and port matching restrictions on hint-generated monitors. {pull}34376[34376] @@ -153,6 +272,7 @@ automatic splitting at root level, if root level element is an array. {pull}3415 === Beats version 8.6.2 https://github.com/elastic/beats/compare/v8.6.1\...v8.6.2[View commits] + ==== Bugfixes *Affecting all Beats* @@ -199,10 +319,12 @@ https://github.com/elastic/beats/compare/v8.6.1\...v8.6.2[View commits] ==== Added + *Filebeat* - Added support for HTTP destination override to Google Cloud Storage input. {pull}34413[34413] + [[release-notes-8.6.1]] === Beats version 8.6.1 https://github.com/elastic/beats/compare/v8.6.0\...v8.6.1[View commits] @@ -9537,7 +9659,7 @@ https://github.com/elastic/beats/compare/1.0.0-beta3\...1.0.0-beta4[Check - Add tls configuration support to elasticsearch and logstash outputers #139 - All external dependencies were updated to the latest version. Update to Golang 1.5.1 #162 - Guarantee ES index is based in UTC time zone #164 -- Cache: optional per element timeout #144 +- Cache: optional per element timeout #144 - Make it possible to set hosts in different ways. #135 - Expose more TLS config options #124 - Use the Beat name in the default configuration file path #99 @@ -9577,3 +9699,4 @@ https://github.com/elastic/beats/compare/1.0.0-beta3\...1.0.0-beta4[Check - Redis output was deprecated #169 #145 - Host and port configuration options are deprecated. They are replaced by the hosts configuration option. #141 + diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 31a138174b7b..277b692e72bd 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -4,11 +4,13 @@ :pull: https://github.com/elastic/beats/pull/ === Beats version HEAD -https://github.com/elastic/beats/compare/v8.7.1\...main[Check the HEAD diff] +https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff] ==== Breaking changes *Affecting all Beats* +- Increase Go version to 1.19.10 {pull}35751[35751] +- Fix status reporting to Elastic-Agent when output configuration is invalid running under Elastic-Agent {pull}35719[35719] *Auditbeat* @@ -65,7 +67,7 @@ https://github.com/elastic/beats/compare/v8.7.1\...main[Check the HEAD diff] - 'add_cloud_metadata' processor - add cloud.region field for GCE cloud provider - 'add_cloud_metadata' processor - update azure metadata api version to get missing `cloud.account.id` field - Make sure k8s watchers are closed when closing k8s meta processor. {pull}35630[35630] - +- Upgraded apache arrow library used in x-pack/libbeat/reader/parquet from v11 to v12.0.1 in order to fix cross-compilation issues {pull}35640[35640] *Auditbeat* @@ -122,9 +124,15 @@ https://github.com/elastic/beats/compare/v8.7.1\...main[Check the HEAD diff] - Move repeated Windows event channel not found errors in winlog input to debug level. {issue}35314[35314] {pull}35317[35317] - Fix crash when processing forwarded logs missing a message. {issue}34705[34705] {pull}34865[34865] - Fix crash when loading azurewebstorage cursor with no partially processed data. {pull}35433[35433] +- Add support in s3 input for JSON with array of objects. {pull}35475[35475] - RFC5424 syslog timestamps with offset 'Z' will be treated as UTC rather than using the default timezone. {pull}35360[35360] +- Fix syslog message parsing for fortinet.firewall to take into account quoted values. {pull}35522[35522] - [system] sync system/auth dataset with system integration 1.29.0. {pull}35581[35581] +- [GCS Input] - Fixed an issue where bucket_timeout was being applied to the entire bucket poll interval and not individual bucket object read operations. Fixed a map write concurrency issue arising from data races when using a high number of workers. Fixed the flaky tests that were present in the GCS test suit. {pull}35605[35605] - Fix filestream false positive log error "filestream input with ID 'xyz' already exists" {issue}31767[31767] +- Fix error when trying to use `include_message` parser {issue}35440[35440] +- Fix handling of IPv6 unspecified addresses in TCP input. {issue}35064[35064] {pull}35637[35637] +- Fixed a minor code error in the GCS input scheduler where a config value was being used directly instead of the source struct. {pull}35729[35729] *Heartbeat* @@ -146,6 +154,8 @@ automatic splitting at root level, if root level element is an array. {pull}3415 - Fix project monitor temp directories permission to include group access. {pull}35398[35398] - Fix output pipeline exit on run_once. {pull}35376[35376] - Fix formatting issue with socket trace timeout. {pull}35434[35434] +- Update gval version. {pull}35636[35636] +- Fix serialization of processors when running diagnostics. {pull}35698[35698] *Heartbeat* @@ -192,6 +202,7 @@ automatic splitting at root level, if root level element is an array. {pull}3415 - Fix no error logs displayed in CloudWatch EC2, RDS and SQS metadata {issue}34985[34985] {pull}35035[35035] - Remove Beta warning from IIS application_pool metricset {pull}35480[35480] - Improve documentation for ActiveMQ module {issue}35113[35113] {pull}35558[35558] +- Resolve statsd module's prematurely halting of metrics parsing upon encountering an invalid packet. {pull}35075[35075] *Osquerybeat* @@ -230,6 +241,7 @@ automatic splitting at root level, if root level element is an array. {pull}3415 - Reload Beat when TLS certificates or key files are modified. {issue}34408[34408] {pull}34416[34416] - Upgrade version of elastic-agent-autodiscover to v0.6.1 for improved memory consumption on k8s. {pull}35483[35483] - Added `orchestrator.cluster.id` and `orchestrator.cluster.name` fields to the add_cloud_metadata processor, AWS cloud provider. {pull}35182[35182] +- Lowercase reported hostnames per Elastic Common Schema (ECS) guidelines for the host.name field. Upgraded github.com/elastic/go-sysinfo to 1.11.0. {pull}35652[35652] *Auditbeat* @@ -290,12 +302,16 @@ automatic splitting at root level, if root level element is an array. {pull}3415 - Add oracle authentication messages parsing {pull}35127[35127] - Add sanitization capabilities to azure-eventhub input {pull}34874[34874] - Add support for CRC validation in Filebeat's HTTP endpoint input. {pull}35204[35204] +- Add support for CRC validation in Zoom module. {pull}35604[35604] - Add execution budget to CEL input. {pull}35409[35409] - Add XML decoding support to HTTPJSON. {issue}34438[34438] {pull}35235[35235] - Add delegated account support when using Google ADC in `httpjson` input. {pull}35507[35507] - Add support for collecting `httpjson` metrics. {pull}35392[35392] - Add XML decoding support to CEL. {issue}34438[34438] {pull}35372[35372] - Mark CEL input as GA. {pull}35559[35559] +- Add metrics for gcp-pubsub input. {pull}35614[35614] +- [GCS] Added scheduler debug logs and improved the context passing mechanism by removing them from struct params and passing them as function arguments. {pull}35674[35674] +- Allow non-AWS endpoints for awss3 input. {issue}35496[35496] {pull}35520[35520] *Auditbeat* - Migration of system/package module storage from gob encoding to flatbuffer encoding in bolt db. {pull}34817[34817] @@ -324,6 +340,8 @@ automatic splitting at root level, if root level element is an array. {pull}3415 - Add GCP Carbon Footprint metricbeat data {pull}34820[34820] - Add event loop utilization metric to Kibana module {pull}35020[35020] - Support collecting metrics from both the monitoring account and linked accounts from AWS CloudWatch. {pull}35540[35540] +- Add new parameter `include_linked_accounts` to enable/disable metrics collection from multiple linked AWS Accounts {pull}35648[35648] +- Migrate Azure Billing, Monitor, and Storage metricsets to the newer SDK. {pull}33585[33585] *Osquerybeat* @@ -331,6 +349,7 @@ automatic splitting at root level, if root level element is an array. {pull}3415 *Packetbeat* - Added `packetbeat.interfaces.fanout_group` to allow a Packetbeat sniffer to join an AF_PACKET fanout group. {issue}35451[35451] {pull}35453[35453] +- Add AF_PACKET metrics. {issue}35428[35428] {pull}35489[35489] *Winlogbeat* @@ -341,6 +360,7 @@ automatic splitting at root level, if root level element is an array. {pull}3415 *Winlogbeat* - Set `host.os.type` and `host.os.family` to "windows" if not already set. {pull}35435[35435] +- Handle empty DNS answer data in QueryResults for the Sysmon Pipeline {pull}35207[35207] *Elastic Log Driver* diff --git a/NOTICE.txt b/NOTICE.txt index 09f790a04be3..96a74dcb3bfb 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -1498,12 +1498,12 @@ Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-event-hubs -------------------------------------------------------------------------------- -Dependency : github.com/elastic/azure-sdk-for-go -Version: v59.0.0-elastic-1+incompatible +Dependency : github.com/Azure/azure-sdk-for-go +Version: v59.0.0+incompatible Licence type (autodetected): MIT -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/azure-sdk-for-go@v59.0.0-elastic-1+incompatible/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-sdk-for-go@v59.0.0+incompatible/LICENSE.txt: The MIT License (MIT) @@ -1528,6 +1528,188 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-------------------------------------------------------------------------------- +Dependency : github.com/Azure/azure-sdk-for-go/sdk/azcore +Version: v1.4.0 +Licence type (autodetected): MIT +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-sdk-for-go/sdk/azcore@v1.4.0/LICENSE.txt: + +MIT License + +Copyright (c) Microsoft Corporation. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE + + +-------------------------------------------------------------------------------- +Dependency : github.com/Azure/azure-sdk-for-go/sdk/azidentity +Version: v1.2.2 +Licence type (autodetected): MIT +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-sdk-for-go/sdk/azidentity@v1.2.2/LICENSE.txt: + +MIT License + +Copyright (c) Microsoft Corporation. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE + + +-------------------------------------------------------------------------------- +Dependency : github.com/elastic/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption +Version: v1.0.1-0.20230529151645-4546c1b1f847 +Licence type (autodetected): MIT +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/elastic/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption@v1.0.1-0.20230529151645-4546c1b1f847/LICENSE.txt: + +MIT License + +Copyright (c) Microsoft Corporation. All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +-------------------------------------------------------------------------------- +Dependency : github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement +Version: v1.0.0 +Licence type (autodetected): MIT +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement@v1.0.0/LICENSE.txt: + +MIT License + +Copyright (c) Microsoft Corporation. All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +-------------------------------------------------------------------------------- +Dependency : github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor +Version: v0.8.0 +Licence type (autodetected): MIT +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor@v0.8.0/LICENSE.txt: + +MIT License + +Copyright (c) Microsoft Corporation. All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +-------------------------------------------------------------------------------- +Dependency : github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources +Version: v1.0.0 +Licence type (autodetected): MIT +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources@v1.0.0/LICENSE.txt: + +MIT License + +Copyright (c) Microsoft Corporation. All rights reserved. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + -------------------------------------------------------------------------------- Dependency : github.com/Azure/azure-sdk-for-go/sdk/storage/azblob Version: v0.4.1 @@ -1990,207 +2172,6 @@ Contents of probable licence file $GOMODCACHE/github.com/!azure/go-autorest/auto limitations under the License. --------------------------------------------------------------------------------- -Dependency : github.com/Azure/go-autorest/autorest/azure/auth -Version: v0.4.2 -Licence type (autodetected): Apache-2.0 --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/!azure/go-autorest/autorest/azure/auth@v0.4.2/LICENSE: - - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - Copyright 2015 Microsoft Corporation - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - -------------------------------------------------------------------------------- Dependency : github.com/Azure/go-autorest/autorest/date Version: v0.3.0 @@ -2426,11 +2407,11 @@ SOFTWARE. -------------------------------------------------------------------------------- Dependency : github.com/PaesslerAG/gval -Version: v1.0.0 +Version: v1.2.2 Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/!paessler!a!g/gval@v1.0.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/!paessler!a!g/gval@v1.2.2/LICENSE: Copyright (c) 2017, Paessler AG All rights reserved. @@ -2776,12 +2757,12 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- -Dependency : github.com/apache/arrow/go/v11 -Version: v11.0.0 +Dependency : github.com/apache/arrow/go/v12 +Version: v12.0.1-0.20230605094802-c153c6d36ccf Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/apache/arrow/go/v11@v11.0.0/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/apache/arrow/go/v12@v12.0.1-0.20230605094802-c153c6d36ccf/LICENSE.txt: Apache License @@ -2988,77 +2969,6 @@ Contents of probable licence file $GOMODCACHE/github.com/apache/arrow/go/v11@v11 -------------------------------------------------------------------------------- -src/plasma/fling.cc and src/plasma/fling.h: Apache 2.0 - -Copyright 2013 Sharvil Nanavati - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - --------------------------------------------------------------------------------- - -src/plasma/thirdparty/ae: Modified / 3-Clause BSD - -Copyright (c) 2006-2010, Salvatore Sanfilippo -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of Redis nor the names of its contributors may be used - to endorse or promote products derived from this software without - specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE. - --------------------------------------------------------------------------------- - -src/plasma/thirdparty/dlmalloc.c: CC0 - -This is a version (aka dlmalloc) of malloc/free/realloc written by -Doug Lea and released to the public domain, as explained at -http://creativecommons.org/publicdomain/zero/1.0/ Send questions, -comments, complaints, performance data, etc to dl@cs.oswego.edu - --------------------------------------------------------------------------------- - -src/plasma/common.cc (some portions) - -Copyright (c) Austin Appleby (aappleby (AT) gmail) - -Some portions of this file are derived from code in the MurmurHash project - -All code is released to the public domain. For business purposes, Murmurhash is -under the MIT license. - -https://sites.google.com/site/murmurhash/ - --------------------------------------------------------------------------------- - src/arrow/util (some portions): Apache 2.0, and 3-clause BSD Some portions of this module are derived from code in the Chromium project, @@ -12022,11 +11932,11 @@ OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR -------------------------------------------------------------------------------- Dependency : github.com/dustin/go-humanize -Version: v1.0.0 +Version: v1.0.1 Licence type (autodetected): MIT -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/dustin/go-humanize@v1.0.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/dustin/go-humanize@v1.0.1/LICENSE: Copyright (c) 2005-2008 Dustin Sallings @@ -12357,11 +12267,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-a -------------------------------------------------------------------------------- Dependency : github.com/elastic/elastic-agent-client/v7 -Version: v7.1.1 +Version: v7.1.2 Licence type (autodetected): Elastic -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-client/v7@v7.1.1/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-client/v7@v7.1.2/LICENSE.txt: ELASTIC LICENSE AGREEMENT @@ -12590,11 +12500,11 @@ SOFTWARE -------------------------------------------------------------------------------- Dependency : github.com/elastic/elastic-agent-libs -Version: v0.3.8 +Version: v0.3.9 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-libs@v0.3.8/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-libs@v0.3.9/LICENSE: Apache License Version 2.0, January 2004 @@ -13326,11 +13236,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-concert@v0.2 -------------------------------------------------------------------------------- Dependency : github.com/elastic/go-elasticsearch/v8 -Version: v8.2.0 +Version: v8.8.1 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/go-elasticsearch/v8@v8.2.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/elastic/go-elasticsearch/v8@v8.8.1/LICENSE: Apache License Version 2.0, January 2004 @@ -14844,11 +14754,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-structform@v -------------------------------------------------------------------------------- Dependency : github.com/elastic/go-sysinfo -Version: v1.10.2 +Version: v1.11.0 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sysinfo@v1.10.2/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/go-sysinfo@v1.11.0/LICENSE.txt: Apache License @@ -16513,12 +16423,12 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- -Dependency : github.com/godbus/dbus -Version: v0.0.0-20190422162347-ade71ed3457e +Dependency : github.com/godbus/dbus/v5 +Version: v5.0.6 Licence type (autodetected): BSD-2-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/godbus/dbus@v0.0.0-20190422162347-ade71ed3457e/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/godbus/dbus/v5@v5.0.6/LICENSE: Copyright (c) 2013, Georg Reinke (), Google All rights reserved. @@ -22141,61 +22051,6 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --------------------------------------------------------------------------------- -Dependency : github.com/shopspring/decimal -Version: v1.2.0 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/shopspring/decimal@v1.2.0/LICENSE: - -The MIT License (MIT) - -Copyright (c) 2015 Spring, Inc. - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. - -- Based on https://github.com/oguzbilgic/fpd, which has the following license: -""" -The MIT License (MIT) - -Copyright (c) 2013 Oguz Bilgic - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -""" - - -------------------------------------------------------------------------------- Dependency : github.com/spf13/cobra Version: v1.3.0 @@ -24512,11 +24367,11 @@ THE SOFTWARE. -------------------------------------------------------------------------------- Dependency : golang.org/x/crypto -Version: v0.1.0 +Version: v0.6.0 Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/golang.org/x/crypto@v0.1.0/LICENSE: +Contents of probable licence file $GOMODCACHE/golang.org/x/crypto@v0.6.0/LICENSE: Copyright (c) 2009 The Go Authors. All rights reserved. @@ -29040,75 +28895,13 @@ Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-pipeline-g OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE --------------------------------------------------------------------------------- -Dependency : github.com/Azure/azure-sdk-for-go/sdk/azcore -Version: v1.1.1 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-sdk-for-go/sdk/azcore@v1.1.1/LICENSE.txt: - -MIT License - -Copyright (c) Microsoft Corporation. - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE - - --------------------------------------------------------------------------------- -Dependency : github.com/Azure/azure-sdk-for-go/sdk/azidentity -Version: v1.0.0 -Licence type (autodetected): MIT --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-sdk-for-go/sdk/azidentity@v1.0.0/LICENSE.txt: - -MIT License - -Copyright (c) Microsoft Corporation. - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE - - -------------------------------------------------------------------------------- Dependency : github.com/Azure/azure-sdk-for-go/sdk/internal -Version: v1.0.0 +Version: v1.2.0 Licence type (autodetected): MIT -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-sdk-for-go/sdk/internal@v1.0.0/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/!azure/azure-sdk-for-go/sdk/internal@v1.2.0/LICENSE.txt: MIT License @@ -29397,6 +29190,207 @@ Contents of probable licence file $GOMODCACHE/github.com/!azure/go-autorest@v14. limitations under the License. +-------------------------------------------------------------------------------- +Dependency : github.com/Azure/go-autorest/autorest/azure/auth +Version: v0.4.2 +Licence type (autodetected): Apache-2.0 +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/!azure/go-autorest/autorest/azure/auth@v0.4.2/LICENSE: + + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright 2015 Microsoft Corporation + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + -------------------------------------------------------------------------------- Dependency : github.com/Azure/go-autorest/autorest/azure/cli Version: v0.3.1 @@ -30605,11 +30599,11 @@ Contents of probable licence file $GOMODCACHE/github.com/!azure/go-autorest/trac -------------------------------------------------------------------------------- Dependency : github.com/AzureAD/microsoft-authentication-library-for-go -Version: v0.5.1 +Version: v0.9.0 Licence type (autodetected): MIT -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/!azure!a!d/microsoft-authentication-library-for-go@v0.5.1/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/!azure!a!d/microsoft-authentication-library-for-go@v0.9.0/LICENSE: MIT License @@ -35045,11 +35039,11 @@ SOFTWARE. -------------------------------------------------------------------------------- Dependency : github.com/elastic/elastic-transport-go/v8 -Version: v8.2.0 +Version: v8.3.0 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-transport-go/v8@v8.2.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-transport-go/v8@v8.3.0/LICENSE: Apache License Version 2.0, January 2004 @@ -36296,41 +36290,6 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. --------------------------------------------------------------------------------- -Dependency : github.com/godbus/dbus/v5 -Version: v5.0.6 -Licence type (autodetected): BSD-2-Clause --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/godbus/dbus/v5@v5.0.6/LICENSE: - -Copyright (c) 2013, Georg Reinke (), Google -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - -1. Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -------------------------------------------------------------------------------- Dependency : github.com/godror/knownpb Version: v0.1.0 @@ -36543,12 +36502,12 @@ Contents of probable licence file $GOMODCACHE/github.com/godror/knownpb@v0.1.0/L -------------------------------------------------------------------------------- -Dependency : github.com/golang-jwt/jwt -Version: v3.2.1+incompatible +Dependency : github.com/golang-jwt/jwt/v4 +Version: v4.5.0 Licence type (autodetected): MIT -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/golang-jwt/jwt@v3.2.1+incompatible/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/golang-jwt/jwt/v4@v4.5.0/LICENSE: Copyright (c) 2012 Dave Grijalva Copyright (c) 2021 golang-jwt maintainers @@ -43323,11 +43282,11 @@ SOFTWARE. -------------------------------------------------------------------------------- Dependency : github.com/mattn/go-isatty -Version: v0.0.16 +Version: v0.0.17 Licence type (autodetected): MIT -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/mattn/go-isatty@v0.0.16/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/mattn/go-isatty@v0.0.17/LICENSE: Copyright (c) Yasuhiro MATSUMOTO @@ -47124,6 +47083,61 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +-------------------------------------------------------------------------------- +Dependency : github.com/shopspring/decimal +Version: v1.3.1 +Licence type (autodetected): MIT +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/shopspring/decimal@v1.3.1/LICENSE: + +The MIT License (MIT) + +Copyright (c) 2015 Spring, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +- Based on https://github.com/oguzbilgic/fpd, which has the following license: +""" +The MIT License (MIT) + +Copyright (c) 2013 Oguz Bilgic + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +""" + + -------------------------------------------------------------------------------- Dependency : github.com/sirupsen/logrus Version: v1.9.0 diff --git a/auditbeat/Dockerfile b/auditbeat/Dockerfile index 1ae89d1eb9b6..0fb6f185cd34 100644 --- a/auditbeat/Dockerfile +++ b/auditbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.19.9 +FROM golang:1.19.10 RUN \ apt-get update \ diff --git a/auditbeat/Jenkinsfile.yml b/auditbeat/Jenkinsfile.yml index 96b2aade727f..4ea656f174ea 100644 --- a/auditbeat/Jenkinsfile.yml +++ b/auditbeat/Jenkinsfile.yml @@ -60,6 +60,11 @@ stages: # - "macosM1Test" # tags: false ## for all the tags # stage: extended + rhel-9: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "rhel-9" + stage: mandatory windows-2022: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. diff --git a/auditbeat/module/file_integrity/exeobjparser_test.go b/auditbeat/module/file_integrity/exeobjparser_test.go index 1ab8ef564169..0958305afb8f 100644 --- a/auditbeat/module/file_integrity/exeobjparser_test.go +++ b/auditbeat/module/file_integrity/exeobjparser_test.go @@ -40,6 +40,10 @@ func TestExeObjParser(t *testing.T) { key := fmt.Sprintf("%s_%s", builder, format) t.Run(fmt.Sprintf("executableObject_%s_%s", format, builder), func(t *testing.T) { + if builder == "garble" && format == "pe" { + t.Skip("skipping test on garbled PE file: see https://github.com/elastic/beats/issues/35705") + } + got := make(mapstr.M) err := exeObjParser(nil).Parse(got, target) if err != nil { @@ -262,66 +266,6 @@ var want = map[string]mapstr.M{ }, }, }, - "garble_pe": { - "pe": mapstr.M{ - "import_hash": "c7269d59926fa4252270f407e4dab043", - "imphash": "c7269d59926fa4252270f407e4dab043", - "imports": []string{ - "kernel32.writefile", - "kernel32.writeconsolew", - "kernel32.waitformultipleobjects", - "kernel32.waitforsingleobject", - "kernel32.virtualquery", - "kernel32.virtualfree", - "kernel32.virtualalloc", - "kernel32.switchtothread", - "kernel32.suspendthread", - "kernel32.sleep", - "kernel32.setwaitabletimer", - "kernel32.setunhandledexceptionfilter", - "kernel32.setprocesspriorityboost", - "kernel32.setevent", - "kernel32.seterrormode", - "kernel32.setconsolectrlhandler", - "kernel32.resumethread", - "kernel32.postqueuedcompletionstatus", - "kernel32.loadlibrarya", - "kernel32.loadlibraryw", - "kernel32.setthreadcontext", - "kernel32.getthreadcontext", - "kernel32.getsysteminfo", - "kernel32.getsystemdirectorya", - "kernel32.getstdhandle", - "kernel32.getqueuedcompletionstatusex", - "kernel32.getprocessaffinitymask", - "kernel32.getprocaddress", - "kernel32.getenvironmentstringsw", - "kernel32.getconsolemode", - "kernel32.freeenvironmentstringsw", - "kernel32.exitprocess", - "kernel32.duplicatehandle", - "kernel32.createwaitabletimerexw", - "kernel32.createthread", - "kernel32.createiocompletionport", - "kernel32.createfilea", - "kernel32.createeventa", - "kernel32.closehandle", - "kernel32.addvectoredexceptionhandler", - }, - "imports_names_entropy": 4.2079021689106195, - "imports_names_var_entropy": 0.0014785066641319837, - "go_import_hash": "d41d8cd98f00b204e9800998ecf8427e", - "go_stripped": true, - "sections": []objSection{ - {Name: strPtr(".text"), Size: uint64Ptr(0x83000), Entropy: float64Ptr(6.18), VarEntropy: float64Ptr(0.0001)}, - {Name: strPtr(".rdata"), Size: uint64Ptr(0x97a00), Entropy: float64Ptr(5.10), VarEntropy: float64Ptr(0.0001)}, - {Name: strPtr(".data"), Size: uint64Ptr(0x17800), Entropy: float64Ptr(4.60), VarEntropy: float64Ptr(0.0001)}, - {Name: strPtr(".idata"), Size: uint64Ptr(0x600), Entropy: float64Ptr(3.60), VarEntropy: float64Ptr(0.0001)}, - {Name: strPtr(".reloc"), Size: uint64Ptr(0x6800), Entropy: float64Ptr(5.42), VarEntropy: float64Ptr(0.0001)}, - {Name: strPtr(".symtab"), Size: uint64Ptr(0x200), Entropy: float64Ptr(0.02), VarEntropy: float64Ptr(0.0001)}, - }, - }, - }, "go_elf": { "elf": mapstr.M{ "go_imports_names_entropy": 4.156563879566413, diff --git a/auditbeat/module/file_integrity/testdata/garble_pe_executable b/auditbeat/module/file_integrity/testdata/garble_pe_executable deleted file mode 100644 index 8436222de761..000000000000 Binary files a/auditbeat/module/file_integrity/testdata/garble_pe_executable and /dev/null differ diff --git a/filebeat/docs/inputs/input-mqtt.asciidoc b/filebeat/docs/inputs/input-mqtt.asciidoc index 87ba15442804..081f9788234c 100644 --- a/filebeat/docs/inputs/input-mqtt.asciidoc +++ b/filebeat/docs/inputs/input-mqtt.asciidoc @@ -50,7 +50,7 @@ A list of topics to subscribe to and read from. An agreement level between the sender of a message and the receiver of a message that defines the guarantee of delivery. -There are 3 QoS levels in MQTT: +There are 3 QoS levels in MQTT. Defaults to `0`: * At most once (`0`), * At least once (`1`), diff --git a/filebeat/docs/modules/zoom.asciidoc b/filebeat/docs/modules/zoom.asciidoc index e55e5934c2d8..7e0685dfe87a 100644 --- a/filebeat/docs/modules/zoom.asciidoc +++ b/filebeat/docs/modules/zoom.asciidoc @@ -29,9 +29,11 @@ include::../include/config-option-intro.asciidoc[] [float] ==== `webhook` fileset settings -When a webhook integration is created on Zoom, it will show a special token used to ensure that filebeat only handles HTTP requests from the correct source. +When a webhook integration is created on Zoom, you can create a custom header to verify webhook events. See https://developers.zoom.us/docs/api/rest/webhook-reference/#custom-header[Custom Header] for more information about this process. This is configured with the `secret.header` and `secret.value` settings as shown below. +On the other hand, Zoom also requires webhook validation for created or modified webhooks after October, 2022. This follows a challenge-response check (CRC) algorithm which is configured with the `crc.enabled` and `crc.secret` settings. Learn more about it at https://developers.zoom.us/docs/api/rest/webhook-reference/#validate-your-webhook-endpoint[Validate your webhook endpoint]. + Example config: [source,yaml] @@ -42,8 +44,10 @@ Example config: var.input: http_endpoint var.listen_address: 0.0.0.0 var.listen_port: 8080 - var.secret.header: Authorization - var.secret.value: ZOOMTOKEN + var.secret.header: x-my-custom-key + var.secret.value: my-custom-value + var.crc.enabled: true + var.crc.secret: ZOOMSECRETTOKEN ---- include::../include/var-paths.asciidoc[] diff --git a/filebeat/input/tcp/input.go b/filebeat/input/tcp/input.go index 96ae0e29d50a..c9169d860450 100644 --- a/filebeat/input/tcp/input.go +++ b/filebeat/input/tcp/input.go @@ -251,10 +251,26 @@ func (m *inputMetrics) poll(addr, addr6 []string, each time.Duration, log *logp. if badAddr != nil { log.Warnf("failed to parse IPv4 addrs for metric collection %q", badAddr) } - hasUnspecified6, addrIsUnspecified6, badAddr := containsUnspecifiedAddr(addr) + hasUnspecified6, addrIsUnspecified6, badAddr := containsUnspecifiedAddr(addr6) if badAddr != nil { log.Warnf("failed to parse IPv6 addrs for metric collection %q", badAddr) } + + // Do an initial check for access to the filesystem and of the + // value constructed by containsUnspecifiedAddr. This gives a + // base level for the rx_queue values and ensures that if the + // constructed address values are malformed we panic early + // within the period of system testing. + rx, err := procNetTCP("/proc/net/tcp", addr, hasUnspecified, addrIsUnspecified) + if err != nil { + log.Warnf("failed to get initial tcp stats from /proc: %v", err) + } + rx6, err := procNetTCP("/proc/net/tcp6", addr6, hasUnspecified6, addrIsUnspecified6) + if err != nil { + log.Warnf("failed to get initial tcp6 stats from /proc: %v", err) + } + m.rxQueue.Set(uint64(rx + rx6)) + t := time.NewTicker(each) for { select { diff --git a/filebeat/input/udp/input.go b/filebeat/input/udp/input.go index 3b0d09c7d4ea..f092c8aa9d1c 100644 --- a/filebeat/input/udp/input.go +++ b/filebeat/input/udp/input.go @@ -248,6 +248,23 @@ func (m *inputMetrics) poll(addr, addr6 []string, each time.Duration, log *logp. if badAddr != nil { log.Warnf("failed to parse IPv6 addrs for metric collection %q", badAddr) } + + // Do an initial check for access to the filesystem and of the + // value constructed by containsUnspecifiedAddr. This gives a + // base level for the rx_queue and drops values and ensures that + // if the constructed address values are malformed we panic early + // within the period of system testing. + rx, drops, err := procNetUDP("/proc/net/udp", addr, hasUnspecified, addrIsUnspecified) + if err != nil { + log.Warnf("failed to get initial udp stats from /proc: %v", err) + } + rx6, drops6, err := procNetUDP("/proc/net/udp6", addr, hasUnspecified6, addrIsUnspecified6) + if err != nil { + log.Warnf("failed to get initial udp6 stats from /proc: %v", err) + } + m.rxQueue.Set(uint64(rx + rx6)) + m.drops.Set(uint64(drops + drops6)) + t := time.NewTicker(each) for { select { diff --git a/filebeat/modules.d/apache.yml.disabled b/filebeat/modules.d/apache.yml.disabled index cd58ed77b3c2..d4fbc61659d3 100644 --- a/filebeat/modules.d/apache.yml.disabled +++ b/filebeat/modules.d/apache.yml.disabled @@ -1,5 +1,5 @@ # Module: apache -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-apache.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-apache.html - module: apache # Access logs diff --git a/filebeat/modules.d/auditd.yml.disabled b/filebeat/modules.d/auditd.yml.disabled index b63d14ffc276..8bcedafdee9a 100644 --- a/filebeat/modules.d/auditd.yml.disabled +++ b/filebeat/modules.d/auditd.yml.disabled @@ -1,5 +1,5 @@ # Module: auditd -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-auditd.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-auditd.html - module: auditd log: diff --git a/filebeat/modules.d/elasticsearch.yml.disabled b/filebeat/modules.d/elasticsearch.yml.disabled index 33ea085f7844..75236f1a6640 100644 --- a/filebeat/modules.d/elasticsearch.yml.disabled +++ b/filebeat/modules.d/elasticsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-elasticsearch.html - module: elasticsearch # Server log diff --git a/filebeat/modules.d/haproxy.yml.disabled b/filebeat/modules.d/haproxy.yml.disabled index cb0a107fb5f5..5863c5bbdf8c 100644 --- a/filebeat/modules.d/haproxy.yml.disabled +++ b/filebeat/modules.d/haproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: haproxy -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-haproxy.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-haproxy.html - module: haproxy # All logs diff --git a/filebeat/modules.d/icinga.yml.disabled b/filebeat/modules.d/icinga.yml.disabled index 1f0ba5e4de45..10ab79616eb9 100644 --- a/filebeat/modules.d/icinga.yml.disabled +++ b/filebeat/modules.d/icinga.yml.disabled @@ -1,5 +1,5 @@ # Module: icinga -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-icinga.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-icinga.html - module: icinga # Main logs diff --git a/filebeat/modules.d/iis.yml.disabled b/filebeat/modules.d/iis.yml.disabled index 6be750c8701f..868fadedbb09 100644 --- a/filebeat/modules.d/iis.yml.disabled +++ b/filebeat/modules.d/iis.yml.disabled @@ -1,5 +1,5 @@ # Module: iis -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-iis.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-iis.html - module: iis # Access logs diff --git a/filebeat/modules.d/kafka.yml.disabled b/filebeat/modules.d/kafka.yml.disabled index 0cc4fbf9fe33..fd7b00137392 100644 --- a/filebeat/modules.d/kafka.yml.disabled +++ b/filebeat/modules.d/kafka.yml.disabled @@ -1,5 +1,5 @@ # Module: kafka -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-kafka.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-kafka.html - module: kafka # All logs diff --git a/filebeat/modules.d/kibana.yml.disabled b/filebeat/modules.d/kibana.yml.disabled index 5ade4bf1439e..bc34de819a57 100644 --- a/filebeat/modules.d/kibana.yml.disabled +++ b/filebeat/modules.d/kibana.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-kibana.html - module: kibana # Server logs diff --git a/filebeat/modules.d/logstash.yml.disabled b/filebeat/modules.d/logstash.yml.disabled index 501b8bc33213..fe99eeabae47 100644 --- a/filebeat/modules.d/logstash.yml.disabled +++ b/filebeat/modules.d/logstash.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-logstash.html - module: logstash # logs diff --git a/filebeat/modules.d/mongodb.yml.disabled b/filebeat/modules.d/mongodb.yml.disabled index 4180e5985821..ac31f64bed1d 100644 --- a/filebeat/modules.d/mongodb.yml.disabled +++ b/filebeat/modules.d/mongodb.yml.disabled @@ -1,5 +1,5 @@ # Module: mongodb -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mongodb.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-mongodb.html - module: mongodb # All logs diff --git a/filebeat/modules.d/mysql.yml.disabled b/filebeat/modules.d/mysql.yml.disabled index b2c42d1f1cd8..dd5079648bc4 100644 --- a/filebeat/modules.d/mysql.yml.disabled +++ b/filebeat/modules.d/mysql.yml.disabled @@ -1,5 +1,5 @@ # Module: mysql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mysql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-mysql.html - module: mysql # Error logs diff --git a/filebeat/modules.d/nats.yml.disabled b/filebeat/modules.d/nats.yml.disabled index 2cfa45e5c193..6074f499cad7 100644 --- a/filebeat/modules.d/nats.yml.disabled +++ b/filebeat/modules.d/nats.yml.disabled @@ -1,5 +1,5 @@ # Module: nats -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-nats.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-nats.html - module: nats # All logs diff --git a/filebeat/modules.d/nginx.yml.disabled b/filebeat/modules.d/nginx.yml.disabled index 709e52630e9c..450b30c0e013 100644 --- a/filebeat/modules.d/nginx.yml.disabled +++ b/filebeat/modules.d/nginx.yml.disabled @@ -1,5 +1,5 @@ # Module: nginx -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-nginx.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-nginx.html - module: nginx # Access logs diff --git a/filebeat/modules.d/osquery.yml.disabled b/filebeat/modules.d/osquery.yml.disabled index 2def611ecbba..0740b774a527 100644 --- a/filebeat/modules.d/osquery.yml.disabled +++ b/filebeat/modules.d/osquery.yml.disabled @@ -1,5 +1,5 @@ # Module: osquery -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-osquery.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-osquery.html - module: osquery result: diff --git a/filebeat/modules.d/pensando.yml.disabled b/filebeat/modules.d/pensando.yml.disabled index 18a8b7d4efe1..1002b61bf3e9 100644 --- a/filebeat/modules.d/pensando.yml.disabled +++ b/filebeat/modules.d/pensando.yml.disabled @@ -1,5 +1,5 @@ # Module: pensando -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-pensando.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-pensando.html - module: pensando # Firewall logs diff --git a/filebeat/modules.d/postgresql.yml.disabled b/filebeat/modules.d/postgresql.yml.disabled index bec77dc84f7a..5df32fefc491 100644 --- a/filebeat/modules.d/postgresql.yml.disabled +++ b/filebeat/modules.d/postgresql.yml.disabled @@ -1,5 +1,5 @@ # Module: postgresql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-postgresql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-postgresql.html - module: postgresql # All logs diff --git a/filebeat/modules.d/redis.yml.disabled b/filebeat/modules.d/redis.yml.disabled index 31b022d2bc99..dfec32f8849b 100644 --- a/filebeat/modules.d/redis.yml.disabled +++ b/filebeat/modules.d/redis.yml.disabled @@ -1,5 +1,5 @@ # Module: redis -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-redis.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-redis.html - module: redis # Main logs diff --git a/filebeat/modules.d/santa.yml.disabled b/filebeat/modules.d/santa.yml.disabled index 4707b903ce8b..9655b1afb599 100644 --- a/filebeat/modules.d/santa.yml.disabled +++ b/filebeat/modules.d/santa.yml.disabled @@ -1,5 +1,5 @@ # Module: santa -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-santa.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-santa.html - module: santa log: diff --git a/filebeat/modules.d/system.yml.disabled b/filebeat/modules.d/system.yml.disabled index 1302c6374da8..4171c65f7ad2 100644 --- a/filebeat/modules.d/system.yml.disabled +++ b/filebeat/modules.d/system.yml.disabled @@ -1,5 +1,5 @@ # Module: system -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-system.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-system.html - module: system # Syslog diff --git a/filebeat/modules.d/traefik.yml.disabled b/filebeat/modules.d/traefik.yml.disabled index cc65ce2de9cd..440028cc1823 100644 --- a/filebeat/modules.d/traefik.yml.disabled +++ b/filebeat/modules.d/traefik.yml.disabled @@ -1,5 +1,5 @@ # Module: traefik -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-traefik.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-traefik.html - module: traefik # Access logs diff --git a/filebeat/tests/load/load.py b/filebeat/tests/load/load.py index 5e0fdd8979b4..12bdac849e0f 100644 --- a/filebeat/tests/load/load.py +++ b/filebeat/tests/load/load.py @@ -34,5 +34,5 @@ randomString = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(length)) log_message = timestamp + " " + str(count) + " " + str(uuid.uuid4()) + " " + randomString my_logger.debug(log_message) - count = count + 1 + count += 1 time.sleep(sleepTime) diff --git a/filebeat/tests/open-file-handlers/log_file.py b/filebeat/tests/open-file-handlers/log_file.py index 6299449a4cf0..12e76b8240f6 100644 --- a/filebeat/tests/open-file-handlers/log_file.py +++ b/filebeat/tests/open-file-handlers/log_file.py @@ -22,7 +22,7 @@ while True: # for i in range(0, 10000): time.sleep(random.uniform(0, 0.1)) - i = i + 1 + i += 1 # Tries to cause some more heavy peaks events = random.randrange(10) + 1 for n in range(events): diff --git a/filebeat/tests/system/test_tcp.py b/filebeat/tests/system/test_tcp.py index 2f98e95c8ba6..c6a7e2178e96 100644 --- a/filebeat/tests/system/test_tcp.py +++ b/filebeat/tests/system/test_tcp.py @@ -37,7 +37,13 @@ def test_tcp_with_rfc6587_octet(self): """ self.send_events_with_rfc6587_framing("octet") - def send_events_with_delimiter(self, delimiter): + def test_tcp_with_wildcard_address(self): + """ + Test TCP input with it binding to the wildcard address 0.0.0.0. + """ + self.send_events_with_delimiter("\n", bind="0.0.0.0") + + def send_events_with_delimiter(self, delimiter, bind="127.0.0.1"): host = "127.0.0.1" port = 8080 input_raw = """ @@ -50,7 +56,7 @@ def send_events_with_delimiter(self, delimiter): if delimiter != "": input_raw += "\n line_delimiter: {}".format(delimiter) - input_raw = input_raw.format(host, port) + input_raw = input_raw.format(bind, port) self.render_config_template( input_raw=input_raw, diff --git a/filebeat/tests/system/test_udp.py b/filebeat/tests/system/test_udp.py index 7a8b73489bde..71896e75ebbd 100644 --- a/filebeat/tests/system/test_udp.py +++ b/filebeat/tests/system/test_udp.py @@ -8,6 +8,19 @@ class Test(BaseTest): @unittest.skipIf(os.name == 'nt', 'flaky test https://github.com/elastic/beats/issues/22809') def test_udp(self): + """ + Test UDP input with it binding to 127.0.0.1 (default). + """ + self.send_events_with_bind() + + @unittest.skipIf(os.name == 'nt', 'flaky test https://github.com/elastic/beats/issues/22809') + def test_udp_with_wildcard_address(self): + """ + Test UDP input with it binding to the wildcard address 0.0.0.0. + """ + self.send_events_with_bind(bind="0.0.0.0") + + def send_events_with_bind(self, bind="127.0.0.1"): host = "127.0.0.1" port = 8080 @@ -17,7 +30,7 @@ def test_udp(self): enabled: true """ - input_raw = input_raw.format(host, port) + input_raw = input_raw.format(bind, port) self.render_config_template( input_raw=input_raw, diff --git a/go.mod b/go.mod index 8979b89cb455..58404c39ee69 100644 --- a/go.mod +++ b/go.mod @@ -14,11 +14,10 @@ require ( github.com/Azure/azure-storage-blob-go v0.8.0 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest/autorest v0.11.19 - github.com/Azure/go-autorest/autorest/azure/auth v0.4.2 github.com/Azure/go-autorest/autorest/date v0.3.0 github.com/Masterminds/semver v1.5.0 // indirect github.com/Microsoft/go-winio v0.6.1 - github.com/PaesslerAG/gval v1.0.0 + github.com/PaesslerAG/gval v1.2.2 github.com/PaesslerAG/jsonpath v0.1.1 github.com/Shopify/sarama v1.27.0 github.com/StackExchange/wmi v1.2.1 @@ -67,10 +66,10 @@ require ( github.com/dolmen-go/contextio v0.0.0-20200217195037-68fc5150bcd5 github.com/dop251/goja v0.0.0-20200831102558-9af81ddcf0e1 github.com/dop251/goja_nodejs v0.0.0-20171011081505-adff31b136e6 - github.com/dustin/go-humanize v1.0.0 + github.com/dustin/go-humanize v1.0.1 github.com/eapache/go-resiliency v1.2.0 github.com/eclipse/paho.mqtt.golang v1.3.5 - github.com/elastic/elastic-agent-client/v7 v7.1.1 + github.com/elastic/elastic-agent-client/v7 v7.1.2 github.com/elastic/go-concert v0.2.0 github.com/elastic/go-libaudit/v2 v2.3.2 github.com/elastic/go-licenser v0.4.1 @@ -79,7 +78,7 @@ require ( github.com/elastic/go-perf v0.0.0-20191212140718-9c656876f595 github.com/elastic/go-seccomp-bpf v1.3.0 github.com/elastic/go-structform v0.0.10 - github.com/elastic/go-sysinfo v1.10.2 + github.com/elastic/go-sysinfo v1.11.0 github.com/elastic/go-ucfg v0.8.6 github.com/elastic/gosigar v0.14.2 github.com/fatih/color v1.13.0 @@ -90,7 +89,7 @@ require ( github.com/go-sql-driver/mysql v1.6.0 github.com/go-test/deep v1.0.7 github.com/gocarina/gocsv v0.0.0-20170324095351-ffef3ffc77be - github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e + github.com/godbus/dbus/v5 v5.0.6 github.com/godror/godror v0.33.2 github.com/gofrs/flock v0.8.1 github.com/gofrs/uuid v4.2.0+incompatible @@ -138,7 +137,7 @@ require ( github.com/samuel/go-parser v0.0.0-20130731160455-ca8abbf65d0e // indirect github.com/samuel/go-thrift v0.0.0-20140522043831-2187045faa54 github.com/sanathkr/yaml v1.0.1-0.20170819201035-0056894fa522 // indirect - github.com/shopspring/decimal v1.2.0 + github.com/shopspring/decimal v1.3.1 // indirect github.com/spf13/cobra v1.3.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.2 @@ -153,7 +152,7 @@ require ( go.uber.org/atomic v1.10.0 go.uber.org/multierr v1.10.0 go.uber.org/zap v1.24.0 - golang.org/x/crypto v0.1.0 + golang.org/x/crypto v0.6.0 golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 golang.org/x/mod v0.9.0 golang.org/x/net v0.9.0 @@ -185,9 +184,15 @@ require ( require ( cloud.google.com/go v0.105.0 cloud.google.com/go/redis v1.10.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2 + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption v1.0.0 + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement v1.0.0 + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor v0.8.0 + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 github.com/Azure/go-autorest/autorest/adal v0.9.14 - github.com/apache/arrow/go/v11 v11.0.0 + github.com/apache/arrow/go/v12 v12.0.1-0.20230605094802-c153c6d36ccf github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.7 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.17 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.20.4 @@ -196,10 +201,10 @@ require ( github.com/awslabs/kinesis-aggregation/go/v2 v2.0.0-20220623125934-28468a6701b5 github.com/elastic/bayeux v1.0.5 github.com/elastic/elastic-agent-autodiscover v0.6.1 - github.com/elastic/elastic-agent-libs v0.3.8 + github.com/elastic/elastic-agent-libs v0.3.9 github.com/elastic/elastic-agent-shipper-client v0.5.1-0.20230228231646-f04347b666f3 github.com/elastic/elastic-agent-system-metrics v0.6.1 - github.com/elastic/go-elasticsearch/v8 v8.2.0 + github.com/elastic/go-elasticsearch/v8 v8.8.1 github.com/elastic/mito v1.3.0 github.com/elastic/toutoumomoma v0.0.0-20221026030040-594ef30cb640 github.com/foxcpp/go-mockdns v0.0.0-20201212160233-ede2f9158d15 @@ -225,16 +230,14 @@ require ( code.cloudfoundry.org/gofileutils v0.0.0-20170111115228-4d0c80011a0f // indirect github.com/Azure/azure-amqp-common-go/v3 v3.2.1 // indirect github.com/Azure/azure-pipeline-go v0.2.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0 // indirect github.com/Azure/go-amqp v0.16.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest/azure/cli v0.3.1 // indirect github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0 // indirect github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c // indirect github.com/andybalholm/brotli v1.0.5 // indirect github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect @@ -256,12 +259,11 @@ require ( github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgraph-io/ristretto v0.1.0 // indirect - github.com/dimchansky/utfbom v1.1.0 // indirect github.com/dnephin/pflag v1.0.7 // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21 // indirect github.com/eapache/queue v1.1.0 // indirect - github.com/elastic/elastic-transport-go/v8 v8.2.0 // indirect + github.com/elastic/elastic-transport-go/v8 v8.3.0 // indirect github.com/elastic/go-windows v1.0.1 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/fearful-symmetry/gomsr v0.0.1 // indirect @@ -274,6 +276,7 @@ require ( github.com/gobuffalo/here v0.6.7 // indirect github.com/goccy/go-json v0.9.11 // indirect github.com/godror/knownpb v0.1.0 // indirect + github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect github.com/golang-sql/sqlexp v0.1.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -304,10 +307,11 @@ require ( github.com/klauspost/asmfmt v1.3.2 // indirect github.com/klauspost/compress v1.16.5 // indirect github.com/klauspost/cpuid/v2 v2.0.9 // indirect + github.com/kylelemons/godebug v1.1.0 // indirect github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/markbates/pkger v0.17.1 // indirect - github.com/mattn/go-isatty v0.0.16 // indirect + github.com/mattn/go-isatty v0.0.17 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8 // indirect @@ -363,7 +367,6 @@ require ( cloud.google.com/go/storage v1.27.0 github.com/dlclark/regexp2 v1.4.0 // indirect github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/godbus/dbus/v5 v5.0.6 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect github.com/yuin/gopher-lua v0.0.0-20170403160031-b402f3114ec7 // indirect @@ -371,7 +374,7 @@ require ( ) replace ( - github.com/Azure/azure-sdk-for-go => github.com/elastic/azure-sdk-for-go v59.0.0-elastic-1+incompatible + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption => github.com/elastic/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption v1.0.1-0.20230529151645-4546c1b1f847 github.com/Microsoft/go-winio => github.com/bi-zone/go-winio v0.4.15 github.com/Shopify/sarama => github.com/elastic/sarama v1.19.1-0.20220310193331-ebc2b0d8eef3 github.com/apoydence/eachers => github.com/poy/eachers v0.0.0-20181020210610-23942921fe77 //indirect, see https://github.com/elastic/beats/pull/29780 for details. diff --git a/go.sum b/go.sum index 1e1f40959ab4..1e3423cdcae8 100644 --- a/go.sum +++ b/go.sum @@ -92,14 +92,26 @@ github.com/Azure/azure-pipeline-go v0.1.8/go.mod h1:XA1kFWRVhSK+KNFiOhfv83Fv8L9a github.com/Azure/azure-pipeline-go v0.1.9/go.mod h1:XA1kFWRVhSK+KNFiOhfv83Fv8L9achrP7OxIzeTn1Yg= github.com/Azure/azure-pipeline-go v0.2.1 h1:OLBdZJ3yvOn2MezlWvbrBMTEUQC72zAftRZOMdj5HYo= github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= +github.com/Azure/azure-sdk-for-go v41.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v51.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v55.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v59.0.0+incompatible h1:I1ULJqny1qQhUBFy11yDXHhW3pLvbhwV0PTn7mjp9V0= +github.com/Azure/azure-sdk-for-go v59.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 h1:tz19qLF65vuu2ibfTqGVJxG/zZAI27NEIIbvAOQwYbw= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0 h1:rTnT/Jrcm+figWlYz4Ixzt0SJVR2cMC8lvZcimipiEY= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.4.0/go.mod h1:ON4tFdPTwRcgWEaVDrN3584Ef+b7GgSJaXxe5fW9t4M= github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0 h1:Yoicul8bnVdQrhDMTHxdEckRGX01XvwXDHUT9zYZ3k0= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2 h1:uqM+VoHjVH6zdlkLF2b6O0ZANcHoj3rO0PoQ3jglUJA= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.2.2/go.mod h1:twTKAa1E6hLmSDjLhaCkbTMQKc7p/rNLU40rLxGEOCI= github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 h1:jp0dGvZ7ZK0mgqnTSClMxa5xuRL7NZgHameVYF6BurY= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0 h1:leh5DwKv6Ihwi+h60uHtn6UWAxBbZ0q8DwQVMzf61zw= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.2.0/go.mod h1:eWRD7oawr1Mu1sLCawqVc0CUiF43ia3qQMxLscsKQ9w= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement v1.0.0 h1:8L7OWiGwm6qe2U3zDv3K3WDXwOOgurDu7qw6Mv86Nlw= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement v1.0.0/go.mod h1:A8BFugBY4i+NVB3A87dK5jR0q765uv4KY8fE8o+sCcM= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor v0.8.0 h1:dKxKBzh+XIEoYNmx/c8HeiwghuRExXf61WmVotWESeA= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor v0.8.0/go.mod h1:kzRLpzzlw6eBUXE7eBw3oqfmKR/kxaHOk4+h9sAe6Yo= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0 h1:ECsQtyERDVz3NP3kvDOTLvbQhqWp/x9EsGKtb4ogUr8= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0/go.mod h1:s1tW/At+xHqjNFvWU4G0c0Qv33KOhvbGNj0RCTQDV8s= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1 h1:QSdcrd/UFJv6Bp/CfoVf2SrENpFn9P6Yh8yb+xNhYMM= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1/go.mod h1:eZ4g6GUvXiGulfIbbhh1Xr4XwUYaYaWMqzGD/284wCA= github.com/Azure/azure-storage-blob-go v0.6.0/go.mod h1:oGfmITT1V6x//CswqY2gtAHND+xIP64/qL7a5QJix0Y= @@ -155,8 +167,8 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= -github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 h1:BWe8a+f/t+7KY7zH2mqygeUD0t8hNFXe08p1Pb3/jKE= -github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= +github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0 h1:UE9n9rkJF62ArLb1F3DEjRt8O3jLwMWdSoypKV4f3MU= +github.com/AzureAD/microsoft-authentication-library-for-go v0.9.0/go.mod h1:kgDmCTgBzIEPFElEF+FK0SdjAor06dRq2Go927dnQ6o= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= @@ -175,8 +187,9 @@ github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEY github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/PaesslerAG/gval v1.0.0 h1:GEKnRwkWDdf9dOmKcNrar9EA1bz1z9DqPIO1+iLzhd8= github.com/PaesslerAG/gval v1.0.0/go.mod h1:y/nm5yEyTeX6av0OfKJNp9rBNj2XrGhAf5+v24IBN1I= +github.com/PaesslerAG/gval v1.2.2 h1:Y7iBzhgE09IGTt5QgGQ2IdaYYYOU134YGHBThD+wm9E= +github.com/PaesslerAG/gval v1.2.2/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbVR+C6xac= github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8= github.com/PaesslerAG/jsonpath v0.1.1 h1:c1/AToHQMVsduPAa4Vh6xp2U0evy4t8SWp8imEsylIk= github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY= @@ -220,8 +233,8 @@ github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/g github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/apache/arrow/go/arrow v0.0.0-20191024131854-af6fa24be0db/go.mod h1:VTxUBvSJ3s3eHAg65PNgrsn5BtqCRPdmyXh6rAfdxN0= github.com/apache/arrow/go/arrow v0.0.0-20200923215132-ac86123a3f01/go.mod h1:QNYViu/X0HXDHw7m3KXzWSVXIbfUvJqBFe6Gj8/pYA0= -github.com/apache/arrow/go/v11 v11.0.0 h1:hqauxvFQxww+0mEU/2XHG6LT7eZternCZq+A5Yly2uM= -github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= +github.com/apache/arrow/go/v12 v12.0.1-0.20230605094802-c153c6d36ccf h1:s5MDQXJmEalr0Urt0rPlX5UAE2BcHTiex/2Lt2O9p84= +github.com/apache/arrow/go/v12 v12.0.1-0.20230605094802-c153c6d36ccf/go.mod h1:weuTY7JvTG/HDPtMQxEUp7pU73vkLWMLpY67QwZ/WWw= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= @@ -483,8 +496,9 @@ github.com/dolmen-go/contextio v0.0.0-20200217195037-68fc5150bcd5/go.mod h1:cxc2 github.com/dop251/goja_nodejs v0.0.0-20171011081505-adff31b136e6 h1:RrkoB0pT3gnjXhL/t10BSP1mcr/0Ldea2uMyuBr2SWk= github.com/dop251/goja_nodejs v0.0.0-20171011081505-adff31b136e6/go.mod h1:hn7BA7c8pLvoGndExHudxTDKZ84Pyvv+90pbBjbTz0Y= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= +github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= +github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-resiliency v1.2.0 h1:v7g92e/KSN71Rq7vSThKaWIq68fL4YHvWyiUKorFR1Q= github.com/eapache/go-resiliency v1.2.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= @@ -496,32 +510,31 @@ github.com/eclipse/paho.mqtt.golang v1.2.0/go.mod h1:H9keYFcgq3Qr5OUJm/JZI/i6U7j github.com/eclipse/paho.mqtt.golang v1.3.5 h1:sWtmgNxYM9P2sP+xEItMozsR3w0cqZFlqnNN1bdl41Y= github.com/eclipse/paho.mqtt.golang v1.3.5/go.mod h1:eTzb4gxwwyWpqBUHGQZ4ABAV7+Jgm1PklsYT/eo8Hcc= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= -github.com/elastic/azure-sdk-for-go v59.0.0-elastic-1+incompatible h1:jlUO91EFZuvAO+2Zg+WdV0iTWe/x1X8maTxdYIKCWu4= -github.com/elastic/azure-sdk-for-go v59.0.0-elastic-1+incompatible/go.mod h1:4zuQekLQi489ShcqTmS1Zj1ta0qrcNBlSuGa+ziu2vM= +github.com/elastic/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption v1.0.1-0.20230529151645-4546c1b1f847 h1:mq1EgP1RJ86MiuFQa2M5/0d5raYAWeZ08ryDdq7zulg= +github.com/elastic/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption v1.0.1-0.20230529151645-4546c1b1f847/go.mod h1:0vCBR1wgGwZeGmloJ+eCWIZF2S47grTXRzj2mftg2Nk= github.com/elastic/bayeux v1.0.5 h1:UceFq01ipmT3S8DzFK+uVAkbCdiPR0Bqei8qIGmUeY0= github.com/elastic/bayeux v1.0.5/go.mod h1:CSI4iP7qeo5MMlkznGvYKftp8M7qqP/3nzmVZoXHY68= github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3 h1:lnDkqiRFKm0rxdljqrj3lotWinO9+jFmeDXIC4gvIQs= github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3/go.mod h1:aPqzac6AYkipvp4hufTyMj5PDIphF3+At8zr7r51xjY= github.com/elastic/elastic-agent-autodiscover v0.6.1 h1:vXR+3QVDL7Ij7IMKul13iIiDmM66HsX6MS6I0T4O8gw= github.com/elastic/elastic-agent-autodiscover v0.6.1/go.mod h1:yXYKFAG+Py+TcE4CCR8EAbJiYb+6Dz9sCDoWgOveqtU= -github.com/elastic/elastic-agent-client/v7 v7.1.1 h1:Mob9Nme43P2FGyTQqLWQOWB1d5b54quXc7FPTPyzIic= -github.com/elastic/elastic-agent-client/v7 v7.1.1/go.mod h1:zz0T6l1XcG3kLyDrW8hY8bpI9fES9qkXI3vanY9e0d8= -github.com/elastic/elastic-agent-libs v0.3.8 h1:kj8yNIu/dYrAfxXZKTmCsEgP6agAvmCra22TKTGsU+M= -github.com/elastic/elastic-agent-libs v0.3.8/go.mod h1:h48hzjQcn6XPwfWRM5HimAKlsG0J92ULgAzdX+WedA8= +github.com/elastic/elastic-agent-client/v7 v7.1.2 h1:p6KvvDMoFCBPvchxcx9cRXpRjsDaii0m/wE3lqQxpmM= +github.com/elastic/elastic-agent-client/v7 v7.1.2/go.mod h1:G3Mk1pHXxvj3wC5FvsGUlPOsvapTB5SfrUmWiJDXT6Q= +github.com/elastic/elastic-agent-libs v0.3.9 h1:2xbZUOM20Q9ni3dkNjj8r274fub22SuLqi6SedknV7g= +github.com/elastic/elastic-agent-libs v0.3.9/go.mod h1:Fy5QqIOax0EOVeQJ2l5Ux+GmJsX549Obllru5R1bHLI= github.com/elastic/elastic-agent-shipper-client v0.5.1-0.20230228231646-f04347b666f3 h1:sb+25XJn/JcC9/VL8HX4r4QXSUq4uTNzGS2kxOE7u1U= github.com/elastic/elastic-agent-shipper-client v0.5.1-0.20230228231646-f04347b666f3/go.mod h1:rWarFM7qYxJKsi9WcV6ONcFjH/NA3niDNpTxO+8/GVI= github.com/elastic/elastic-agent-system-metrics v0.6.1 h1:LCN1lvQTkdUuU/rKlpKyVMDU/G/I8/iZWCaW6K+mo4o= github.com/elastic/elastic-agent-system-metrics v0.6.1/go.mod h1:Bj8XM/uNKm553blQHkGNEICRLGnVEtw8yttmV5vBngA= -github.com/elastic/elastic-transport-go/v8 v8.1.0/go.mod h1:87Tcz8IVNe6rVSLdBux1o/PEItLtyabHU3naC7IoqKI= -github.com/elastic/elastic-transport-go/v8 v8.2.0 h1:hkK5IIs/15mpSXzd5THWVlWTKJyMw6cbCWM3T/B2S5E= -github.com/elastic/elastic-transport-go/v8 v8.2.0/go.mod h1:87Tcz8IVNe6rVSLdBux1o/PEItLtyabHU3naC7IoqKI= +github.com/elastic/elastic-transport-go/v8 v8.3.0 h1:DJGxovyQLXGr62e9nDMPSxRyWION0Bh6d9eCFBriiHo= +github.com/elastic/elastic-transport-go/v8 v8.3.0/go.mod h1:87Tcz8IVNe6rVSLdBux1o/PEItLtyabHU3naC7IoqKI= github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 h1:cWPqxlPtir4RoQVCpGSRXmLqjEHpJKbR60rxh1nQZY4= github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270/go.mod h1:Msl1pdboCbArMF/nSCDUXgQuWTeoMmE/z8607X+k7ng= github.com/elastic/glog v1.0.1-0.20210831205241-7d8b5c89dfc4/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/elastic/go-concert v0.2.0 h1:GAQrhRVXprnNjtvTP9pWJ1d4ToEA4cU5ci7TwTa20xg= github.com/elastic/go-concert v0.2.0/go.mod h1:HWjpO3IAEJUxOeaJOWXWEp7imKd27foxz9V5vegC/38= -github.com/elastic/go-elasticsearch/v8 v8.2.0 h1:oagGcb1gqxT7yWpQ3E7wMP3NhGRamsKVd7kRdbuI+/Y= -github.com/elastic/go-elasticsearch/v8 v8.2.0/go.mod h1:yY52i2Vj0unLz+N3Nwx1gM5LXwoj3h2dgptNGBYkMLA= +github.com/elastic/go-elasticsearch/v8 v8.8.1 h1:/OiP5Yex40q5eWpzFVQIS8jRE7SaEZrFkG9JbE6TXtY= +github.com/elastic/go-elasticsearch/v8 v8.8.1/go.mod h1:GU1BJHO7WeamP7UhuElYwzzHtvf9SDmeVpSSy9+o6Qg= github.com/elastic/go-libaudit/v2 v2.3.2 h1:qWNcA3nkwNEGh1UBDbDTVF55KR6SM1W2Ji1LGDqFEpw= github.com/elastic/go-libaudit/v2 v2.3.2/go.mod h1:+ZE0czqmbqtnRkl0fNgpI+HvVVRo/ZMJdcXv/PaKcOo= github.com/elastic/go-licenser v0.4.0/go.mod h1:V56wHMpmdURfibNBggaSBfqgPxyT1Tldns1i87iTEvU= @@ -540,8 +553,8 @@ github.com/elastic/go-seccomp-bpf v1.3.0/go.mod h1:wIMxjTbKpWGQk4CV9WltlG6haB4br github.com/elastic/go-structform v0.0.10 h1:oy08o/Ih2hHTkNcRY/1HhaYvIp5z6t8si8gnCJPDo1w= github.com/elastic/go-structform v0.0.10/go.mod h1:CZWf9aIRYY5SuKSmOhtXScE5uQiLZNqAFnwKR4OrIM4= github.com/elastic/go-sysinfo v1.7.1/go.mod h1:i1ZYdU10oLNfRzq4vq62BEwD2fH8KaWh6eh0ikPT9F0= -github.com/elastic/go-sysinfo v1.10.2 h1:DK4pBq7AHwUY+3gcBykvFmWJQWEtv01Jes3v7ss1RVI= -github.com/elastic/go-sysinfo v1.10.2/go.mod h1:6KQb31j0QeWBDF88jIdWSxE8cwoOB9tO4Y4osN7Q70E= +github.com/elastic/go-sysinfo v1.11.0 h1:QW+6BF1oxBoAprH3w2yephF7xLkrrSXj7gl2xC2BM4w= +github.com/elastic/go-sysinfo v1.11.0/go.mod h1:6KQb31j0QeWBDF88jIdWSxE8cwoOB9tO4Y4osN7Q70E= github.com/elastic/go-ucfg v0.8.6 h1:stUeyh2goTgGX+/wb9gzKvTv0YB0231LTpKUgCKj4U0= github.com/elastic/go-ucfg v0.8.6/go.mod h1:4E8mPOLSUV9hQ7sgLEJ4bvt0KhMuDJa8joDT2QGAEKA= github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU= @@ -768,7 +781,6 @@ github.com/gocarina/gocsv v0.0.0-20170324095351-ffef3ffc77be h1:zXHeEEJ231bTf/IX github.com/gocarina/gocsv v0.0.0-20170324095351-ffef3ffc77be/go.mod h1:/oj50ZdPq/cUjA02lMZhijk5kR31SEydKyqah1OgBuo= github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk= github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= -github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -793,8 +805,8 @@ github.com/gogo/protobuf v1.2.2-0.20190730201129-28a6bbf47e48/go.mod h1:SlYgWuQ5 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c= -github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= +github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A= @@ -1200,8 +1212,8 @@ github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcME github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= -github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= +github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= @@ -1264,7 +1276,6 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= -github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mschoch/smat v0.0.0-20160514031455-90eadee771ae/go.mod h1:qAyveg+e4CE+eKJXWVjKXM4ck2QobLqTDytGJbLLhJg= @@ -1360,7 +1371,6 @@ github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFu github.com/pierrre/gotestcover v0.0.0-20160517101806-924dca7d15f0 h1:i5VIxp6QB8oWZ8IkK8zrDgeT6ORGIUeiN+61iETwJbI= github.com/pierrre/gotestcover v0.0.0-20160517101806-924dca7d15f0/go.mod h1:4xpMLz7RBWyB+ElzHu8Llua96TRCB3YwX+l5EP1wmHk= github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4/go.mod h1:4OwLy04Bl9Ef3GJJCoec+30X3LQs/0/m4HFRt/2LUSA= -github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= @@ -1479,8 +1489,8 @@ github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKl github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= github.com/shirou/gopsutil/v3 v3.21.12 h1:VoGxEW2hpmz0Vt3wUvHIl9fquzYLNpVpgNNB7pGJimA= github.com/shirou/gopsutil/v3 v3.21.12/go.mod h1:BToYZVTlSVlfazpDDYFnsVZLaoRG+g8ufT6fPQLdJzA= -github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= -github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= +github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw= @@ -1734,8 +1744,8 @@ golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= diff --git a/heartbeat/Dockerfile b/heartbeat/Dockerfile index 22353de1879e..e57d265d33ff 100644 --- a/heartbeat/Dockerfile +++ b/heartbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.19.9 +FROM golang:1.19.10 RUN \ apt-get update \ diff --git a/heartbeat/beater/heartbeat.go b/heartbeat/beater/heartbeat.go index ad47a545ed6c..26a58af73017 100644 --- a/heartbeat/beater/heartbeat.go +++ b/heartbeat/beater/heartbeat.go @@ -92,6 +92,7 @@ func New(b *beat.Beat, rawConfig *conf.C) (beat.Beater, error) { esClient, err := makeESClient(b.Config.Output.Config(), 3, 2*time.Second) if err != nil { if parsedConfig.RunOnce { + trace.Abort() return nil, fmt.Errorf("run_once mode fatal error: %w", err) } else { logp.L().Warnf("skipping monitor state management: %w", err) @@ -156,16 +157,8 @@ func New(b *beat.Beat, rawConfig *conf.C) (beat.Beater, error) { // Run executes the beat. func (bt *Heartbeat) Run(b *beat.Beat) error { - err := bt.trace.Write("start") - if err != nil { - logp.L().Errorf("could not start trace: %s", err) - } - defer func() { - err := bt.trace.Close() - if err != nil { - logp.L().Errorf("could not close trace: %s", err) - } - }() + bt.trace.Start() + defer bt.trace.Close() logp.L().Info("heartbeat is running! Hit CTRL-C to stop it.") groups, _ := syscall.Getgroups() diff --git a/heartbeat/tracer/tracer.go b/heartbeat/tracer/tracer.go index d9f3601069fc..7cf849c6e850 100644 --- a/heartbeat/tracer/tracer.go +++ b/heartbeat/tracer/tracer.go @@ -27,8 +27,9 @@ import ( ) type Tracer interface { - Write(string) error - Close() error + Start() + Abort() + Close() } type SockTracer struct { @@ -36,6 +37,12 @@ type SockTracer struct { sock net.Conn } +const ( + MSG_START = "start" + MSG_STOP = "stop" + MSG_ABORT = "abort" +) + func NewSockTracer(path string, wait time.Duration) (st SockTracer, err error) { st.path = path delay := time.Millisecond * 250 @@ -63,28 +70,54 @@ func NewSockTracer(path string, wait time.Duration) (st SockTracer, err error) { return st, nil } -func (st SockTracer) Write(message string) error { +func (st SockTracer) Start() { + err := st.write(MSG_START) + if err != nil { + logp.L().Errorf("could not write start trace message: %s", err) + } +} + +func (st SockTracer) Abort() { + err := st.write(MSG_ABORT) + if err != nil { + logp.L().Errorf("could not write abort trace message: %s", err) + } + st.closeSock() +} + +func (st SockTracer) Close() { + err := st.write(MSG_STOP) + if err != nil { + logp.L().Errorf("could not write stop trace message: %s", err) + } + st.closeSock() +} + +func (st SockTracer) closeSock() { + err := st.sock.Close() + if err != nil { + logp.L().Errorf("could not close trace sock: %s", err) + } +} + +func (st SockTracer) write(message string) error { // Note, we don't need to worry about partial writes here: https://pkg.go.dev/io?utm_source=godoc#Writer // an error will be returned here, which shouldn't really happen with unix sockets only _, err := st.sock.Write([]byte(message + "\n")) return err } -func (st SockTracer) Close() error { - _ = st.Write("stop") - return st.sock.Close() -} - type NoopTracer struct{} func NewNoopTracer() NoopTracer { return NoopTracer{} } -func (nt NoopTracer) Write(message string) error { - return nil +func (nt NoopTracer) Start() { +} + +func (nt NoopTracer) Abort() { } -func (nt NoopTracer) Close() error { - return nil +func (nt NoopTracer) Close() { } diff --git a/heartbeat/tracer/tracer_test.go b/heartbeat/tracer/tracer_test.go index d04eae6a0483..fc7d22762484 100644 --- a/heartbeat/tracer/tracer_test.go +++ b/heartbeat/tracer/tracer_test.go @@ -32,25 +32,51 @@ import ( ) func TestSockTracer(t *testing.T) { - sockName, err := uuid.NewRandom() - require.NoError(t, err) - sockPath := filepath.Join(os.TempDir(), sockName.String()) + t.Parallel() + tests := []struct { + name string + testF func(t *testing.T, st SockTracer, listenRes chan []string) + }{ + { + "start/stop", + func(t *testing.T, st SockTracer, listenRes chan []string) { + st.Start() + st.Close() + + got := <-listenRes + require.Equal(t, []string{MSG_START, MSG_STOP}, got) + }, + }, + { + "abort", + func(t *testing.T, st SockTracer, listenRes chan []string) { + st.Abort() + + got := <-listenRes + require.Equal(t, []string{MSG_ABORT}, got) + }, + }, + } - listenRes := make(chan []string) - go func() { - listenRes <- listenTilClosed(t, sockPath) - }() + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() - st, err := NewSockTracer(sockPath, time.Second) - require.NoError(t, err) + sockName, err := uuid.NewRandom() + require.NoError(t, err) + sockPath := filepath.Join(os.TempDir(), sockName.String()) - err = st.Write("start") - require.NoError(t, err) - err = st.Close() - require.NoError(t, err) + listenRes := make(chan []string) + go func() { + listenRes <- listenTilClosed(t, sockPath) + }() - got := <-listenRes - require.Equal(t, got, []string{"start", "stop"}) + st, err := NewSockTracer(sockPath, time.Second) + require.NoError(t, err) + tt.testF(t, st, listenRes) + }) + } } func TestSockTracerWaitFail(t *testing.T) { diff --git a/libbeat/cfgfile/list.go b/libbeat/cfgfile/list.go index e99aacddad98..21c3ec36caef 100644 --- a/libbeat/cfgfile/list.go +++ b/libbeat/cfgfile/list.go @@ -18,14 +18,16 @@ package cfgfile import ( + "errors" + "fmt" "sync" "github.com/joeshaw/multierror" "github.com/mitchellh/hashstructure" - "github.com/pkg/errors" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" "github.com/elastic/beats/v7/libbeat/common/reload" "github.com/elastic/beats/v7/libbeat/publisher/pipetool" "github.com/elastic/elastic-agent-libs/config" @@ -68,7 +70,7 @@ func (r *RunnerList) Reload(configs []*reload.ConfigWithMeta) error { hash, err := HashConfig(config.Config) if err != nil { r.logger.Errorf("Unable to hash given config: %s", err) - errs = append(errs, errors.Wrap(err, "Unable to hash given config")) + errs = append(errs, fmt.Errorf("Unable to hash given config: %w", err)) continue } @@ -102,13 +104,14 @@ func (r *RunnerList) Reload(configs []*reload.ConfigWithMeta) error { for hash, config := range startList { runner, err := createRunner(r.factory, r.pipeline, config) if err != nil { - if _, ok := err.(*common.ErrInputNotFinished); ok { + errors.Is(err, &common.ErrInputNotFinished{}) + if _, ok := err.(*common.ErrInputNotFinished); ok { //nolint:errorlint // ErrInputNotFinished is a struct type, not an expression/error value // error is related to state, we should not log at error level r.logger.Debugf("Error creating runner from config: %s", err) } else { r.logger.Errorf("Error creating runner from config: %s", err) } - errs = append(errs, errors.Wrap(err, "Error creating runner from config")) + errs = append(errs, fmt.Errorf("Error creating runner from config: %w", err)) continue } @@ -116,6 +119,16 @@ func (r *RunnerList) Reload(configs []*reload.ConfigWithMeta) error { r.runners[hash] = runner runner.Start() moduleStarts.Add(1) + if config.DiagCallback != nil { + if diag, ok := runner.(diagnostics.DiagnosticReporter); ok { + r.logger.Debugf("Runner '%s' has diagnostics, attempting to register", runner) + for _, dc := range diag.Diagnostics() { + config.DiagCallback.Register(dc.Name, dc.Description, dc.Filename, dc.ContentType, dc.Callback) + } + } else { + r.logger.Debugf("Runner %s does not implement DiagnosticRunner, skipping", runner) + } + } } // NOTE: This metric tracks the number of modules in the list. The true diff --git a/libbeat/cfgfile/list_test.go b/libbeat/cfgfile/list_test.go index 75c17d279790..2555e77773c5 100644 --- a/libbeat/cfgfile/list_test.go +++ b/libbeat/cfgfile/list_test.go @@ -18,12 +18,14 @@ package cfgfile import ( + "fmt" "testing" - "github.com/pkg/errors" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" "github.com/elastic/beats/v7/libbeat/common/reload" pubtest "github.com/elastic/beats/v7/libbeat/publisher/testing" conf "github.com/elastic/elastic-agent-libs/config" @@ -56,6 +58,15 @@ func (r *runner) Stop() { r.stopped = true } +func (r *runner) Diagnostics() []diagnostics.DiagnosticSetup { + return []diagnostics.DiagnosticSetup{ + { + Name: "test-callback", + Callback: func() []byte { return []byte("test") }, + }, + } +} + type runnerFactory struct { CreateRunner func(beat.PipelineConnector, *conf.C) (Runner, error) runners []Runner @@ -73,7 +84,7 @@ func (r *runnerFactory) Create(x beat.PipelineConnector, c *conf.C) (Runner, err // id < 0 is an invalid config if config.ID < 0 { - return nil, errors.New("Invalid config") + return nil, fmt.Errorf("Invalid config") } if r.CreateRunner != nil { @@ -90,20 +101,43 @@ func (r *runnerFactory) Create(x beat.PipelineConnector, c *conf.C) (Runner, err return runner, err } -func (r *runnerFactory) CheckConfig(config *conf.C) error { +func (r *runnerFactory) CheckConfig(_ *conf.C) error { return nil } +type testDiagHandler struct { + gotResp string +} + +func (r *testDiagHandler) Register(_ string, _ string, _ string, _ string, callback func() []byte) { + r.gotResp = string(callback()) +} + +func TestDiagnostics(t *testing.T) { + factory := &runnerFactory{} + list := NewRunnerList("", factory, nil) + cfg := createConfig(1) + callback := &testDiagHandler{} + cfg.DiagCallback = callback + err := list.Reload([]*reload.ConfigWithMeta{ + cfg, + }) + + require.NoError(t, err) + require.Equal(t, "test", callback.gotResp) +} + func TestNewConfigs(t *testing.T) { factory := &runnerFactory{} list := NewRunnerList("", factory, nil) - list.Reload([]*reload.ConfigWithMeta{ + err := list.Reload([]*reload.ConfigWithMeta{ createConfig(1), createConfig(2), createConfig(3), }) + require.NoError(t, err) assert.Equal(t, len(list.copyRunnerList()), 3) } @@ -111,22 +145,24 @@ func TestReloadSameConfigs(t *testing.T) { factory := &runnerFactory{} list := NewRunnerList("", factory, nil) - list.Reload([]*reload.ConfigWithMeta{ + err := list.Reload([]*reload.ConfigWithMeta{ createConfig(1), createConfig(2), createConfig(3), }) + require.NoError(t, err) state := list.copyRunnerList() assert.Equal(t, len(state), 3) - list.Reload([]*reload.ConfigWithMeta{ + err = list.Reload([]*reload.ConfigWithMeta{ createConfig(1), createConfig(2), createConfig(3), }) // nothing changed + require.NoError(t, err) assert.Equal(t, state, list.copyRunnerList()) } @@ -134,21 +170,23 @@ func TestReloadDuplicateConfig(t *testing.T) { factory := &runnerFactory{} list := NewRunnerList("", factory, nil) - list.Reload([]*reload.ConfigWithMeta{ + err := list.Reload([]*reload.ConfigWithMeta{ createConfig(1), }) + require.NoError(t, err) state := list.copyRunnerList() assert.Equal(t, len(state), 1) // This can happen in Autodiscover when a container if getting restarted // but the previous one is not cleaned yet. - list.Reload([]*reload.ConfigWithMeta{ + err = list.Reload([]*reload.ConfigWithMeta{ createConfig(1), createConfig(1), }) // nothing changed + require.NoError(t, err) assert.Equal(t, state, list.copyRunnerList()) } @@ -156,19 +194,21 @@ func TestReloadStopConfigs(t *testing.T) { factory := &runnerFactory{} list := NewRunnerList("", factory, nil) - list.Reload([]*reload.ConfigWithMeta{ + err := list.Reload([]*reload.ConfigWithMeta{ createConfig(1), createConfig(2), createConfig(3), }) + require.NoError(t, err) assert.Equal(t, len(list.copyRunnerList()), 3) - list.Reload([]*reload.ConfigWithMeta{ + err = list.Reload([]*reload.ConfigWithMeta{ createConfig(1), createConfig(3), }) + require.NoError(t, err) assert.Equal(t, len(list.copyRunnerList()), 2) } @@ -176,21 +216,23 @@ func TestReloadStartStopConfigs(t *testing.T) { factory := &runnerFactory{} list := NewRunnerList("", factory, nil) - list.Reload([]*reload.ConfigWithMeta{ + err := list.Reload([]*reload.ConfigWithMeta{ createConfig(1), createConfig(2), createConfig(3), }) + require.NoError(t, err) state := list.copyRunnerList() assert.Equal(t, len(state), 3) - list.Reload([]*reload.ConfigWithMeta{ + err = list.Reload([]*reload.ConfigWithMeta{ createConfig(1), createConfig(3), createConfig(4), }) + require.NoError(t, err) assert.Equal(t, len(list.copyRunnerList()), 3) assert.NotEqual(t, state, list.copyRunnerList()) } @@ -199,12 +241,13 @@ func TestStopAll(t *testing.T) { factory := &runnerFactory{} list := NewRunnerList("", factory, nil) - list.Reload([]*reload.ConfigWithMeta{ + err := list.Reload([]*reload.ConfigWithMeta{ createConfig(1), createConfig(2), createConfig(3), }) + require.NoError(t, err) assert.Equal(t, len(list.copyRunnerList()), 3) list.Stop() assert.Equal(t, len(list.copyRunnerList()), 0) @@ -220,14 +263,13 @@ func TestHas(t *testing.T) { config := createConfig(1) hash, err := HashConfig(config.Config) - if err != nil { - t.Fatal(err) - } + require.NoError(t, err) - list.Reload([]*reload.ConfigWithMeta{ + err = list.Reload([]*reload.ConfigWithMeta{ config, }) + require.NoError(t, err) assert.True(t, list.Has(hash)) assert.False(t, list.Has(0)) } @@ -283,7 +325,7 @@ func TestCreateRunnerAddsDynamicMeta(t *testing.T) { func createConfig(id int64) *reload.ConfigWithMeta { c := conf.NewConfig() - c.SetInt("id", -1, id) + _ = c.SetInt("id", -1, id) return &reload.ConfigWithMeta{ Config: c, } diff --git a/libbeat/common/diagnostics/diagnostics.go b/libbeat/common/diagnostics/diagnostics.go new file mode 100644 index 000000000000..815a93065601 --- /dev/null +++ b/libbeat/common/diagnostics/diagnostics.go @@ -0,0 +1,42 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package diagnostics + +// DiagnosticReporter is an interface that a metricset, fileset, or runner should implement to provide additional Diagnostic data. +// A DiagnosticReporter can provide any number of diagnostic responses when requested. +type DiagnosticReporter interface { + // Diagnostics returns metadata and a callback handler. + // note that this can be called any time after a metricset has started, so implementors should not assume + // the state of a metricset/fileset when this method is called. + Diagnostics() []DiagnosticSetup +} + +// DiagnosticSetup contains the data needed to register a callback. +type DiagnosticSetup struct { + // The name of this diagnostics data result. + Name string + // A brief description of the file. + Description string + // The filename that the requester should save the body as. This value must be unique for all other diagnostics in the metricset/fileset + Filename string + // MIME/ContentType. See https://www.iana.org/assignments/media-types/media-types.xhtml + ContentType string + //Callback is called when diagnostic data is actually requested by central management. + // Callback does not return an error, and if one occours, it should be written out as the result. + Callback func() []byte +} diff --git a/libbeat/common/diagnostics/helpers.go b/libbeat/common/diagnostics/helpers.go new file mode 100644 index 000000000000..d23715ee81f5 --- /dev/null +++ b/libbeat/common/diagnostics/helpers.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package diagnostics + +import ( + "fmt" + "os" + + "github.com/elastic/elastic-agent-system-metrics/metric/system/resolve" +) + +// GetRawFileOrErrorString is a convinence method that will return either the contents of the specified file, +// or the error that results from opening the file +func GetRawFileOrErrorString(res resolve.Resolver, path string) []byte { + fullPath := res.ResolveHostFS(path) + data, err := os.ReadFile(fullPath) + if err != nil { + return []byte(fmt.Sprintf("Error fetching data from %s: %s", fullPath, err)) + } + return data +} diff --git a/libbeat/common/reload/reload.go b/libbeat/common/reload/reload.go index c3a57bc027a5..21012ad1090a 100644 --- a/libbeat/common/reload/reload.go +++ b/libbeat/common/reload/reload.go @@ -41,6 +41,9 @@ type ConfigWithMeta struct { // Meta data related to this config Meta *mapstr.Pointer + + // DiagCallback is a diagnostic handler associated with the underlying unit that maps to the config + DiagCallback DiagnosticHandler } // ReloadableList provides a method to reload the configuration of a list of entities @@ -56,6 +59,12 @@ type Reloadable interface { // ReloadableFunc wraps a custom function in order to implement the Reloadable interface. type ReloadableFunc func(config *ConfigWithMeta) error +// DiagnosticHandler is an interface used to register diagnostic callbacks with the central management system +// This mostly exists to wrap the unit RegisterDiagnostic method +type DiagnosticHandler interface { + Register(name string, description string, filename string, contentType string, callback func() []byte) +} + // Registry of reloadable objects and lists type Registry struct { sync.RWMutex diff --git a/libbeat/docs/release.asciidoc b/libbeat/docs/release.asciidoc index 23ebd3d9b11c..f242bd0fb830 100644 --- a/libbeat/docs/release.asciidoc +++ b/libbeat/docs/release.asciidoc @@ -8,6 +8,8 @@ This section summarizes the changes in each release. Also read <> for more detail about changes that affect upgrade. +* <> +* <> * <> * <> * <> diff --git a/libbeat/docs/version.asciidoc b/libbeat/docs/version.asciidoc index 191e466d9557..a73f993a2833 100644 --- a/libbeat/docs/version.asciidoc +++ b/libbeat/docs/version.asciidoc @@ -1,6 +1,6 @@ :stack-version: 8.9.0 -:doc-branch: main -:go-version: 1.19.9 +:doc-branch: master +:go-version: 1.19.10 :release-state: unreleased :python: 3.7 :docker: 1.12 diff --git a/libbeat/features/features.go b/libbeat/features/features.go index 997803efad22..e6fb98156309 100644 --- a/libbeat/features/features.go +++ b/libbeat/features/features.go @@ -20,6 +20,7 @@ package features import ( "fmt" "sync" + "sync/atomic" "github.com/elastic/elastic-agent-client/v7/pkg/proto" conf "github.com/elastic/elastic-agent-libs/config" @@ -32,10 +33,11 @@ var ( type boolValueOnChangeCallback func(new, old bool) type fflags struct { - mu sync.RWMutex + // controls access to the callback hashmap + callbackMut sync.RWMutex // TODO: Refactor to generalize for other feature flags - fqdnEnabled bool + fqdnEnabled atomic.Bool fqdnCallbacks map[string]boolValueOnChangeCallback } @@ -88,36 +90,39 @@ func UpdateFromConfig(c *conf.C) error { } func (f *fflags) SetFQDNEnabled(newValue bool) { - f.mu.Lock() - defer f.mu.Unlock() + f.callbackMut.Lock() + defer f.callbackMut.Unlock() + oldValue := f.fqdnEnabled.Swap(newValue) - oldValue := f.fqdnEnabled - f.fqdnEnabled = newValue for _, cb := range f.fqdnCallbacks { cb(newValue, oldValue) } + } // FQDN reports if FQDN should be used instead of hostname for host.name. // If it hasn't been set by UpdateFromConfig or UpdateFromProto, it returns false. func FQDN() bool { - flags.mu.RLock() - defer flags.mu.RUnlock() - return flags.fqdnEnabled + return flags.fqdnEnabled.Load() } // AddFQDNOnChangeCallback takes a callback function that will be called with the new and old values // of `flags.fqdnEnabled` whenever it changes. It also takes a string ID - this is useful // in calling `RemoveFQDNOnChangeCallback` to de-register the callback. +// if the ID already exists, this returns an error. func AddFQDNOnChangeCallback(cb boolValueOnChangeCallback, id string) error { - flags.mu.Lock() - defer flags.mu.Unlock() + flags.callbackMut.Lock() + defer flags.callbackMut.Unlock() // Initialize callbacks map if necessary. if flags.fqdnCallbacks == nil { flags.fqdnCallbacks = map[string]boolValueOnChangeCallback{} } + if _, ok := flags.fqdnCallbacks[id]; ok { + return fmt.Errorf("callback with ID %s already registered", id) + } + flags.fqdnCallbacks[id] = cb return nil } @@ -126,8 +131,8 @@ func AddFQDNOnChangeCallback(cb boolValueOnChangeCallback, id string) error { // returned by `AddFQDNOnChangeCallback` so that function will be no longer be called when // `flags.fqdnEnabled` changes. func RemoveFQDNOnChangeCallback(id string) { - flags.mu.Lock() - defer flags.mu.Unlock() + flags.callbackMut.Lock() + defer flags.callbackMut.Unlock() delete(flags.fqdnCallbacks, id) } diff --git a/libbeat/features/features_test.go b/libbeat/features/features_test.go index d4bfe8354926..83d1274308bb 100644 --- a/libbeat/features/features_test.go +++ b/libbeat/features/features_test.go @@ -186,3 +186,39 @@ func TestFQDNCallbacks(t *testing.T) { RemoveFQDNOnChangeCallback("cb2") require.Len(t, flags.fqdnCallbacks, 0) } + +func TestFQDNWHileCallbackBlocked(t *testing.T) { + blockChan := make(chan struct{}) + willBlockChan := make(chan struct{}) + unblockedChan := make(chan struct{}) + err := AddFQDNOnChangeCallback(func(new, old bool) { + willBlockChan <- struct{}{} + t.Logf("callback is currently blocked.") + <-blockChan + t.Logf("callback is unblocked.") + + }, "test-TestFQDNWHileCallbackBlocked") + require.NoError(t, err) + + // Start with FQDN off + go func() { + err = UpdateFromConfig(config.MustNewConfigFrom(map[string]interface{}{ + "features.fqdn.enabled": true, + })) + unblockedChan <- struct{}{} + }() + + // callback should be blocking at this point + t.Logf("Waiting for callback to block...") + <-willBlockChan + whileBlocked := FQDN() + require.True(t, whileBlocked) + + //now unblock + blockChan <- struct{}{} + t.Logf("Waiting for callback to unblock...") + <-unblockedChan + unblocked := FQDN() + require.True(t, unblocked) + +} diff --git a/libbeat/monitoring/inputmon/input.go b/libbeat/monitoring/inputmon/input.go index 51c79fc35017..39d51d94cbe8 100644 --- a/libbeat/monitoring/inputmon/input.go +++ b/libbeat/monitoring/inputmon/input.go @@ -20,6 +20,9 @@ package inputmon import ( "strings" + "github.com/google/uuid" + + "github.com/elastic/elastic-agent-libs/logp" "github.com/elastic/elastic-agent-libs/monitoring" ) @@ -49,11 +52,23 @@ func NewInputRegistry(inputType, id string, optionalParent *monitoring.Registry) // the monitoring registry, and we want a consistent flat level of nesting key := sanitizeID(id) + // Log the registration to ease tracking down duplicate ID registrations. + // Logged at INFO rather than DEBUG since it is not in a hot path and having + // the information available by default can short-circuit requests for debug + // logs during support interactions. + log := logp.NewLogger("metric_registry") + // Make an orthogonal ID to allow tracking register/deregister pairs. + uuid := uuid.New().String() + log.Infow("registering", "input_type", inputType, "id", id, "key", key, "uuid", uuid) + reg = parentRegistry.NewRegistry(key) monitoring.NewString(reg, "input").Set(inputType) monitoring.NewString(reg, "id").Set(id) - return reg, func() { parentRegistry.Remove(key) } + return reg, func() { + log.Infow("unregistering", "input_type", inputType, "id", id, "key", key, "uuid", uuid) + parentRegistry.Remove(key) + } } func sanitizeID(id string) string { diff --git a/libbeat/processors/add_host_metadata/add_host_metadata.go b/libbeat/processors/add_host_metadata/add_host_metadata.go index 528d40a0365a..db3cbbc5ee30 100644 --- a/libbeat/processors/add_host_metadata/add_host_metadata.go +++ b/libbeat/processors/add_host_metadata/add_host_metadata.go @@ -22,6 +22,8 @@ import ( "sync" "time" + "github.com/gofrs/uuid" + "github.com/elastic/elastic-agent-libs/monitoring" "github.com/elastic/beats/v7/libbeat/beat" @@ -81,7 +83,7 @@ func New(cfg *config.C) (beat.Processor, error) { FQDNLookupFailed: monitoring.NewInt(reg, "fqdn_lookup_failed"), }, } - if err := p.loadData(); err != nil { + if err := p.loadData(true, features.FQDN()); err != nil { return nil, fmt.Errorf("failed to load data: %w", err) } @@ -93,7 +95,21 @@ func New(cfg *config.C) (beat.Processor, error) { p.geoData = mapstr.M{"host": mapstr.M{"geo": geoFields}} } - err := features.AddFQDNOnChangeCallback(p.handleFQDNReportingChange, processorName) + // create a unique ID for this instance of the processor + cbIDStr := "" + cbID, err := uuid.NewV4() + // if we fail, fall back to the processor name, hope for the best. + if err != nil { + p.logger.Errorf("error generating ID for FQDN callback, reverting to processor name: %w", err) + cbIDStr = processorName + } else { + cbIDStr = cbID.String() + } + + // this is safe as New() returns a pointer, not the actual object. + // This matters as other pieces of code in libbeat, like libbeat/processors/processor.go, + // will do weird stuff like copy the entire list of global processors. + err = features.AddFQDNOnChangeCallback(p.handleFQDNReportingChange, cbIDStr) if err != nil { return nil, fmt.Errorf( "could not register callback for FQDN reporting onChange from %s processor: %w", @@ -111,9 +127,9 @@ func (p *addHostMetadata) Run(event *beat.Event) (*beat.Event, error) { return event, nil } - err := p.loadData() + err := p.loadData(true, features.FQDN()) if err != nil { - return nil, err + return nil, fmt.Errorf("error loading data during event update: %w", err) } event.Fields.DeepUpdate(p.data.Get().Clone()) @@ -134,13 +150,14 @@ func (p *addHostMetadata) Run(event *beat.Event) (*beat.Event, error) { //} func (p *addHostMetadata) expired() bool { - if p.config.CacheTTL <= 0 { - return true - } p.lastUpdate.Lock() defer p.lastUpdate.Unlock() + if p.config.CacheTTL <= 0 { + return true + } + if p.lastUpdate.Add(p.config.CacheTTL).After(time.Now()) { return false } @@ -148,24 +165,25 @@ func (p *addHostMetadata) expired() bool { return true } -func (p *addHostMetadata) loadData() error { - if !p.expired() { +// loadData update's the processor's associated host metadata +func (p *addHostMetadata) loadData(checkCache bool, useFQDN bool) error { + if checkCache && !p.expired() { return nil } h, err := sysinfo.Host() if err != nil { - return err + return fmt.Errorf("error collecting host info: %w", err) } hostname := h.Info().Hostname - if features.FQDN() { + if useFQDN { fqdn, err := h.FQDN() if err != nil { // FQDN lookup is "best effort". If it fails, we monitor the failure, fallback to // the OS-reported hostname, and move on. p.metrics.FQDNLookupFailed.Inc() - p.logger.Debugf( + p.logger.Warnf( "unable to lookup FQDN (failed attempt counter: %d): %s, using hostname = %s as FQDN", p.metrics.FQDNLookupFailed.Get(), err.Error(), @@ -217,12 +235,13 @@ func (p *addHostMetadata) handleFQDNReportingChange(new, old bool) { return } - // Whether we should report the FQDN or not has changed. Expire cache - // so we start report the desired hostname value immediately. - p.expireCache() + // update the data for the processor + p.updateOrExpire(new) } -func (p *addHostMetadata) expireCache() { +// updateOrExpire will attempt to update the data for the processor, or expire the cache +// if the config update fails, or times out +func (p *addHostMetadata) updateOrExpire(useFQDN bool) { if p.config.CacheTTL <= 0 { return } @@ -230,9 +249,38 @@ func (p *addHostMetadata) expireCache() { p.lastUpdate.Lock() defer p.lastUpdate.Unlock() - // Update cache's last updated timestamp to be zero, - // effectively expiring the cache immediately. - p.lastUpdate.Time = time.Time{} + // while holding the mutex, attempt to update loadData() + // doing this with the mutex means other events must wait until we have the correct host data, as we assume that + // a call to this function means something else wants to force an update, and thus all events must sync. + + updateChanSuccess := make(chan bool) + timeout := time.After(p.config.ExpireUpdateTimeout) + go func() { + err := p.loadData(false, useFQDN) + if err != nil { + p.logger.Errorf("error updating data for processor: %w") + updateChanSuccess <- false + return + } + updateChanSuccess <- true + }() + + // this additional timeout check is paranoid, but when it's method is called from handleFQDNReportingChange(), + // it's blocking, which means we can hold a mutex in features. In addition, we don't want to break the processor by + // having all the events wait for too long. + select { + case <-timeout: + p.logger.Errorf("got timeout while trying to update metadata") + p.lastUpdate.Time = time.Time{} + case success := <-updateChanSuccess: + // only expire the cache if update was failed + if !success { + p.lastUpdate.Time = time.Time{} + } else { + p.lastUpdate.Time = time.Now() + } + } + } func skipAddingHostMetadata(event *beat.Event) bool { diff --git a/libbeat/processors/add_host_metadata/add_host_metadata_test.go b/libbeat/processors/add_host_metadata/add_host_metadata_test.go index 037119772824..c90feb771851 100644 --- a/libbeat/processors/add_host_metadata/add_host_metadata_test.go +++ b/libbeat/processors/add_host_metadata/add_host_metadata_test.go @@ -22,6 +22,7 @@ import ( "net" "os" "runtime" + "sync" "testing" "time" @@ -473,45 +474,60 @@ func TestSkipAddingHostMetadata(t *testing.T) { } } -func TestExpireCacheOnFQDNReportingChange(t *testing.T) { - testConfig := conf.MustNewConfigFrom(map[string]interface{}{ - "cache.ttl": "5m", - }) - - p, err := New(testConfig) +func TestFQDNEventSync(t *testing.T) { + hostname, err := os.Hostname() require.NoError(t, err) + srv, _ := mockdns.NewServer(map[string]mockdns.Zone{ + hostname + ".": { + CNAME: "foo.bar.baz.", + }, + "foo.bar.baz.": { + A: []string{"1.1.1.1"}, + }, + }, false) + defer srv.Close() - ahmP, ok := p.(*addHostMetadata) - require.True(t, ok) - - // Call the expired() method once to prime the cache's - // lastUpdated value - ahmP.expired() + srv.PatchNet(net.DefaultResolver) + defer mockdns.UnpatchNet(net.DefaultResolver) - // Since we just primed the cache's lastUpdated value, the - // cache should no longer be expired. - expired := ahmP.expired() - require.False(t, expired) + testConfig := conf.MustNewConfigFrom(map[string]interface{}{ + "cache.ttl": "5m", + }) - // Toggle the FQDN feature flag; this should cause the cache - // to expire. + // Start with FQDN off err = features.UpdateFromConfig(conf.MustNewConfigFrom(map[string]interface{}{ - "features.fqdn.enabled": true, + "features.fqdn.enabled": false, })) require.NoError(t, err) - expired = ahmP.expired() - require.True(t, expired) + p, err := New(testConfig) + require.NoError(t, err) - // Set the FQDN feature flag to the same value; this should NOT - // cause the cache to expire. + // update err = features.UpdateFromConfig(conf.MustNewConfigFrom(map[string]interface{}{ "features.fqdn.enabled": true, })) require.NoError(t, err) - expired = ahmP.expired() - require.False(t, expired) + t.Logf("updated FQDN") + + // run a number of events, make sure none have wrong hostname. + checkWait := sync.WaitGroup{} + for i := 0; i < 10; i++ { + checkWait.Add(1) + go func() { + resp, err := p.Run(&beat.Event{ + Fields: mapstr.M{}, + }) + require.NoError(t, err) + name, err := resp.Fields.GetValue("host.name") + require.NoError(t, err) + require.Equal(t, "foo.bar.baz", name) + checkWait.Done() + }() + } + t.Logf("Waiting for runners to return...") + checkWait.Wait() } func TestFQDNLookup(t *testing.T) { diff --git a/libbeat/processors/add_host_metadata/config.go b/libbeat/processors/add_host_metadata/config.go index 36f4a0a13f85..17133e1b55a9 100644 --- a/libbeat/processors/add_host_metadata/config.go +++ b/libbeat/processors/add_host_metadata/config.go @@ -25,17 +25,19 @@ import ( // Config for add_host_metadata processor. type Config struct { - NetInfoEnabled bool `config:"netinfo.enabled"` // Add IP and MAC to event - CacheTTL time.Duration `config:"cache.ttl"` - Geo *util.GeoConfig `config:"geo"` - Name string `config:"name"` - ReplaceFields bool `config:"replace_fields"` // replace existing host fields with add_host_metadata + NetInfoEnabled bool `config:"netinfo.enabled"` // Add IP and MAC to event + CacheTTL time.Duration `config:"cache.ttl"` + ExpireUpdateTimeout time.Duration `config:"expire_update_timeout"` + Geo *util.GeoConfig `config:"geo"` + Name string `config:"name"` + ReplaceFields bool `config:"replace_fields"` // replace existing host fields with add_host_metadata } func defaultConfig() Config { return Config{ - NetInfoEnabled: true, - CacheTTL: 5 * time.Minute, - ReplaceFields: true, + NetInfoEnabled: true, + CacheTTL: 5 * time.Minute, + ExpireUpdateTimeout: time.Second * 10, + ReplaceFields: true, } } diff --git a/libbeat/publisher/processing/default.go b/libbeat/publisher/processing/default.go index a8ec007562ea..e3a2c961a928 100644 --- a/libbeat/publisher/processing/default.go +++ b/libbeat/publisher/processing/default.go @@ -261,9 +261,13 @@ func newBuilder( // Processors returns a string description of the processor config func (b *builder) Processors() []string { procList := []string{} - for _, proc := range b.processors.list { - procList = append(procList, proc.String()) + + if b.processors != nil { + for _, proc := range b.processors.list { + procList = append(procList, proc.String()) + } } + return procList } diff --git a/libbeat/publisher/processing/default_test.go b/libbeat/publisher/processing/default_test.go index ef58dc97b8ee..6fe057850373 100644 --- a/libbeat/publisher/processing/default_test.go +++ b/libbeat/publisher/processing/default_test.go @@ -480,6 +480,14 @@ func TestProcessingClose(t *testing.T) { assert.True(t, factoryProcessor.closed) } +func TestProcessingDiagnostics(t *testing.T) { + factory, err := MakeDefaultSupport(true, nil)(beat.Info{}, logp.L(), config.NewConfig()) + require.NoError(t, err) + + p := factory.Processors() + assert.Empty(t, p) +} + func fromJSON(in string) mapstr.M { var tmp mapstr.M err := json.Unmarshal([]byte(in), &tmp) diff --git a/libbeat/reader/parser/parser.go b/libbeat/reader/parser/parser.go index d8279656a16e..21363df2dba9 100644 --- a/libbeat/reader/parser/parser.go +++ b/libbeat/reader/parser/parser.go @@ -121,6 +121,13 @@ func NewConfig(pCfg CommonConfig, parsers []config.Namespace) (*Config, error) { if err != nil { return nil, fmt.Errorf("error while parsing syslog parser config: %w", err) } + case "include_message": + config := filter.DefaultConfig() + cfg := ns.Config() + err := cfg.Unpack(&config) + if err != nil { + return nil, fmt.Errorf("error while parsing include_message parser config: %w", err) + } default: return nil, fmt.Errorf("%s: %w", name, ErrNoSuchParser) } diff --git a/libbeat/reader/parser/parser_test.go b/libbeat/reader/parser/parser_test.go index 3b3d95218370..50b416a11d41 100644 --- a/libbeat/reader/parser/parser_test.go +++ b/libbeat/reader/parser/parser_test.go @@ -686,6 +686,40 @@ func TestContainerParser(t *testing.T) { } } +func TestParserIncludeMessages(t *testing.T) { + parserConfig := map[string]interface{}{ + "parsers": []map[string]interface{}{ + { + "include_message": map[string]interface{}{ + "patterns": []string{"^INCLUDE"}, + }, + }, + }, + } + + lines := "INCLUDE - FOO\ndo not include this line\n\nINCLUDE BAR\n" + expectedMessages := []string{ + "INCLUDE - FOO\n", + "INCLUDE BAR\n", + } + + cfg := config.MustNewConfigFrom(parserConfig) + var c inputParsersConfig + err := cfg.Unpack(&c) + require.NoError(t, err) + + p := c.Parsers.Create(testReader(lines)) + + readMsgs := []string{} + msg, err := p.Next() + for err == nil { + readMsgs = append(readMsgs, string(msg.Content)) + msg, err = p.Next() + } + + require.Equal(t, expectedMessages, readMsgs, "fii") +} + type testParsersConfig struct { Parsers []config.Namespace `struct:"parsers"` } diff --git a/libbeat/tests/system/config/libbeat.yml.j2 b/libbeat/tests/system/config/libbeat.yml.j2 index 5cd434690da2..bc0401555b6e 100644 --- a/libbeat/tests/system/config/libbeat.yml.j2 +++ b/libbeat/tests/system/config/libbeat.yml.j2 @@ -118,3 +118,8 @@ path: #================================ keystore ===================================== keystore.path: {{keystore_path}} {% endif %} + +# Enable periodic input metric logging. +logging.metrics.namespaces: + - stats + - dataset diff --git a/metricbeat/Dockerfile b/metricbeat/Dockerfile index be52fe799916..76353ab18847 100644 --- a/metricbeat/Dockerfile +++ b/metricbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.19.9 +FROM golang:1.19.10 RUN \ apt update \ diff --git a/metricbeat/beater/metricbeat.go b/metricbeat/beater/metricbeat.go index f4592bf7c9d3..cbc44f88bf57 100644 --- a/metricbeat/beater/metricbeat.go +++ b/metricbeat/beater/metricbeat.go @@ -44,9 +44,9 @@ import ( // Metricbeat implements the Beater interface for metricbeat. type Metricbeat struct { - done chan struct{} // Channel used to initiate shutdown. - stopOnce sync.Once // wraps the Stop() method - runners []module.Runner // Active list of module runners. + done chan struct{} // Channel used to initiate shutdown. + stopOnce sync.Once // wraps the Stop() method + runners []cfgfile.Runner // Active list of module runners. config Config autodiscover *autodiscover.Autodiscover diff --git a/metricbeat/docs/modules/aws.asciidoc b/metricbeat/docs/modules/aws.asciidoc index 9b8c4e5ac686..ee2a73e17dc6 100644 --- a/metricbeat/docs/modules/aws.asciidoc +++ b/metricbeat/docs/modules/aws.asciidoc @@ -73,7 +73,20 @@ services do not include a region. In `aws` module, `endpoint` config is to set the `endpoint-code` part, such as `amazonaws.com`, `amazonaws.com.cn`, `c2s.ic.gov`, `sc2s.sgov.gov`. -If endpoint is specified, `regions` config becomes required. For example: +If endpoint is specified, `regions` config becomes required. + +* *include_linked_accounts* + +The `include_linked_accounts` parameter is used to enable the inclusion of metrics from different accounts linked to a +main monitoring account. By setting this parameter to true, users can gather metrics from multiple AWS accounts that are +linked through the https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html[CloudWatch cross-account observability]. +By default, the `include_linked_accounts` parameter is set to true, meaning that only metrics from the main monitoring +account and all linked accounts are all collected. When set to false, the parameter allows the CloudWatch service to +only retrieve metrics from the monitoring account. + +*_Note_:* Users should ensure that the necessary IAM roles and policies are properly set up in order to link the monitoring +account and source accounts together. +Please see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account-Setup.html#CloudWatch-Unified-Cross-Account-Setup-permissions[Link monitoring accounts with source accounts] for more details. * *tags_filter* @@ -413,6 +426,12 @@ metricbeat.modules: - transitgateway - usage - vpn +- module: aws + period: 1m + latency: 5m + include_linked_accounts: false + metricsets: + - s3_request ---- [float] diff --git a/metricbeat/docs/modules/azure.asciidoc b/metricbeat/docs/modules/azure.asciidoc index d11ea704a1bf..f81da008502c 100644 --- a/metricbeat/docs/modules/azure.asciidoc +++ b/metricbeat/docs/modules/azure.asciidoc @@ -99,6 +99,15 @@ https://login.microsoftonline.us for azure GermanCloud https://login.chinacloudapi.cn for azure PublicCloud https://login.microsoftonline.de for azure USGovernmentCloud +`resource_manager_audience` :: +_string_ +Optional, by default we are using the azure public environment, to override, users can provide a specific resource manager audience in order to use a different azure environment. +Ex: +https://management.chinacloudapi.cn/ for azure ChinaCloud +https://management.microsoftazure.de/ for azure GermanCloud +https://management.azure.com/ for azure PublicCloud +https://management.usgovcloudapi.net/ for azure USGovernmentCloud +Users can also use this in case of a Hybrid Cloud model, where one may define their own audiences. [float] == Metricsets diff --git a/metricbeat/mb/module/factory.go b/metricbeat/mb/module/factory.go index a82f36127bc9..be8999a84d15 100644 --- a/metricbeat/mb/module/factory.go +++ b/metricbeat/mb/module/factory.go @@ -46,7 +46,7 @@ func (r *Factory) Create(p beat.PipelineConnector, c *conf.C) (cfgfile.Runner, e return nil, err } - var runners []Runner + var runners []cfgfile.Runner for _, metricSet := range metricSets { wrapper, err := NewWrapperForMetricSet(module, metricSet, r.options...) if err != nil { diff --git a/metricbeat/mb/module/runner.go b/metricbeat/mb/module/runner.go index aefc6be9fa3a..f4848d11b299 100644 --- a/metricbeat/mb/module/runner.go +++ b/metricbeat/mb/module/runner.go @@ -19,9 +19,12 @@ package module import ( "fmt" + "path/filepath" "sync" "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/cfgfile" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" "github.com/elastic/elastic-agent-libs/monitoring" ) @@ -55,7 +58,7 @@ type Runner interface { // NewRunner returns a Runner facade. The events generated by // the Module will be published to a new publisher.Client generated from the // pubClientFactory. -func NewRunner(client beat.Client, mod *Wrapper) Runner { +func NewRunner(client beat.Client, mod *Wrapper) cfgfile.Runner { return &runner{ done: make(chan struct{}), mod: mod, @@ -93,6 +96,29 @@ func (mr *runner) Stop() { }) } +// Diagnostics implements the DiagnosticRunner for the mb/module/runner. +func (mr *runner) Diagnostics() []diagnostics.DiagnosticSetup { + msList := mr.mod.MetricSets() + responses := []diagnostics.DiagnosticSetup{} + for _, ms := range msList { + diagHandler, ok := ms.MetricSet.(diagnostics.DiagnosticReporter) + if !ok { + continue + } + // create and append a filepath specific to the module/metricset combination + // This keeps diagnostic dumps cleaner and easier to parse. + diags := diagHandler.Diagnostics() + pathPrefix := fmt.Sprintf("%s-%s", mr.mod.Name(), ms.MetricSet.Name()) + for _, diag := range diags { + fullpath := filepath.Join(pathPrefix, diag.Filename) + diag.Filename = fullpath + responses = append(responses, diag) + } + + } + return responses +} + func (mr *runner) String() string { return fmt.Sprintf("%s [metricsets=%d]", mr.mod.Name(), len(mr.mod.metricSets)) } diff --git a/metricbeat/mb/module/runner_group.go b/metricbeat/mb/module/runner_group.go index e242a0281c85..542926325f6f 100644 --- a/metricbeat/mb/module/runner_group.go +++ b/metricbeat/mb/module/runner_group.go @@ -20,18 +20,21 @@ package module import ( "strings" "sync" + + "github.com/elastic/beats/v7/libbeat/cfgfile" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" ) type runnerGroup struct { - runners []Runner + runners []cfgfile.Runner startOnce sync.Once stopOnce sync.Once } -var _ Runner = new(runnerGroup) +var _ cfgfile.Runner = new(runnerGroup) -func newRunnerGroup(runners []Runner) Runner { +func newRunnerGroup(runners []cfgfile.Runner) cfgfile.Runner { return &runnerGroup{ runners: runners, } @@ -60,3 +63,17 @@ func (rg *runnerGroup) String() string { } return "RunnerGroup{" + strings.Join(entries, ", ") + "}" } + +// Diagnostics, like the rest of the runner group methods, merely +// calls all the "client" runners and combines the results +func (rg *runnerGroup) Diagnostics() []diagnostics.DiagnosticSetup { + results := []diagnostics.DiagnosticSetup{} + for _, runner := range rg.runners { + if diagHandler, ok := runner.(diagnostics.DiagnosticReporter); ok { + diags := diagHandler.Diagnostics() + results = append(results, diags...) + } + + } + return results +} diff --git a/metricbeat/mb/module/runner_group_test.go b/metricbeat/mb/module/runner_group_test.go index dd7babee0d79..036396a31034 100644 --- a/metricbeat/mb/module/runner_group_test.go +++ b/metricbeat/mb/module/runner_group_test.go @@ -22,8 +22,11 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/elastic/beats/v7/libbeat/cfgfile" "github.com/elastic/beats/v7/libbeat/common/atomic" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" ) const ( @@ -31,6 +34,24 @@ const ( fakeRunnerName = "fakeRunner" ) +type fakeRunnerDiag struct { + id int +} + +func (fr *fakeRunnerDiag) Start() {} +func (fr *fakeRunnerDiag) Stop() {} +func (fr *fakeRunnerDiag) String() string { + return fmt.Sprintf("%s-%d", fakeRunnerName, fr.id) +} +func (fr *fakeRunnerDiag) Diagnostics() []diagnostics.DiagnosticSetup { + return []diagnostics.DiagnosticSetup{ + { + Name: "test-diagnostic", + Callback: func() []byte { return []byte("test result") }, + }, + } +} + type fakeRunner struct { id int @@ -58,7 +79,7 @@ func TestStartStop(t *testing.T) { startCounter := atomic.NewInt(0) stopCounter := atomic.NewInt(0) - var runners []Runner + var runners []cfgfile.Runner for i := 0; i < fakeRunnersNum; i++ { runners = append(runners, &fakeRunner{ id: i, @@ -76,8 +97,44 @@ func TestStartStop(t *testing.T) { assert.Equal(t, fakeRunnersNum, stopCounter.Load()) } +func TestDiagnosticsUnsupported(t *testing.T) { + var runners []cfgfile.Runner + for i := 0; i < fakeRunnersNum; i++ { + runners = append(runners, &fakeRunner{ + id: i, + startCounter: atomic.NewInt(0), + stopCounter: atomic.NewInt(0), + }) + } + + runnerGroup := newRunnerGroup(runners) + runnerGroup.Start() + + // fakeRunner doesn't support diagnostics, make sure nothing panics/returns invalid values + diags, ok := runnerGroup.(diagnostics.DiagnosticReporter) + // the runner group does implement the interface, but should return nothing + require.True(t, ok) + res := diags.Diagnostics() + require.Empty(t, res) +} + +func TestDiagosticsSupported(t *testing.T) { + var runners []cfgfile.Runner + for i := 0; i < fakeRunnersNum; i++ { + runners = append(runners, &fakeRunnerDiag{ + id: i, + }) + } + runnerGroup := newRunnerGroup(runners) + runnerGroup.Start() + diags, ok := runnerGroup.(diagnostics.DiagnosticReporter) + require.True(t, ok) + res := diags.Diagnostics() + require.NotEmpty(t, res) +} + func TestString(t *testing.T) { - var runners []Runner + var runners []cfgfile.Runner for i := 0; i < fakeRunnersNum; i++ { runners = append(runners, &fakeRunner{ id: i, diff --git a/metricbeat/mb/module/runner_test.go b/metricbeat/mb/module/runner_test.go index bd56589ed310..d05980470b6a 100644 --- a/metricbeat/mb/module/runner_test.go +++ b/metricbeat/mb/module/runner_test.go @@ -20,15 +20,20 @@ package module_test import ( + "runtime" "testing" "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" pubtest "github.com/elastic/beats/v7/libbeat/publisher/testing" "github.com/elastic/beats/v7/metricbeat/mb" "github.com/elastic/beats/v7/metricbeat/mb/module" + _ "github.com/elastic/beats/v7/metricbeat/module/system" + _ "github.com/elastic/beats/v7/metricbeat/module/system/cpu" conf "github.com/elastic/elastic-agent-libs/config" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestRunner(t *testing.T) { @@ -61,6 +66,62 @@ func TestRunner(t *testing.T) { runner.Stop() } +func TestCPUDiagnostics(t *testing.T) { + pubClient, factory := newPubClientFactory() + + config, err := conf.NewConfigFrom(map[string]interface{}{ + "module": "system", + "metricsets": []string{"cpu"}, + }) + require.NoError(t, err) + + // Create a new Wrapper based on the configuration. + m, err := module.NewWrapper(config, mb.Registry, module.WithMetricSetInfo()) + if err != nil { + t.Fatal(err) + } + + runner := module.NewRunner(factory(), m) + + // First test, run before start. Shouldn't cause panics or other undefined behavior + diag, ok := runner.(diagnostics.DiagnosticReporter) + require.True(t, ok) + diags := diag.Diagnostics() + // This diagnostic set is only available on linux. + // On other OSes, the list should be empty + if runtime.GOOS == "linux" { + require.NotEmpty(t, diags) + } else { + require.Empty(t, diags) + } + + runner.Start() + assert.NotNil(t, <-pubClient.Channel) + + diag, ok = runner.(diagnostics.DiagnosticReporter) + require.True(t, ok) + diags = diag.Diagnostics() + if runtime.GOOS == "linux" { + require.NotEmpty(t, diags) + res := diags[0].Callback() + require.NotEmpty(t, res) + } else { + require.Empty(t, diags) + } + + runner.Stop() + // stop, test again. + diag, ok = runner.(diagnostics.DiagnosticReporter) + require.True(t, ok) + diags = diag.Diagnostics() + if runtime.GOOS == "linux" { + require.NotEmpty(t, diags) + } else { + require.Empty(t, diags) + } + +} + // newPubClientFactory returns a new ChanClient and a function that returns // the same Client when invoked. This simulates the return value of // Publisher.Connect. diff --git a/metricbeat/module/postgresql/docker-compose.yml b/metricbeat/module/postgresql/docker-compose.yml index d1367aefe664..acb591bfbfcc 100644 --- a/metricbeat/module/postgresql/docker-compose.yml +++ b/metricbeat/module/postgresql/docker-compose.yml @@ -11,3 +11,8 @@ services: POSTGRES_PASSWORD: postgres ports: - 5432 + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres -p 5432"] + interval: 5s + timeout: 5s + retries: 5 diff --git a/metricbeat/module/system/core/core.go b/metricbeat/module/system/core/core.go index 503048e9fa77..1bf2f3f3a3db 100644 --- a/metricbeat/module/system/core/core.go +++ b/metricbeat/module/system/core/core.go @@ -20,8 +20,10 @@ package core import ( - "github.com/pkg/errors" + "fmt" + "runtime" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" "github.com/elastic/beats/v7/metricbeat/mb" "github.com/elastic/beats/v7/metricbeat/mb/parse" metrics "github.com/elastic/elastic-agent-system-metrics/metric/cpu" @@ -50,7 +52,7 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { opts, err := config.Validate() if err != nil { - return nil, errors.Wrap(err, "error validating config") + return nil, fmt.Errorf("error validating config: %w", err) } if config.CPUTicks != nil && *config.CPUTicks { @@ -68,14 +70,14 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { func (m *MetricSet) Fetch(report mb.ReporterV2) error { samples, err := m.cores.FetchCores() if err != nil { - return errors.Wrap(err, "failed to sample CPU core times") + return fmt.Errorf("failed to sample CPU core times: %w", err) } for id, sample := range samples { event, err := sample.Format(m.opts) if err != nil { - return errors.Wrap(err, "error formatting core data") + return fmt.Errorf("error formatting core data: %w", err) } event.Put("id", id) @@ -89,3 +91,24 @@ func (m *MetricSet) Fetch(report mb.ReporterV2) error { return nil } + +// Diagnostics implmements the DiagnosticSet interface +func (m *MetricSet) Diagnostics() []diagnostics.DiagnosticSetup { + m.Logger().Infof("got DiagnosticSetup request for system/core") + if runtime.GOOS == "linux" { + return []diagnostics.DiagnosticSetup{{ + Name: "core-stat", + Description: "/proc/stat file", + Filename: "stat", + Callback: m.getDiagData, + }} + } else { + return nil + } + +} + +func (m *MetricSet) getDiagData() []byte { + sys := m.BaseMetricSet.Module().(resolve.Resolver) + return diagnostics.GetRawFileOrErrorString(sys, "/proc/stat") +} diff --git a/metricbeat/module/system/cpu/cpu.go b/metricbeat/module/system/cpu/cpu.go index 256a70a2e721..8eb06c2427bd 100644 --- a/metricbeat/module/system/cpu/cpu.go +++ b/metricbeat/module/system/cpu/cpu.go @@ -20,8 +20,11 @@ package cpu import ( - "github.com/pkg/errors" + "errors" + "fmt" + "runtime" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" "github.com/elastic/beats/v7/metricbeat/mb" "github.com/elastic/beats/v7/metricbeat/mb/parse" "github.com/elastic/elastic-agent-libs/mapstr" @@ -52,7 +55,7 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { opts, err := config.Validate() if err != nil { - return nil, errors.Wrap(err, "error validating config") + return nil, fmt.Errorf("error validating config: %w", err) } if config.CPUTicks != nil && *config.CPUTicks { @@ -70,24 +73,24 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { func (m *MetricSet) Fetch(r mb.ReporterV2) error { sample, err := m.cpu.Fetch() if err != nil { - return errors.Wrap(err, "failed to fetch CPU times") + return fmt.Errorf("failed to fetch CPU times: %w", err) } event, err := sample.Format(m.opts) if err != nil { - return errors.Wrap(err, "error formatting metrics") + return fmt.Errorf("error formatting metrics: %w", err) } event.Put("cores", sample.CPUCount()) //generate the host fields here, since we don't want users disabling it. hostEvent, err := sample.Format(metrics.MetricOpts{NormalizedPercentages: true}) if err != nil { - return errors.Wrap(err, "error creating host fields") + return fmt.Errorf("error creating host fields: %w", err) } hostFields := mapstr.M{} err = copyFieldsOrDefault(hostEvent, hostFields, "total.norm.pct", "host.cpu.usage", 0) if err != nil { - return errors.Wrap(err, "error fetching normalized CPU percent") + return fmt.Errorf("error fetching normalized CPU percent: %w", err) } r.Event(mb.Event{ @@ -98,6 +101,39 @@ func (m *MetricSet) Fetch(r mb.ReporterV2) error { return nil } +// Diagnostics implmements the DiagnosticSet interface +func (m *MetricSet) Diagnostics() []diagnostics.DiagnosticSetup { + m.Logger().Infof("got DiagnosticSetup request for system/cpu") + if runtime.GOOS == "linux" { + return []diagnostics.DiagnosticSetup{ + { + Name: "cpu-stat", + Description: "/proc/stat file", + Filename: "stat", + Callback: m.fetchRawCPU, + }, + { + Name: "cpu-cpuinfo", + Description: "/proc/cpuinfo file", + Filename: "cpuinfo", + Callback: m.fetchCPUInfo, + }, + } + } + return nil + +} + +func (m *MetricSet) fetchRawCPU() []byte { + sys := m.BaseMetricSet.Module().(resolve.Resolver) + return diagnostics.GetRawFileOrErrorString(sys, "/proc/stat") +} + +func (m *MetricSet) fetchCPUInfo() []byte { + sys := m.BaseMetricSet.Module().(resolve.Resolver) + return diagnostics.GetRawFileOrErrorString(sys, "/proc/cpuinfo") +} + // copyFieldsOrDefault copies the field specified by key to the given map. It will // overwrite the key if it exists. It will update the map with a default value if // the key does not exist in the source map. diff --git a/metricbeat/module/system/diskio/diskio.go b/metricbeat/module/system/diskio/diskio.go index 5693c2458f07..e57dc19560fc 100644 --- a/metricbeat/module/system/diskio/diskio.go +++ b/metricbeat/module/system/diskio/diskio.go @@ -20,14 +20,15 @@ package diskio import ( + "fmt" "runtime" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" "github.com/elastic/beats/v7/metricbeat/mb" "github.com/elastic/beats/v7/metricbeat/mb/parse" "github.com/elastic/elastic-agent-libs/mapstr" "github.com/elastic/elastic-agent-system-metrics/metric/system/diskio" - - "github.com/pkg/errors" + "github.com/elastic/elastic-agent-system-metrics/metric/system/resolve" ) func init() { @@ -72,11 +73,15 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { func (m *MetricSet) Fetch(r mb.ReporterV2) error { stats, err := diskio.IOCounters(m.includeDevices...) if err != nil { - return errors.Wrap(err, "disk io counters") + return fmt.Errorf("disk io counters: %w", err) } // Sample the current cpu counter - m.statistics.OpenSampling() + err = m.statistics.OpenSampling() + // CPU sampling does not seem to be used by any of the diskio metrics we're using. Mostly used by iostat. + if err != nil { + m.Logger().Warnf("Error in CPU sampling for diskio: %w", err) + } // Store the last cpu counter when finished defer m.statistics.CloseSampling() @@ -142,3 +147,21 @@ func (m *MetricSet) Fetch(r mb.ReporterV2) error { return nil } + +// Diagnostics implmements the DiagnosticSet interface +func (m *MetricSet) Diagnostics() []diagnostics.DiagnosticSetup { + m.Logger().Infof("got DiagnosticSetup request for system/memory") + return []diagnostics.DiagnosticSetup{ + { + Name: "diskio-diskstats", + Description: "Contents of /proc/diskstats", + Filename: "diskstats", + Callback: m.diagDiskstats, + }, + } +} + +func (m *MetricSet) diagDiskstats() []byte { + sys := m.BaseMetricSet.Module().(resolve.Resolver) + return diagnostics.GetRawFileOrErrorString(sys, "/proc/diskstats") +} diff --git a/metricbeat/module/system/filesystem/filesystem.go b/metricbeat/module/system/filesystem/filesystem.go index 71b8b853f4f7..a3c58a19bdae 100644 --- a/metricbeat/module/system/filesystem/filesystem.go +++ b/metricbeat/module/system/filesystem/filesystem.go @@ -23,6 +23,7 @@ import ( "fmt" "strings" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" "github.com/elastic/beats/v7/libbeat/common/transform/typeconv" "github.com/elastic/beats/v7/metricbeat/mb" @@ -105,3 +106,32 @@ func (m *MetricSet) Fetch(r mb.ReporterV2) error { } return nil } + +// Diagnostics implmements the DiagnosticSet interface +func (m *MetricSet) Diagnostics() []diagnostics.DiagnosticSetup { + m.Logger().Infof("got DiagnosticSetup request for system/memory") + return []diagnostics.DiagnosticSetup{ + { + Name: "filesystem-filesystems", + Description: "Contents of /proc/filesystems", + Filename: "filesystems", + Callback: m.filesystemsDiag, + }, + { + Name: "filesystem-mounts", + Description: "Contents of /proc/mounts", + Filename: "mounts", + Callback: m.mountsDiag, + }, + } +} + +func (m *MetricSet) filesystemsDiag() []byte { + sys := m.BaseMetricSet.Module().(resolve.Resolver) + return diagnostics.GetRawFileOrErrorString(sys, "/proc/filesystems") +} + +func (m *MetricSet) mountsDiag() []byte { + sys := m.BaseMetricSet.Module().(resolve.Resolver) + return diagnostics.GetRawFileOrErrorString(sys, "/proc/mounts") +} diff --git a/metricbeat/module/system/fsstat/fsstat.go b/metricbeat/module/system/fsstat/fsstat.go index a9e667242924..3d04fbfb7e99 100644 --- a/metricbeat/module/system/fsstat/fsstat.go +++ b/metricbeat/module/system/fsstat/fsstat.go @@ -24,6 +24,7 @@ import ( "runtime" "strings" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" "github.com/elastic/beats/v7/metricbeat/mb" "github.com/elastic/beats/v7/metricbeat/mb/parse" "github.com/elastic/beats/v7/metricbeat/module/system/filesystem" @@ -112,3 +113,32 @@ func (m *MetricSet) Fetch(r mb.ReporterV2) error { return nil } + +// Diagnostics implmements the DiagnosticSet interface +func (m *MetricSet) Diagnostics() []diagnostics.DiagnosticSetup { + m.Logger().Infof("got DiagnosticSetup request for system/memory") + return []diagnostics.DiagnosticSetup{ + { + Name: "fsstat-filesystems", + Description: "Contents of /proc/filesystems", + Filename: "filesystems", + Callback: m.filesystemsDiag, + }, + { + Name: "fsstat-mounts", + Description: "Contents of /proc/mounts", + Filename: "mounts", + Callback: m.mountsDiag, + }, + } +} + +func (m *MetricSet) filesystemsDiag() []byte { + sys := m.BaseMetricSet.Module().(resolve.Resolver) + return diagnostics.GetRawFileOrErrorString(sys, "/proc/filesystems") +} + +func (m *MetricSet) mountsDiag() []byte { + sys := m.BaseMetricSet.Module().(resolve.Resolver) + return diagnostics.GetRawFileOrErrorString(sys, "/proc/mounts") +} diff --git a/metricbeat/module/system/memory/memory.go b/metricbeat/module/system/memory/memory.go index eb3c56142959..8487fcc00834 100644 --- a/metricbeat/module/system/memory/memory.go +++ b/metricbeat/module/system/memory/memory.go @@ -20,8 +20,10 @@ package memory import ( - "github.com/pkg/errors" + "fmt" + "runtime" + "github.com/elastic/beats/v7/libbeat/common/diagnostics" "github.com/elastic/beats/v7/metricbeat/mb" "github.com/elastic/beats/v7/metricbeat/mb/parse" "github.com/elastic/elastic-agent-libs/mapstr" @@ -54,7 +56,7 @@ func (m *MetricSet) Fetch(r mb.ReporterV2) error { eventRaw, err := metrics.Get(m.mod) if err != nil { - return errors.Wrap(err, "error fetching memory metrics") + return fmt.Errorf("error fetching memory metrics: %w", err) } memory := mapstr.M{} @@ -68,3 +70,22 @@ func (m *MetricSet) Fetch(r mb.ReporterV2) error { return nil } + +// Diagnostics implmements the DiagnosticSet interface +func (m *MetricSet) Diagnostics() []diagnostics.DiagnosticSetup { + m.Logger().Infof("got DiagnosticSetup request for system/memory") + if runtime.GOOS == "linux" { + return []diagnostics.DiagnosticSetup{{ + Name: "memory-meminfo", + Description: "/proc/meminfo file", + Filename: "meminfo", + Callback: m.getMemDiagnostic, + }} + } + return nil +} + +func (m *MetricSet) getMemDiagnostic() []byte { + sys := m.BaseMetricSet.Module().(resolve.Resolver) + return diagnostics.GetRawFileOrErrorString(sys, "/proc/meminfo") +} diff --git a/metricbeat/module/system/service/dbus.go b/metricbeat/module/system/service/dbus.go index 87d04b6b3058..c9d56939bd1e 100644 --- a/metricbeat/module/system/service/dbus.go +++ b/metricbeat/module/system/service/dbus.go @@ -20,6 +20,7 @@ package service import ( + "context" "encoding/xml" "fmt" "os" @@ -28,8 +29,7 @@ import ( "strings" "github.com/coreos/go-systemd/v22/dbus" - dbusRaw "github.com/godbus/dbus" - "github.com/pkg/errors" + dbusRaw "github.com/godbus/dbus/v5" ) type unitFetcher func(conn *dbus.Conn, states, patterns []string) ([]dbus.UnitStatus, error) @@ -41,18 +41,18 @@ func instrospectForUnitMethods() (unitFetcher, error) { //setup a dbus connection conn, err := dbusRaw.SystemBusPrivate() if err != nil { - return nil, errors.Wrap(err, "error getting connection to system bus") + return nil, fmt.Errorf("error getting connection to system bus: %w", err) } auth := dbusRaw.AuthExternal(strconv.Itoa(os.Getuid())) err = conn.Auth([]dbusRaw.Auth{auth}) if err != nil { - return nil, errors.Wrap(err, "error authenticating") + return nil, fmt.Errorf("error authenticating: %w", err) } err = conn.Hello() if err != nil { - return nil, errors.Wrap(err, "error in Hello") + return nil, fmt.Errorf("error in Hello: %w", err) } var props string @@ -61,12 +61,12 @@ func instrospectForUnitMethods() (unitFetcher, error) { obj := conn.Object("org.freedesktop.systemd1", dbusRaw.ObjectPath("/org/freedesktop/systemd1")) err = obj.Call("org.freedesktop.DBus.Introspectable.Introspect", 0).Store(&props) if err != nil { - return nil, errors.Wrap(err, "error calling dbus") + return nil, fmt.Errorf("error calling dbus: %w", err) } unitMap, err := parseXMLAndReturnMethods(props) if err != nil { - return nil, errors.Wrap(err, "error handling XML") + return nil, fmt.Errorf("error handling XML: %w", err) } //return a function callback ordered by desirability @@ -100,11 +100,11 @@ func parseXMLAndReturnMethods(str string) (map[string]bool, error) { err := xml.Unmarshal([]byte(str), &methods) if err != nil { - return nil, errors.Wrap(err, "error unmarshalling XML") + return nil, fmt.Errorf("error unmarshalling XML: %w", err) } if len(methods.Interface) == 0 { - return nil, errors.Wrap(err, "no methods found on introspect") + return nil, fmt.Errorf("no methods found on introspect: %w", err) } methodMap := make(map[string]bool) for _, iface := range methods.Interface { @@ -120,14 +120,14 @@ func parseXMLAndReturnMethods(str string) (map[string]bool, error) { // listUnitsByPatternWrapper is a bare wrapper for the unitFetcher type func listUnitsByPatternWrapper(conn *dbus.Conn, states, patterns []string) ([]dbus.UnitStatus, error) { - return conn.ListUnitsByPatterns(states, patterns) + return conn.ListUnitsByPatternsContext(context.Background(), states, patterns) } // listUnitsFilteredWrapper wraps the dbus ListUnitsFiltered method func listUnitsFilteredWrapper(conn *dbus.Conn, states, patterns []string) ([]dbus.UnitStatus, error) { - units, err := conn.ListUnitsFiltered(states) + units, err := conn.ListUnitsFilteredContext(context.Background(), states) if err != nil { - return nil, errors.Wrap(err, "ListUnitsFiltered error") + return nil, fmt.Errorf("ListUnitsFiltered error: %w", err) } return matchUnitPatterns(patterns, units) @@ -135,14 +135,14 @@ func listUnitsFilteredWrapper(conn *dbus.Conn, states, patterns []string) ([]dbu // listUnitsWrapper wraps the dbus ListUnits method func listUnitsWrapper(conn *dbus.Conn, states, patterns []string) ([]dbus.UnitStatus, error) { - units, err := conn.ListUnits() + units, err := conn.ListUnitsContext(context.Background()) if err != nil { - return nil, errors.Wrap(err, "ListUnits error") + return nil, fmt.Errorf("ListUnits error: %w", err) } units, err = matchUnitPatterns(patterns, units) if err != nil { - return nil, errors.Wrap(err, "error matching unit patterns") + return nil, fmt.Errorf("error matching unit patterns: %w", err) } finalUnits := matchUnitState(states, units) @@ -180,7 +180,7 @@ func matchUnitPatterns(patterns []string, units []dbus.UnitStatus) ([]dbus.UnitS for _, pattern := range patterns { match, err := filepath.Match(pattern, unit.Name) if err != nil { - return nil, errors.Wrapf(err, "error matching with pattern %s", pattern) + return nil, fmt.Errorf("error matching with pattern %s: %w", pattern, err) } if match { matchUnits = append(matchUnits, unit) diff --git a/metricbeat/module/system/service/service_unit_test.go b/metricbeat/module/system/service/service_unit_test.go new file mode 100644 index 000000000000..eb299faec958 --- /dev/null +++ b/metricbeat/module/system/service/service_unit_test.go @@ -0,0 +1,53 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +//go:build linux && !integration + +package service + +import ( + "context" + "os" + "runtime" + "testing" + + "github.com/coreos/go-systemd/v22/dbus" + "github.com/stretchr/testify/require" +) + +func TestDbusEnvConnection(t *testing.T) { + if runtime.GOOS != "linux" { + t.Skip("Test is linux-only") + } + + // Set specific env var + // This format is for the newer versions of the godbus/dbus library + // Older versions use a format with out the `path` prefix. + err := os.Setenv("DBUS_SYSTEM_BUS_ADDRESS", "unix:path=/var/run/dbus/system_bus_socket") + require.NoError(t, err) + + // call internal dbus functions + // This calls a lower-level bus library + conn, err := instrospectForUnitMethods() + require.NoError(t, err) + require.NotNil(t, conn) + + // test the higher-level systemd library + _, err = dbus.NewWithContext(context.Background()) + require.NoError(t, err) + +} diff --git a/metricbeat/module/system/users/dbus.go b/metricbeat/module/system/users/dbus.go index 6087569d28af..c2a62a1f9b4e 100644 --- a/metricbeat/module/system/users/dbus.go +++ b/metricbeat/module/system/users/dbus.go @@ -24,8 +24,7 @@ import ( "os" "strconv" - "github.com/godbus/dbus" - "github.com/pkg/errors" + "github.com/godbus/dbus/v5" ) const ( @@ -59,19 +58,19 @@ type loginSession struct { func initDbusConnection() (*dbus.Conn, error) { conn, err := dbus.SystemBusPrivate() if err != nil { - return nil, errors.Wrap(err, "error getting connection to system bus") + return nil, fmt.Errorf("error getting connection to system bus: %w", err) } auth := dbus.AuthExternal(strconv.Itoa(os.Getuid())) err = conn.Auth([]dbus.Auth{auth}) if err != nil { - return nil, errors.Wrap(err, "error authenticating") + return nil, fmt.Errorf("error authenticating: %w", err) } err = conn.Hello() if err != nil { - return nil, errors.Wrap(err, "error in Hello") + return nil, fmt.Errorf("error in Hello: %w", err) } return conn, nil @@ -85,7 +84,7 @@ func getSessionProps(conn *dbus.Conn, path dbus.ObjectPath) (sessionInfo, error) err := busObj.Call(getAll, 0, "").Store(&props) if err != nil { - return sessionInfo{}, errors.Wrap(err, "error calling DBus") + return sessionInfo{}, fmt.Errorf("error calling DBus: %w", err) } return formatSessionProps(props) @@ -156,7 +155,7 @@ func listSessions(conn *dbus.Conn) ([]loginSession, error) { var props [][]dbus.Variant if err := busObj.Call(sessionList, 0).Store(&props); err != nil { - return nil, errors.Wrap(err, "error calling dbus") + return nil, fmt.Errorf("error calling dbus: %w", err) } return formatSessionList(props) } diff --git a/metricbeat/module/system/users/users.go b/metricbeat/module/system/users/users.go index 1decd606ad38..9ad450a67b05 100644 --- a/metricbeat/module/system/users/users.go +++ b/metricbeat/module/system/users/users.go @@ -20,11 +20,11 @@ package users import ( + "fmt" "net" "strconv" - "github.com/godbus/dbus" - "github.com/pkg/errors" + "github.com/godbus/dbus/v5" "github.com/elastic/beats/v7/libbeat/common/cfgwarn" "github.com/elastic/beats/v7/metricbeat/mb" @@ -56,7 +56,7 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { conn, err := initDbusConnection() if err != nil { - return nil, errors.Wrap(err, "error connecting to dbus") + return nil, fmt.Errorf("error connecting to dbus: %w", err) } return &MetricSet{ @@ -72,11 +72,13 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { func (m *MetricSet) Fetch(report mb.ReporterV2) error { sessions, err := listSessions(m.conn) if err != nil { - return errors.Wrap(err, "error listing sessions") + return fmt.Errorf("error listing sessions: %w", err) } - eventMapping(m.conn, sessions, report) - + err = eventMapping(m.conn, sessions, report) + if err != nil { + return fmt.Errorf("error formatting event: %w", err) + } return nil } @@ -87,7 +89,7 @@ func eventMapping(conn *dbus.Conn, sessions []loginSession, report mb.ReporterV2 props, err := getSessionProps(conn, session.Path) if err != nil { - return errors.Wrap(err, "error getting properties") + return fmt.Errorf("error getting properties: %w", err) } event := mapstr.M{ diff --git a/metricbeat/module/system/users/users_test.go b/metricbeat/module/system/users/users_test.go index c3761575be8b..2fb3b3cc53a6 100644 --- a/metricbeat/module/system/users/users_test.go +++ b/metricbeat/module/system/users/users_test.go @@ -22,7 +22,7 @@ package users import ( "testing" - "github.com/godbus/dbus" + "github.com/godbus/dbus/v5" "github.com/stretchr/testify/assert" ) @@ -54,23 +54,3 @@ func TestFormatSession(t *testing.T) { assert.NoError(t, err) assert.Equal(t, goodOut, output) } - -func TestFormatSessionList(t *testing.T) { - testIn := [][]dbus.Variant{ - {dbus.MakeVariant("6"), dbus.MakeVariant(uint32(1000)), dbus.MakeVariant("user"), dbus.MakeVariant(""), dbus.MakeVariant(dbus.ObjectPath("/path/to/object"))}, - } - - goodOut := []loginSession{{ - ID: "6", - UID: uint32(1000), - User: "user", - Seat: "", - Path: dbus.ObjectPath("/path/to/object"), - }, - } - - output, err := formatSessionList(testIn) - assert.NoError(t, err) - assert.Equal(t, goodOut, output) - -} diff --git a/metricbeat/module/system/users/users_unit_test.go b/metricbeat/module/system/users/users_unit_test.go new file mode 100644 index 000000000000..1cbc8424b1bb --- /dev/null +++ b/metricbeat/module/system/users/users_unit_test.go @@ -0,0 +1,47 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +//go:build linux && !integration + +package users + +import ( + "testing" + + "github.com/godbus/dbus/v5" + "github.com/stretchr/testify/assert" +) + +func TestFormatSessionList(t *testing.T) { + testIn := [][]dbus.Variant{ + {dbus.MakeVariant("6"), dbus.MakeVariant(uint32(1000)), dbus.MakeVariant("user"), dbus.MakeVariant(""), dbus.MakeVariant(dbus.ObjectPath("/path/to/object"))}, + } + + goodOut := []loginSession{{ + ID: "6", + UID: uint32(1000), + User: "user", + Seat: "", + Path: dbus.ObjectPath("/path/to/object"), + }, + } + + output, err := formatSessionList(testIn) + assert.NoError(t, err) + assert.Equal(t, goodOut, output) + +} diff --git a/metricbeat/modules.d/aerospike.yml.disabled b/metricbeat/modules.d/aerospike.yml.disabled index 5294b90301ed..a2fbdf83d2ce 100644 --- a/metricbeat/modules.d/aerospike.yml.disabled +++ b/metricbeat/modules.d/aerospike.yml.disabled @@ -1,5 +1,5 @@ # Module: aerospike -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-aerospike.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-aerospike.html - module: aerospike #metricsets: diff --git a/metricbeat/modules.d/apache.yml.disabled b/metricbeat/modules.d/apache.yml.disabled index 9c3adaa97d80..28e34fe429ad 100644 --- a/metricbeat/modules.d/apache.yml.disabled +++ b/metricbeat/modules.d/apache.yml.disabled @@ -1,5 +1,5 @@ # Module: apache -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-apache.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-apache.html - module: apache #metricsets: diff --git a/metricbeat/modules.d/beat-xpack.yml.disabled b/metricbeat/modules.d/beat-xpack.yml.disabled index 98cd8c7edefb..0d254a465a1b 100644 --- a/metricbeat/modules.d/beat-xpack.yml.disabled +++ b/metricbeat/modules.d/beat-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: beat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-beat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-beat.html - module: beat xpack.enabled: true diff --git a/metricbeat/modules.d/beat.yml.disabled b/metricbeat/modules.d/beat.yml.disabled index cb26d83a5cf6..af2907f77b44 100644 --- a/metricbeat/modules.d/beat.yml.disabled +++ b/metricbeat/modules.d/beat.yml.disabled @@ -1,5 +1,5 @@ # Module: beat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-beat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-beat.html - module: beat metricsets: diff --git a/metricbeat/modules.d/ceph-mgr.yml.disabled b/metricbeat/modules.d/ceph-mgr.yml.disabled index 9d06114f79f7..84932d3f4c03 100644 --- a/metricbeat/modules.d/ceph-mgr.yml.disabled +++ b/metricbeat/modules.d/ceph-mgr.yml.disabled @@ -1,5 +1,5 @@ # Module: ceph -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-ceph.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-ceph.html - module: ceph metricsets: diff --git a/metricbeat/modules.d/ceph.yml.disabled b/metricbeat/modules.d/ceph.yml.disabled index 550ea8fe6ea4..7e875b274bd9 100644 --- a/metricbeat/modules.d/ceph.yml.disabled +++ b/metricbeat/modules.d/ceph.yml.disabled @@ -1,5 +1,5 @@ # Module: ceph -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-ceph.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-ceph.html - module: ceph #metricsets: diff --git a/metricbeat/modules.d/consul.yml.disabled b/metricbeat/modules.d/consul.yml.disabled index 9344dd8c999f..d9b9dc5085d9 100644 --- a/metricbeat/modules.d/consul.yml.disabled +++ b/metricbeat/modules.d/consul.yml.disabled @@ -1,5 +1,5 @@ # Module: consul -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-consul.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-consul.html - module: consul metricsets: diff --git a/metricbeat/modules.d/couchbase.yml.disabled b/metricbeat/modules.d/couchbase.yml.disabled index 088f98b45c5c..fbb8a53b4caa 100644 --- a/metricbeat/modules.d/couchbase.yml.disabled +++ b/metricbeat/modules.d/couchbase.yml.disabled @@ -1,5 +1,5 @@ # Module: couchbase -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-couchbase.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-couchbase.html - module: couchbase #metricsets: diff --git a/metricbeat/modules.d/couchdb.yml.disabled b/metricbeat/modules.d/couchdb.yml.disabled index 2a2eb9a5613b..265878fc9db4 100644 --- a/metricbeat/modules.d/couchdb.yml.disabled +++ b/metricbeat/modules.d/couchdb.yml.disabled @@ -1,5 +1,5 @@ # Module: couchdb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-couchdb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-couchdb.html - module: couchdb metricsets: ["server"] diff --git a/metricbeat/modules.d/docker.yml.disabled b/metricbeat/modules.d/docker.yml.disabled index 88af5d212889..bf5950eb6e79 100644 --- a/metricbeat/modules.d/docker.yml.disabled +++ b/metricbeat/modules.d/docker.yml.disabled @@ -1,5 +1,5 @@ # Module: docker -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-docker.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-docker.html - module: docker #metricsets: diff --git a/metricbeat/modules.d/dropwizard.yml.disabled b/metricbeat/modules.d/dropwizard.yml.disabled index 1103a314d1d5..5baa63494528 100644 --- a/metricbeat/modules.d/dropwizard.yml.disabled +++ b/metricbeat/modules.d/dropwizard.yml.disabled @@ -1,5 +1,5 @@ # Module: dropwizard -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-dropwizard.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-dropwizard.html - module: dropwizard #metricsets: diff --git a/metricbeat/modules.d/elasticsearch-xpack.yml.disabled b/metricbeat/modules.d/elasticsearch-xpack.yml.disabled index d89c8b5d29b8..c7f57b84f541 100644 --- a/metricbeat/modules.d/elasticsearch-xpack.yml.disabled +++ b/metricbeat/modules.d/elasticsearch-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-elasticsearch.html - module: elasticsearch xpack.enabled: true diff --git a/metricbeat/modules.d/elasticsearch.yml.disabled b/metricbeat/modules.d/elasticsearch.yml.disabled index aadd41d59468..271f927e301e 100644 --- a/metricbeat/modules.d/elasticsearch.yml.disabled +++ b/metricbeat/modules.d/elasticsearch.yml.disabled @@ -1,5 +1,5 @@ # Module: elasticsearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-elasticsearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-elasticsearch.html - module: elasticsearch #metricsets: diff --git a/metricbeat/modules.d/envoyproxy.yml.disabled b/metricbeat/modules.d/envoyproxy.yml.disabled index ca75daff0850..67d638f0b484 100644 --- a/metricbeat/modules.d/envoyproxy.yml.disabled +++ b/metricbeat/modules.d/envoyproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: envoyproxy -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-envoyproxy.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-envoyproxy.html - module: envoyproxy #metricsets: diff --git a/metricbeat/modules.d/etcd.yml.disabled b/metricbeat/modules.d/etcd.yml.disabled index 5aa30fb86e7a..5a6fa8cd1791 100644 --- a/metricbeat/modules.d/etcd.yml.disabled +++ b/metricbeat/modules.d/etcd.yml.disabled @@ -1,5 +1,5 @@ # Module: etcd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-etcd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-etcd.html - module: etcd #metricsets: diff --git a/metricbeat/modules.d/golang.yml.disabled b/metricbeat/modules.d/golang.yml.disabled index 9f9e5624fa30..8bb65e090e18 100644 --- a/metricbeat/modules.d/golang.yml.disabled +++ b/metricbeat/modules.d/golang.yml.disabled @@ -1,5 +1,5 @@ # Module: golang -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-golang.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-golang.html - module: golang #metricsets: diff --git a/metricbeat/modules.d/graphite.yml.disabled b/metricbeat/modules.d/graphite.yml.disabled index 3354715923c4..78f7c32b3047 100644 --- a/metricbeat/modules.d/graphite.yml.disabled +++ b/metricbeat/modules.d/graphite.yml.disabled @@ -1,5 +1,5 @@ # Module: graphite -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-graphite.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-graphite.html - module: graphite #metricsets: diff --git a/metricbeat/modules.d/haproxy.yml.disabled b/metricbeat/modules.d/haproxy.yml.disabled index e95f687253d2..2c61ee0c55dd 100644 --- a/metricbeat/modules.d/haproxy.yml.disabled +++ b/metricbeat/modules.d/haproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: haproxy -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-haproxy.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-haproxy.html - module: haproxy #metricsets: diff --git a/metricbeat/modules.d/http.yml.disabled b/metricbeat/modules.d/http.yml.disabled index 63ebd2ee0935..0ce5b5c0f85c 100644 --- a/metricbeat/modules.d/http.yml.disabled +++ b/metricbeat/modules.d/http.yml.disabled @@ -1,5 +1,5 @@ # Module: http -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-http.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-http.html - module: http #metricsets: diff --git a/metricbeat/modules.d/jolokia.yml.disabled b/metricbeat/modules.d/jolokia.yml.disabled index b58782353ecd..2190273485f9 100644 --- a/metricbeat/modules.d/jolokia.yml.disabled +++ b/metricbeat/modules.d/jolokia.yml.disabled @@ -1,5 +1,5 @@ # Module: jolokia -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-jolokia.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-jolokia.html - module: jolokia #metricsets: ["jmx"] diff --git a/metricbeat/modules.d/kafka.yml.disabled b/metricbeat/modules.d/kafka.yml.disabled index afafa7e5a4c5..1e0db5d517b8 100644 --- a/metricbeat/modules.d/kafka.yml.disabled +++ b/metricbeat/modules.d/kafka.yml.disabled @@ -1,5 +1,5 @@ # Module: kafka -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kafka.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-kafka.html # Kafka metrics collected using the Kafka protocol - module: kafka diff --git a/metricbeat/modules.d/kibana-xpack.yml.disabled b/metricbeat/modules.d/kibana-xpack.yml.disabled index 91471a7c212b..dd6b4d939a2e 100644 --- a/metricbeat/modules.d/kibana-xpack.yml.disabled +++ b/metricbeat/modules.d/kibana-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-kibana.html - module: kibana xpack.enabled: true diff --git a/metricbeat/modules.d/kibana.yml.disabled b/metricbeat/modules.d/kibana.yml.disabled index 27ca4b1a05fe..78f769cd65e1 100644 --- a/metricbeat/modules.d/kibana.yml.disabled +++ b/metricbeat/modules.d/kibana.yml.disabled @@ -1,5 +1,5 @@ # Module: kibana -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kibana.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-kibana.html - module: kibana #metricsets: diff --git a/metricbeat/modules.d/kubernetes.yml.disabled b/metricbeat/modules.d/kubernetes.yml.disabled index 23bd210a8357..02baebb8bb7f 100644 --- a/metricbeat/modules.d/kubernetes.yml.disabled +++ b/metricbeat/modules.d/kubernetes.yml.disabled @@ -1,5 +1,5 @@ # Module: kubernetes -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kubernetes.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-kubernetes.html # Node metrics, from kubelet: - module: kubernetes diff --git a/metricbeat/modules.d/kvm.yml.disabled b/metricbeat/modules.d/kvm.yml.disabled index 00e06354b0b2..8450e1afc6d1 100644 --- a/metricbeat/modules.d/kvm.yml.disabled +++ b/metricbeat/modules.d/kvm.yml.disabled @@ -1,5 +1,5 @@ # Module: kvm -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-kvm.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-kvm.html - module: kvm #metricsets: diff --git a/metricbeat/modules.d/linux.yml.disabled b/metricbeat/modules.d/linux.yml.disabled index 2c28e8bcbd07..df7311017bf9 100644 --- a/metricbeat/modules.d/linux.yml.disabled +++ b/metricbeat/modules.d/linux.yml.disabled @@ -1,5 +1,5 @@ # Module: linux -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-linux.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-linux.html - module: linux period: 10s diff --git a/metricbeat/modules.d/logstash-xpack.yml.disabled b/metricbeat/modules.d/logstash-xpack.yml.disabled index b00f4479919a..db78289f2a86 100644 --- a/metricbeat/modules.d/logstash-xpack.yml.disabled +++ b/metricbeat/modules.d/logstash-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-logstash.html - module: logstash xpack.enabled: true diff --git a/metricbeat/modules.d/logstash.yml.disabled b/metricbeat/modules.d/logstash.yml.disabled index 90274a3c7281..72ea8231ff4b 100644 --- a/metricbeat/modules.d/logstash.yml.disabled +++ b/metricbeat/modules.d/logstash.yml.disabled @@ -1,5 +1,5 @@ # Module: logstash -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-logstash.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-logstash.html - module: logstash #metricsets: diff --git a/metricbeat/modules.d/memcached.yml.disabled b/metricbeat/modules.d/memcached.yml.disabled index 0df976bb0bf6..7037988cc354 100644 --- a/metricbeat/modules.d/memcached.yml.disabled +++ b/metricbeat/modules.d/memcached.yml.disabled @@ -1,5 +1,5 @@ # Module: memcached -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-memcached.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-memcached.html - module: memcached # metricsets: ["stats"] diff --git a/metricbeat/modules.d/mongodb.yml.disabled b/metricbeat/modules.d/mongodb.yml.disabled index 48705eae39f6..0d4c26be4a5a 100644 --- a/metricbeat/modules.d/mongodb.yml.disabled +++ b/metricbeat/modules.d/mongodb.yml.disabled @@ -1,5 +1,5 @@ # Module: mongodb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-mongodb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-mongodb.html - module: mongodb #metricsets: diff --git a/metricbeat/modules.d/munin.yml.disabled b/metricbeat/modules.d/munin.yml.disabled index 803d200561ba..d42b1d9919ec 100644 --- a/metricbeat/modules.d/munin.yml.disabled +++ b/metricbeat/modules.d/munin.yml.disabled @@ -1,5 +1,5 @@ # Module: munin -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-munin.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-munin.html - module: munin #metricsets: diff --git a/metricbeat/modules.d/mysql.yml.disabled b/metricbeat/modules.d/mysql.yml.disabled index 2913f5af8bc8..2b3371b18904 100644 --- a/metricbeat/modules.d/mysql.yml.disabled +++ b/metricbeat/modules.d/mysql.yml.disabled @@ -1,5 +1,5 @@ # Module: mysql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-mysql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-mysql.html - module: mysql #metricsets: diff --git a/metricbeat/modules.d/nats.yml.disabled b/metricbeat/modules.d/nats.yml.disabled index e1e751cdb495..d398ac0be432 100644 --- a/metricbeat/modules.d/nats.yml.disabled +++ b/metricbeat/modules.d/nats.yml.disabled @@ -1,5 +1,5 @@ # Module: nats -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-nats.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-nats.html - module: nats metricsets: diff --git a/metricbeat/modules.d/nginx.yml.disabled b/metricbeat/modules.d/nginx.yml.disabled index 40c3bea92e55..786cc90edd6d 100644 --- a/metricbeat/modules.d/nginx.yml.disabled +++ b/metricbeat/modules.d/nginx.yml.disabled @@ -1,5 +1,5 @@ # Module: nginx -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-nginx.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-nginx.html - module: nginx #metricsets: diff --git a/metricbeat/modules.d/openmetrics.yml.disabled b/metricbeat/modules.d/openmetrics.yml.disabled index bebd339a1a27..ad933acedad0 100644 --- a/metricbeat/modules.d/openmetrics.yml.disabled +++ b/metricbeat/modules.d/openmetrics.yml.disabled @@ -1,5 +1,5 @@ # Module: openmetrics -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-openmetrics.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-openmetrics.html - module: openmetrics metricsets: ['collector'] diff --git a/metricbeat/modules.d/php_fpm.yml.disabled b/metricbeat/modules.d/php_fpm.yml.disabled index 0ca2ac5c1df1..08aaa3cc9579 100644 --- a/metricbeat/modules.d/php_fpm.yml.disabled +++ b/metricbeat/modules.d/php_fpm.yml.disabled @@ -1,5 +1,5 @@ # Module: php_fpm -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-php_fpm.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-php_fpm.html - module: php_fpm #metricsets: diff --git a/metricbeat/modules.d/postgresql.yml.disabled b/metricbeat/modules.d/postgresql.yml.disabled index fe2e5858dfb6..14ee2fc7acae 100644 --- a/metricbeat/modules.d/postgresql.yml.disabled +++ b/metricbeat/modules.d/postgresql.yml.disabled @@ -1,5 +1,5 @@ # Module: postgresql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-postgresql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-postgresql.html - module: postgresql #metricsets: diff --git a/metricbeat/modules.d/prometheus.yml.disabled b/metricbeat/modules.d/prometheus.yml.disabled index f829e3d89da3..82f455739319 100644 --- a/metricbeat/modules.d/prometheus.yml.disabled +++ b/metricbeat/modules.d/prometheus.yml.disabled @@ -1,5 +1,5 @@ # Module: prometheus -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-prometheus.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-prometheus.html # Metrics collected from a Prometheus endpoint - module: prometheus diff --git a/metricbeat/modules.d/rabbitmq.yml.disabled b/metricbeat/modules.d/rabbitmq.yml.disabled index b6967556f838..ed0d81595719 100644 --- a/metricbeat/modules.d/rabbitmq.yml.disabled +++ b/metricbeat/modules.d/rabbitmq.yml.disabled @@ -1,5 +1,5 @@ # Module: rabbitmq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-rabbitmq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-rabbitmq.html - module: rabbitmq #metricsets: diff --git a/metricbeat/modules.d/redis.yml.disabled b/metricbeat/modules.d/redis.yml.disabled index 8b520cf39e85..d2ad5abda481 100644 --- a/metricbeat/modules.d/redis.yml.disabled +++ b/metricbeat/modules.d/redis.yml.disabled @@ -1,5 +1,5 @@ # Module: redis -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-redis.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-redis.html - module: redis #metricsets: diff --git a/metricbeat/modules.d/system.yml b/metricbeat/modules.d/system.yml index 4123ea00f332..3c511e77439d 100644 --- a/metricbeat/modules.d/system.yml +++ b/metricbeat/modules.d/system.yml @@ -1,5 +1,5 @@ # Module: system -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-system.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-system.html - module: system period: 10s diff --git a/metricbeat/modules.d/traefik.yml.disabled b/metricbeat/modules.d/traefik.yml.disabled index b186538f4e19..35326a4ec4aa 100644 --- a/metricbeat/modules.d/traefik.yml.disabled +++ b/metricbeat/modules.d/traefik.yml.disabled @@ -1,5 +1,5 @@ # Module: traefik -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-traefik.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-traefik.html - module: traefik metricsets: ["health"] diff --git a/metricbeat/modules.d/uwsgi.yml.disabled b/metricbeat/modules.d/uwsgi.yml.disabled index 7ac6322064c1..f758061b65a7 100644 --- a/metricbeat/modules.d/uwsgi.yml.disabled +++ b/metricbeat/modules.d/uwsgi.yml.disabled @@ -1,5 +1,5 @@ # Module: uwsgi -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-uwsgi.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-uwsgi.html - module: uwsgi #metricsets: diff --git a/metricbeat/modules.d/vsphere.yml.disabled b/metricbeat/modules.d/vsphere.yml.disabled index 874b3b5b2e89..c56a9b1ac334 100644 --- a/metricbeat/modules.d/vsphere.yml.disabled +++ b/metricbeat/modules.d/vsphere.yml.disabled @@ -1,5 +1,5 @@ # Module: vsphere -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-vsphere.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-vsphere.html - module: vsphere #metricsets: diff --git a/metricbeat/modules.d/windows.yml.disabled b/metricbeat/modules.d/windows.yml.disabled index afe1af593116..717e52655a2c 100644 --- a/metricbeat/modules.d/windows.yml.disabled +++ b/metricbeat/modules.d/windows.yml.disabled @@ -1,5 +1,5 @@ # Module: windows -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-windows.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-windows.html - module: windows metricsets: diff --git a/metricbeat/modules.d/zookeeper.yml.disabled b/metricbeat/modules.d/zookeeper.yml.disabled index f8d16c527a66..7d44efb938ee 100644 --- a/metricbeat/modules.d/zookeeper.yml.disabled +++ b/metricbeat/modules.d/zookeeper.yml.disabled @@ -1,5 +1,5 @@ # Module: zookeeper -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-zookeeper.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-zookeeper.html - module: zookeeper #metricsets: diff --git a/packetbeat/Dockerfile b/packetbeat/Dockerfile index 3f337de00770..a8d1400fa533 100644 --- a/packetbeat/Dockerfile +++ b/packetbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.19.9 +FROM golang:1.19.10 RUN \ apt-get update \ diff --git a/packetbeat/Jenkinsfile.yml b/packetbeat/Jenkinsfile.yml index 6f9488d7b944..f869315fe546 100644 --- a/packetbeat/Jenkinsfile.yml +++ b/packetbeat/Jenkinsfile.yml @@ -56,6 +56,11 @@ stages: - "macosM1Test" tags: false ## for all the tags stage: extended + rhel-9: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "rhel-9" + stage: mandatory windows-2022: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. diff --git a/packetbeat/_meta/config/beat.reference.yml.tmpl b/packetbeat/_meta/config/beat.reference.yml.tmpl index 90ce5e65c710..3a6319390d0b 100644 --- a/packetbeat/_meta/config/beat.reference.yml.tmpl +++ b/packetbeat/_meta/config/beat.reference.yml.tmpl @@ -44,6 +44,11 @@ packetbeat.interfaces.internal_networks: # The default is 30 MB. #packetbeat.interfaces.buffer_size_mb: 30 +# Set the polling frequency for interface metrics. This currently only applies +# to the "afpacket" interface type. +# The default is 5s (seconds). +#packetbeat.interfaces.metrics_interval: 5s + # To scale processing across multiple Packetbeat processes, a fanout group # identifier can be specified. When `fanout_group` is used the Linux kernel splits # packets across Packetbeat instances in the same group by using a flow hash. It diff --git a/packetbeat/beater/processor.go b/packetbeat/beater/processor.go index 4e9cf5d50eda..494b8f890b62 100644 --- a/packetbeat/beater/processor.go +++ b/packetbeat/beater/processor.go @@ -157,7 +157,7 @@ func (p *processorFactory) Create(pipeline beat.PipelineConnector, cfg *conf.C) if err != nil { return nil, err } - sniffer, err := setupSniffer(config, protocols, sniffer.DecodersFor(id, publisher, protocols, watcher, flows, config)) + sniffer, err := setupSniffer(id, config, protocols, sniffer.DecodersFor(id, publisher, protocols, watcher, flows, config)) if err != nil { return nil, err } @@ -196,7 +196,7 @@ func setupFlows(pipeline beat.Pipeline, watcher *procs.ProcessesWatcher, cfg con return flows.NewFlows(client.PublishAll, watcher, cfg.Flows) } -func setupSniffer(cfg config.Config, protocols *protos.ProtocolsStruct, decoders sniffer.Decoders) (*sniffer.Sniffer, error) { +func setupSniffer(id string, cfg config.Config, protocols *protos.ProtocolsStruct, decoders sniffer.Decoders) (*sniffer.Sniffer, error) { icmp, err := cfg.ICMP() if err != nil { return nil, err @@ -209,7 +209,7 @@ func setupSniffer(cfg config.Config, protocols *protos.ProtocolsStruct, decoders cfg.Interfaces[i].BpfFilter = protocols.BpfFilter(iface.WithVlans, icmp.Enabled()) } - return sniffer.New(false, "", decoders, cfg.Interfaces) + return sniffer.New(id, false, "", decoders, cfg.Interfaces) } // CheckConfig performs a dry-run creation of a Packetbeat pipeline based diff --git a/packetbeat/config/config.go b/packetbeat/config/config.go index 1b9687e5b0d6..13d00b89e44b 100644 --- a/packetbeat/config/config.go +++ b/packetbeat/config/config.go @@ -118,6 +118,7 @@ func (c Config) ICMP() (*conf.C, error) { type InterfaceConfig struct { Device string `config:"device"` PollDefaultRoute time.Duration `config:"poll_default_route"` + MetricsInterval time.Duration `config:"metrics_interval"` Type string `config:"type"` File string `config:"file"` WithVlans bool `config:"with_vlans"` diff --git a/packetbeat/docs/packetbeat-options.asciidoc b/packetbeat/docs/packetbeat-options.asciidoc index b9519caee15d..5266dac8d338 100644 --- a/packetbeat/docs/packetbeat-options.asciidoc +++ b/packetbeat/docs/packetbeat-options.asciidoc @@ -226,6 +226,23 @@ packetbeat.interfaces.type: af_packet packetbeat.interfaces.fanout_group: 1 ------------------------------------------------------------------------------ +[float] +==== `metrics_interval` + +Configure the metrics polling interval for supported interface types. Currently, +only `af_packet` is supported. + +The value must be a duration string. The default is `5s` (5 seconds). A value +less than or equal to zero will be set to the default value. + +Example: + +[source,yaml] +------------------------------------------------------------------------------ +packetbeat.interfaces.type: af_packet +packetbeat.interfaces.metrics_interval: 5s +------------------------------------------------------------------------------ + [float] ==== `auto_promisc_mode` diff --git a/packetbeat/docs/protocol-metrics-packetbeat.asciidoc b/packetbeat/docs/protocol-metrics-packetbeat.asciidoc index b877a2487390..4d9014f3a7a7 100644 --- a/packetbeat/docs/protocol-metrics-packetbeat.asciidoc +++ b/packetbeat/docs/protocol-metrics-packetbeat.asciidoc @@ -5,6 +5,21 @@ Packetbeat exposes per-protocol metrics under the < 0 && strings.HasPrefix(iface.Device, "default_route"), + id: id, decoders: decoders, log: s.log, } @@ -133,6 +138,9 @@ func New(testMode bool, _ string, decoders Decoders, interfaces []config.Interfa if iface.BufferSizeMb <= 0 { iface.BufferSizeMb = 24 } + if iface.MetricsInterval <= 0 { + iface.MetricsInterval = 5 * time.Second + } if t := iface.Type; t == "autodetect" || t == "" { iface.Type = "pcap" @@ -456,7 +464,7 @@ func (s *sniffer) open(device string) (snifferHandle, error) { case "pcap": return openPcap(device, s.filter, &s.config) case "af_packet": - return openAFPacket(device, s.filter, &s.config) + return openAFPacket(s.id, device, s.filter, &s.config) default: return nil, fmt.Errorf("unknown sniffer type for %s: %q", device, s.config.Type) } @@ -493,7 +501,7 @@ func openPcap(device, filter string, cfg *config.InterfaceConfig) (snifferHandle return h, nil } -func openAFPacket(device, filter string, cfg *config.InterfaceConfig) (snifferHandle, error) { +func openAFPacket(id, device, filter string, cfg *config.InterfaceConfig) (snifferHandle, error) { szFrame, szBlock, numBlocks, err := afpacketComputeSize(cfg.BufferSizeMb, cfg.Snaplen, os.Getpagesize()) if err != nil { return nil, err @@ -501,13 +509,15 @@ func openAFPacket(device, filter string, cfg *config.InterfaceConfig) (snifferHa timeout := 500 * time.Millisecond h, err := newAfpacketHandle(afPacketConfig{ - Device: device, - FrameSize: szFrame, - BlockSize: szBlock, - NumBlocks: numBlocks, - PollTimeout: timeout, - FanoutGroupID: cfg.FanoutGroup, - Promiscuous: cfg.EnableAutoPromiscMode, + ID: id, + Device: device, + FrameSize: szFrame, + BlockSize: szBlock, + NumBlocks: numBlocks, + PollTimeout: timeout, + MetricsInterval: cfg.MetricsInterval, + FanoutGroupID: cfg.FanoutGroup, + Promiscuous: cfg.EnableAutoPromiscMode, }) if err != nil { return nil, err diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index 1092d86898ed..69393ae344b9 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.9.0-554074dc-SNAPSHOT + image: docker.elastic.co/elasticsearch/elasticsearch:8.9.0-f5346fd1-SNAPSHOT # When extend is used it merges healthcheck.tests, see: # https://github.com/docker/compose/issues/8962 # healthcheck: @@ -31,7 +31,7 @@ services: - "./docker/elasticsearch/users_roles:/usr/share/elasticsearch/config/users_roles" logstash: - image: docker.elastic.co/logstash/logstash:8.9.0-554074dc-SNAPSHOT + image: docker.elastic.co/logstash/logstash:8.9.0-f5346fd1-SNAPSHOT healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 600 @@ -44,7 +44,7 @@ services: - 5055:5055 kibana: - image: docker.elastic.co/kibana/kibana:8.9.0-554074dc-SNAPSHOT + image: docker.elastic.co/kibana/kibana:8.9.0-f5346fd1-SNAPSHOT environment: - "ELASTICSEARCH_USERNAME=kibana_system_user" - "ELASTICSEARCH_PASSWORD=testing" diff --git a/x-pack/auditbeat/Jenkinsfile.yml b/x-pack/auditbeat/Jenkinsfile.yml index 6fc17c49d074..a8038c4d4dc7 100644 --- a/x-pack/auditbeat/Jenkinsfile.yml +++ b/x-pack/auditbeat/Jenkinsfile.yml @@ -57,6 +57,11 @@ stages: - "macosM1Test" tags: false ## for all the tags stage: extended + rhel-9: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "rhel-9" + stage: mandatory windows-2022: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. diff --git a/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc b/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc index 50bc1fe7f998..87e225524825 100644 --- a/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc @@ -120,8 +120,8 @@ characters. This only applies to non-JSON logs. See <<_encoding_3>>. ==== `expand_event_list_from_field` If the fileset using this input expects to receive multiple messages bundled -under a specific field then the config option `expand_event_list_from_field` -value can be assigned the name of the field. This setting will be able to split +under a specific field or an array of objects then the config option `expand_event_list_from_field` +value can be assigned the name of the field or `.[]`. This setting will be able to split the messages under the group value into separate events. For example, CloudTrail logs are in JSON format and events are found under the JSON object "Records". @@ -145,6 +145,23 @@ logs are in JSON format and events are found under the JSON object "Records". } ---- +Or when `expand_event_list_from_field` is set to `.[]`, an array of objects will be split +into separate events. + +["source","json"] +---- +[ + { + "id":"1234", + "message":"success" + }, + { + "id":"5678", + "message":"failure" + } +] +---- + Note: When `expand_event_list_from_field` parameter is given in the config, aws-s3 input will assume the logs are in JSON format and decode them as JSON. Content type will not be checked. If a file has "application/json" content-type, @@ -257,6 +274,12 @@ configuring multiline options. URL of the AWS SQS queue that messages will be received from. (Required when `bucket_arn` and `non_aws_bucket_name` are not set). +[float] +==== `region` + +The name of the AWS region of the end point. If this option is given it +takes precedence over the region name obtained from the `queue_url` value. + [float] ==== `visibility_timeout` diff --git a/x-pack/filebeat/docs/inputs/input-gcp-pubsub.asciidoc b/x-pack/filebeat/docs/inputs/input-gcp-pubsub.asciidoc index 8545065416f0..69e6313cad9c 100644 --- a/x-pack/filebeat/docs/inputs/input-gcp-pubsub.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-gcp-pubsub.asciidoc @@ -96,3 +96,20 @@ Default Credentials] (ADC). include::../../../../filebeat/docs/inputs/input-common-options.asciidoc[] :type!: + +[float] +=== Metrics + +This input exposes metrics under the <>. +These metrics are exposed under the `/inputs` path. They can be used to +observe the activity of the input. + +[options="header"] +|======= +| Metric | Description +| `acked_message_total` | Number of successfully ACKed messages. +| `failed_acked_message_total` | Number of failed ACKed messages. +| `nacked_message_total` | Number of NACKed messages. +| `bytes_processed_total` | Number of bytes processed. +| `processing_time` | Histogram of the elapsed time for processing an event in nanoseconds. +|======= \ No newline at end of file diff --git a/x-pack/filebeat/docs/inputs/input-http-endpoint.asciidoc b/x-pack/filebeat/docs/inputs/input-http-endpoint.asciidoc index 28c5c6dd4ecf..98bb76c125a5 100644 --- a/x-pack/filebeat/docs/inputs/input-http-endpoint.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-http-endpoint.asciidoc @@ -142,6 +142,7 @@ Validate webhook endpoint for a specific provider using CRC secret.header: someheadername secret.value: secretheadertoken crc.provider: webhookProvider + crc.secret: secretToken ---- Validate a HMAC signature from a specific header @@ -273,6 +274,11 @@ This option copies the raw unmodified body of the incoming request to the event. This option defines the provider of the webhook that uses CRC (Challenge-Response Check) for validating the endpoint. The HTTP endpoint input is responsible for ensuring the authenticity of incoming webhook requests by generating and verifying a unique token. By specifying the `crc.provider`, you ensure that the system correctly handles the specific CRC validation process required by the chosen provider. +[float] +==== `crc.secret` + +The secret token provided by the webhook owner for the CRC validation. It is required when a `crc.provider` is set. + [id="{beatname_lc}-input-{type}-common-options"] include::../../../../filebeat/docs/inputs/input-common-options.asciidoc[] diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 4c6147ce3925..f63264412871 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -2558,8 +2558,14 @@ filebeat.modules: # The header Zoom uses to send its secret token, defaults to "Authorization" #secret.header: Authorization - # The secret token value created by Zoom - #secret.value: ZOOMTOKEN + # The custom secret token value created when configuring the Zoom webhook + #secret.value: my-custom-value + + # Enable the CRC webhook validation + #crc.enabled: false + + # The secret token value provided by Zoom for CRC validation + #crc.secret: ZOOMSECRETTOKEN #----------------------------- Zscaler NSS Module ----------------------------- - module: zscaler diff --git a/x-pack/filebeat/input/awss3/config.go b/x-pack/filebeat/input/awss3/config.go index 7297425c5742..6d2517e53efc 100644 --- a/x-pack/filebeat/input/awss3/config.go +++ b/x-pack/filebeat/input/awss3/config.go @@ -27,6 +27,7 @@ type config struct { SQSScript *scriptConfig `config:"sqs.notification_parsing_script"` MaxNumberOfMessages int `config:"max_number_of_messages"` QueueURL string `config:"queue_url"` + RegionName string `config:"region"` BucketARN string `config:"bucket_arn"` NonAWSBucketName string `config:"non_aws_bucket_name"` BucketListInterval time.Duration `config:"bucket_list_interval"` diff --git a/x-pack/filebeat/input/awss3/config_test.go b/x-pack/filebeat/input/awss3/config_test.go index 9606ff1445ad..880412ad377f 100644 --- a/x-pack/filebeat/input/awss3/config_test.go +++ b/x-pack/filebeat/input/awss3/config_test.go @@ -57,41 +57,41 @@ func TestConfig(t *testing.T) { nonAWSS3Bucket string config mapstr.M expectedErr string - expectedCfg func(queueURL, s3Bucket string, nonAWSS3Bucket string) config + expectedCfg func(queueURL, s3Bucket, nonAWSS3Bucket string) config }{ { - "input with defaults for queueURL", - queueURL, - "", - "", - mapstr.M{ + name: "input with defaults for queueURL", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, }, - "", - makeConfig, + expectedErr: "", + expectedCfg: makeConfig, }, { - "input with defaults for s3Bucket", - "", - s3Bucket, - "", - mapstr.M{ + name: "input with defaults for s3Bucket", + queueURL: "", + s3Bucket: s3Bucket, + nonAWSS3Bucket: "", + config: mapstr.M{ "bucket_arn": s3Bucket, "number_of_workers": 5, }, - "", - func(queueURL, s3Bucket string, nonAWSS3Bucket string) config { + expectedErr: "", + expectedCfg: func(queueURL, s3Bucket, nonAWSS3Bucket string) config { c := makeConfig("", s3Bucket, "") c.NumberOfWorkers = 5 return c }, }, { - "input with file_selectors", - queueURL, - "", - "", - mapstr.M{ + name: "input with file_selectors", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, "file_selectors": []mapstr.M{ { @@ -99,8 +99,8 @@ func TestConfig(t *testing.T) { }, }, }, - "", - func(queueURL, s3Bucket string, nonAWSS3Bucket string) config { + expectedErr: "", + expectedCfg: func(queueURL, s3Bucket, nonAWSS3Bucket string) config { c := makeConfig(queueURL, "", "") regex := match.MustCompile("/CloudTrail/") c.FileSelectors = []fileSelectorConfig{ @@ -113,283 +113,353 @@ func TestConfig(t *testing.T) { }, }, { - "error on no queueURL and s3Bucket and nonAWSS3Bucket", - "", - "", - "", - mapstr.M{ + name: "non-AWS_endpoint_with_explicit_region", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ + "queue_url": queueURL, + "region": "region", + "endpoint": "ep", + }, + expectedErr: "", + expectedCfg: func(queueURL, s3Bucket, nonAWSS3Bucket string) config { + c := makeConfig(queueURL, "", "") + c.RegionName = "region" + c.AWSConfig.Endpoint = "ep" + return c + }, + }, + { + name: "explicit_AWS_endpoint_with_explicit_region", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ + "queue_url": "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + "region": "region", + "endpoint": "amazonaws.com", + }, + expectedErr: "", + expectedCfg: func(queueURL, s3Bucket, nonAWSS3Bucket string) config { + c := makeConfig(queueURL, "", "") + c.QueueURL = "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs" + c.AWSConfig.Endpoint = "amazonaws.com" + c.RegionName = "region" + return c + }, + }, + { + name: "inferred_AWS_endpoint_with_explicit_region", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ + "queue_url": "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + "region": "region", + }, + expectedErr: "", + expectedCfg: func(queueURL, s3Bucket, nonAWSS3Bucket string) config { + c := makeConfig(queueURL, "", "") + c.QueueURL = "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs" + c.RegionName = "region" + return c + }, + }, + { + name: "localstack_with_region_name", + queueURL: "http://localhost:4566/000000000000/sample-queue", + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ + "queue_url": "http://localhost:4566/000000000000/sample-queue", + "region": "myregion", + }, + expectedErr: "", + expectedCfg: func(queueURL, s3Bucket, nonAWSS3Bucket string) config { + c := makeConfig(queueURL, "", "") + c.RegionName = "myregion" + return c + }, + }, + { + name: "error on no queueURL and s3Bucket and nonAWSS3Bucket", + queueURL: "", + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": "", "bucket_arn": "", "non_aws_bucket_name": "", }, - "neither queue_url, bucket_arn nor non_aws_bucket_name were provided", - nil, + expectedErr: "neither queue_url, bucket_arn nor non_aws_bucket_name were provided", + expectedCfg: nil, }, { - "error on both queueURL and s3Bucket", - queueURL, - s3Bucket, - "", - mapstr.M{ + name: "error on both queueURL and s3Bucket", + queueURL: queueURL, + s3Bucket: s3Bucket, + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, "bucket_arn": s3Bucket, }, - "queue_url , bucket_arn , non_aws_bucket_name <> cannot be set at the same time", - nil, + expectedErr: "queue_url , bucket_arn , non_aws_bucket_name <> cannot be set at the same time", + expectedCfg: nil, }, { - "error on both queueURL and NonAWSS3Bucket", - queueURL, - "", - nonAWSS3Bucket, - mapstr.M{ + name: "error on both queueURL and NonAWSS3Bucket", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: nonAWSS3Bucket, + config: mapstr.M{ "queue_url": queueURL, "non_aws_bucket_name": nonAWSS3Bucket, }, - "queue_url , bucket_arn <>, non_aws_bucket_name cannot be set at the same time", - nil, + expectedErr: "queue_url , bucket_arn <>, non_aws_bucket_name cannot be set at the same time", + expectedCfg: nil, }, { - "error on both s3Bucket and NonAWSS3Bucket", - "", - s3Bucket, - nonAWSS3Bucket, - mapstr.M{ + name: "error on both s3Bucket and NonAWSS3Bucket", + queueURL: "", + s3Bucket: s3Bucket, + nonAWSS3Bucket: nonAWSS3Bucket, + config: mapstr.M{ "bucket_arn": s3Bucket, "non_aws_bucket_name": nonAWSS3Bucket, }, - "queue_url <>, bucket_arn , non_aws_bucket_name cannot be set at the same time", - nil, + expectedErr: "queue_url <>, bucket_arn , non_aws_bucket_name cannot be set at the same time", + expectedCfg: nil, }, { - "error on queueURL, s3Bucket, and NonAWSS3Bucket", - queueURL, - s3Bucket, - nonAWSS3Bucket, - mapstr.M{ + name: "error on queueURL, s3Bucket, and NonAWSS3Bucket", + queueURL: queueURL, + s3Bucket: s3Bucket, + nonAWSS3Bucket: nonAWSS3Bucket, + config: mapstr.M{ "queue_url": queueURL, "bucket_arn": s3Bucket, "non_aws_bucket_name": nonAWSS3Bucket, }, - "queue_url , bucket_arn , non_aws_bucket_name cannot be set at the same time", - nil, + expectedErr: "queue_url , bucket_arn , non_aws_bucket_name cannot be set at the same time", + expectedCfg: nil, }, { - "error on api_timeout == 0", - queueURL, - "", - "", - mapstr.M{ + name: "error on api_timeout == 0", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, "api_timeout": "0", }, - "api_timeout <0s> must be greater than the sqs.wait_time <20s", - nil, + expectedErr: "api_timeout <0s> must be greater than the sqs.wait_time <20s", + expectedCfg: nil, }, { - "error on visibility_timeout == 0", - queueURL, - "", - "", - mapstr.M{ + name: "error on visibility_timeout == 0", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, "visibility_timeout": "0", }, - "visibility_timeout <0s> must be greater than 0 and less than or equal to 12h", - nil, + expectedErr: "visibility_timeout <0s> must be greater than 0 and less than or equal to 12h", + expectedCfg: nil, }, { - "error on visibility_timeout > 12h", - queueURL, - "", - "", - mapstr.M{ + name: "error on visibility_timeout > 12h", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, "visibility_timeout": "12h1ns", }, - "visibility_timeout <12h0m0.000000001s> must be greater than 0 and less than or equal to 12h", - nil, + expectedErr: "visibility_timeout <12h0m0.000000001s> must be greater than 0 and less than or equal to 12h", + expectedCfg: nil, }, { - "error on bucket_list_interval == 0", - "", - s3Bucket, - "", - mapstr.M{ + name: "error on bucket_list_interval == 0", + queueURL: "", + s3Bucket: s3Bucket, + nonAWSS3Bucket: "", + config: mapstr.M{ "bucket_arn": s3Bucket, "bucket_list_interval": "0", }, - "bucket_list_interval <0s> must be greater than 0", - nil, + expectedErr: "bucket_list_interval <0s> must be greater than 0", + expectedCfg: nil, }, { - "error on number_of_workers == 0", - "", - s3Bucket, - "", - mapstr.M{ + name: "error on number_of_workers == 0", + queueURL: "", + s3Bucket: s3Bucket, + nonAWSS3Bucket: "", + config: mapstr.M{ "bucket_arn": s3Bucket, "number_of_workers": "0", }, - "number_of_workers <0> must be greater than 0", - nil, + expectedErr: "number_of_workers <0> must be greater than 0", + expectedCfg: nil, }, { - "error on max_number_of_messages == 0", - queueURL, - "", - "", - mapstr.M{ + name: "error on max_number_of_messages == 0", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, "max_number_of_messages": "0", }, - "max_number_of_messages <0> must be greater than 0", - nil, + expectedErr: "max_number_of_messages <0> must be greater than 0", + expectedCfg: nil, }, { - "error on buffer_size == 0 ", - queueURL, - "", - "", - mapstr.M{ + name: "error on buffer_size == 0 ", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, "buffer_size": "0", }, - "buffer_size <0> must be greater than 0", - nil, + expectedErr: "buffer_size <0> must be greater than 0", + expectedCfg: nil, }, { - "error on max_bytes == 0 ", - queueURL, - "", - "", - mapstr.M{ + name: "error on max_bytes == 0 ", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, "max_bytes": "0", }, - "max_bytes <0> must be greater than 0", - nil, + expectedErr: "max_bytes <0> must be greater than 0", + expectedCfg: nil, }, { - "error on expand_event_list_from_field and content_type != application/json ", - queueURL, - "", - "", - mapstr.M{ + name: "error on expand_event_list_from_field and content_type != application/json ", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, "expand_event_list_from_field": "Records", "content_type": "text/plain", }, - "content_type must be `application/json` when expand_event_list_from_field is used", - nil, + expectedErr: "content_type must be `application/json` when expand_event_list_from_field is used", + expectedCfg: nil, }, { - "error on expand_event_list_from_field and content_type != application/json ", - "", - s3Bucket, - "", - mapstr.M{ + name: "error on expand_event_list_from_field and content_type != application/json ", + queueURL: "", + s3Bucket: s3Bucket, + nonAWSS3Bucket: "", + config: mapstr.M{ "bucket_arn": s3Bucket, "expand_event_list_from_field": "Records", "content_type": "text/plain", }, - "content_type must be `application/json` when expand_event_list_from_field is used", - nil, + expectedErr: "content_type must be `application/json` when expand_event_list_from_field is used", + expectedCfg: nil, }, { - "input with defaults for non-AWS S3 Bucket", - "", - "", - nonAWSS3Bucket, - mapstr.M{ + name: "input with defaults for non-AWS S3 Bucket", + queueURL: "", + s3Bucket: "", + nonAWSS3Bucket: nonAWSS3Bucket, + config: mapstr.M{ "non_aws_bucket_name": nonAWSS3Bucket, "number_of_workers": 5, }, - "", - func(queueURL, s3Bucket string, nonAWSS3Bucket string) config { + expectedErr: "", + expectedCfg: func(queueURL, s3Bucket, nonAWSS3Bucket string) config { c := makeConfig("", "", nonAWSS3Bucket) c.NumberOfWorkers = 5 return c }, }, { - "error on FIPS with non-AWS S3 Bucket", - "", - "", - nonAWSS3Bucket, - mapstr.M{ + name: "error on FIPS with non-AWS S3 Bucket", + queueURL: "", + s3Bucket: "", + nonAWSS3Bucket: nonAWSS3Bucket, + config: mapstr.M{ "non_aws_bucket_name": nonAWSS3Bucket, "number_of_workers": 5, "fips_enabled": true, }, - "fips_enabled cannot be used with a non-AWS S3 bucket.", - nil, + expectedErr: "fips_enabled cannot be used with a non-AWS S3 bucket.", + expectedCfg: nil, }, { - "error on path_style with AWS native S3 Bucket", - "", - s3Bucket, - "", - mapstr.M{ + name: "error on path_style with AWS native S3 Bucket", + queueURL: "", + s3Bucket: s3Bucket, + nonAWSS3Bucket: "", + config: mapstr.M{ "bucket_arn": s3Bucket, "number_of_workers": 5, "path_style": true, }, - "path_style can only be used when polling non-AWS S3 services", - nil, + expectedErr: "path_style can only be used when polling non-AWS S3 services", + expectedCfg: nil, }, { - "error on path_style with AWS SQS Queue", - queueURL, - "", - "", - mapstr.M{ + name: "error on path_style with AWS SQS Queue", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, "number_of_workers": 5, "path_style": true, }, - "path_style can only be used when polling non-AWS S3 services", - nil, + expectedErr: "path_style can only be used when polling non-AWS S3 services", + expectedCfg: nil, }, { - "error on provider with AWS native S3 Bucket", - "", - s3Bucket, - "", - mapstr.M{ + name: "error on provider with AWS native S3 Bucket", + queueURL: "", + s3Bucket: s3Bucket, + nonAWSS3Bucket: "", + config: mapstr.M{ "bucket_arn": s3Bucket, "number_of_workers": 5, "provider": "asdf", }, - "provider can only be overridden when polling non-AWS S3 services", - nil, + expectedErr: "provider can only be overridden when polling non-AWS S3 services", + expectedCfg: nil, }, { - "error on provider with AWS SQS Queue", - queueURL, - "", - "", - mapstr.M{ + name: "error on provider with AWS SQS Queue", + queueURL: queueURL, + s3Bucket: "", + nonAWSS3Bucket: "", + config: mapstr.M{ "queue_url": queueURL, "number_of_workers": 5, "provider": "asdf", }, - "provider can only be overridden when polling non-AWS S3 services", - nil, + expectedErr: "provider can only be overridden when polling non-AWS S3 services", + expectedCfg: nil, }, { - "backup_to_bucket with AWS", - "", - s3Bucket, - "", - mapstr.M{ + name: "backup_to_bucket with AWS", + queueURL: "", + s3Bucket: s3Bucket, + nonAWSS3Bucket: "", + config: mapstr.M{ "bucket_arn": s3Bucket, "backup_to_bucket_arn": "arn:aws:s3:::bBucket", "backup_to_bucket_prefix": "backup", "number_of_workers": 5, }, - "", - func(queueURL, s3Bucket string, nonAWSS3Bucket string) config { + expectedErr: "", + expectedCfg: func(queueURL, s3Bucket, nonAWSS3Bucket string) config { c := makeConfig("", s3Bucket, "") c.BackupConfig.BackupToBucketArn = "arn:aws:s3:::bBucket" c.BackupConfig.BackupToBucketPrefix = "backup" @@ -398,18 +468,18 @@ func TestConfig(t *testing.T) { }, }, { - "backup_to_bucket with non-AWS", - "", - "", - nonAWSS3Bucket, - mapstr.M{ + name: "backup_to_bucket with non-AWS", + queueURL: "", + s3Bucket: "", + nonAWSS3Bucket: nonAWSS3Bucket, + config: mapstr.M{ "non_aws_bucket_name": nonAWSS3Bucket, "non_aws_backup_to_bucket_name": "bBucket", "backup_to_bucket_prefix": "backup", "number_of_workers": 5, }, - "", - func(queueURL, s3Bucket string, nonAWSS3Bucket string) config { + expectedErr: "", + expectedCfg: func(queueURL, s3Bucket, nonAWSS3Bucket string) config { c := makeConfig("", "", nonAWSS3Bucket) c.NonAWSBucketName = nonAWSS3Bucket c.BackupConfig.NonAWSBackupToBucketName = "bBucket" @@ -419,86 +489,86 @@ func TestConfig(t *testing.T) { }, }, { - "error with non-AWS backup and AWS source", - "", - s3Bucket, - "", - mapstr.M{ + name: "error with non-AWS backup and AWS source", + queueURL: "", + s3Bucket: s3Bucket, + nonAWSS3Bucket: "", + config: mapstr.M{ "bucket_arn": s3Bucket, "non_aws_backup_to_bucket_name": "bBucket", "number_of_workers": 5, }, - "backup to non-AWS bucket can only be used for non-AWS sources", - nil, + expectedErr: "backup to non-AWS bucket can only be used for non-AWS sources", + expectedCfg: nil, }, { - "error with AWS backup and non-AWS source", - "", - "", - nonAWSS3Bucket, - mapstr.M{ + name: "error with AWS backup and non-AWS source", + queueURL: "", + s3Bucket: "", + nonAWSS3Bucket: nonAWSS3Bucket, + config: mapstr.M{ "non_aws_bucket_name": nonAWSS3Bucket, "backup_to_bucket_arn": "arn:aws:s3:::bBucket", "number_of_workers": 5, }, - "backup to AWS bucket can only be used for AWS sources", - nil, + expectedErr: "backup to AWS bucket can only be used for AWS sources", + expectedCfg: nil, }, { - "error with same bucket backup and empty backup prefix", - "", - s3Bucket, - "", - mapstr.M{ + name: "error with same bucket backup and empty backup prefix", + queueURL: "", + s3Bucket: s3Bucket, + nonAWSS3Bucket: "", + config: mapstr.M{ "bucket_arn": s3Bucket, "backup_to_bucket_arn": s3Bucket, "number_of_workers": 5, }, - "backup_to_bucket_prefix is a required property when source and backup bucket are the same", - nil, + expectedErr: "backup_to_bucket_prefix is a required property when source and backup bucket are the same", + expectedCfg: nil, }, { - "error with same bucket backup (non-AWS) and empty backup prefix", - "", - "", - nonAWSS3Bucket, - mapstr.M{ + name: "error with same bucket backup (non-AWS) and empty backup prefix", + queueURL: "", + s3Bucket: "", + nonAWSS3Bucket: nonAWSS3Bucket, + config: mapstr.M{ "non_aws_bucket_name": nonAWSS3Bucket, "non_aws_backup_to_bucket_name": nonAWSS3Bucket, "number_of_workers": 5, }, - "backup_to_bucket_prefix is a required property when source and backup bucket are the same", - nil, + expectedErr: "backup_to_bucket_prefix is a required property when source and backup bucket are the same", + expectedCfg: nil, }, { - "error with same bucket backup and backup prefix equal to list prefix", - "", - s3Bucket, - "", - mapstr.M{ + name: "error with same bucket backup and backup prefix equal to list prefix", + queueURL: "", + s3Bucket: s3Bucket, + nonAWSS3Bucket: "", + config: mapstr.M{ "bucket_arn": s3Bucket, "backup_to_bucket_arn": s3Bucket, "number_of_workers": 5, "backup_to_bucket_prefix": "processed_", "bucket_list_prefix": "processed_", }, - "backup_to_bucket_prefix cannot be the same as bucket_list_prefix, this will create an infinite loop", - nil, + expectedErr: "backup_to_bucket_prefix cannot be the same as bucket_list_prefix, this will create an infinite loop", + expectedCfg: nil, }, { - "error with same bucket backup (non-AWS) and backup prefix equal to list prefix", - "", - "", - nonAWSS3Bucket, - mapstr.M{ + name: "error with same bucket backup (non-AWS) and backup prefix equal to list prefix", + queueURL: "", + s3Bucket: "", + nonAWSS3Bucket: nonAWSS3Bucket, + config: mapstr.M{ "non_aws_bucket_name": nonAWSS3Bucket, "non_aws_backup_to_bucket_name": nonAWSS3Bucket, "number_of_workers": 5, "backup_to_bucket_prefix": "processed_", "bucket_list_prefix": "processed_", }, - "backup_to_bucket_prefix cannot be the same as bucket_list_prefix, this will create an infinite loop", - nil, + expectedErr: "backup_to_bucket_prefix cannot be the same as bucket_list_prefix, this will create an infinite loop", + expectedCfg: nil, }, } diff --git a/x-pack/filebeat/input/awss3/input.go b/x-pack/filebeat/input/awss3/input.go index 6b76108b0e17..4f45f9141445 100644 --- a/x-pack/filebeat/input/awss3/input.go +++ b/x-pack/filebeat/input/awss3/input.go @@ -115,11 +115,15 @@ func (in *s3Input) Run(inputContext v2.Context, pipeline beat.Pipeline) error { defer cancelInputCtx() if in.config.QueueURL != "" { - regionName, err := getRegionFromQueueURL(in.config.QueueURL, in.config.AWSConfig.Endpoint) - if err != nil { + regionName, err := getRegionFromQueueURL(in.config.QueueURL, in.config.AWSConfig.Endpoint, in.config.RegionName) + if err != nil && in.config.RegionName == "" { return fmt.Errorf("failed to get AWS region from queue_url: %w", err) } - + if regionName != in.config.RegionName { + inputContext.Logger.Warnf("configured region disagrees with queue_url region: %q != %q: using %[1]q", + in.config.RegionName, regionName) + regionName = in.config.RegionName + } in.awsConfig.Region = regionName // Create SQS receiver and S3 notification processor. @@ -300,20 +304,26 @@ func (in *s3Input) createS3Lister(ctx v2.Context, cancelCtx context.Context, cli return s3Poller, nil } -func getRegionFromQueueURL(queueURL string, endpoint string) (string, error) { +var errBadQueueURL = errors.New("QueueURL is not in format: https://sqs.{REGION_ENDPOINT}.{ENDPOINT}/{ACCOUNT_NUMBER}/{QUEUE_NAME}") + +func getRegionFromQueueURL(queueURL string, endpoint, defaultRegion string) (string, error) { // get region from queueURL // Example: https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs - url, err := url.Parse(queueURL) + u, err := url.Parse(queueURL) if err != nil { return "", fmt.Errorf(queueURL + " is not a valid URL") } - if url.Scheme == "https" && url.Host != "" { - queueHostSplit := strings.Split(url.Host, ".") - if len(queueHostSplit) > 2 && (strings.Join(queueHostSplit[2:], ".") == endpoint || (endpoint == "" && queueHostSplit[2] == "amazonaws")) { - return queueHostSplit[1], nil + if (u.Scheme == "https" || u.Scheme == "http") && u.Host != "" { + queueHostSplit := strings.SplitN(u.Host, ".", 3) + if len(queueHostSplit) == 3 { + if queueHostSplit[2] == endpoint || (endpoint == "" && strings.HasPrefix(queueHostSplit[2], "amazonaws.")) { + return queueHostSplit[1], nil + } + } else if defaultRegion != "" { + return defaultRegion, nil } } - return "", fmt.Errorf("QueueURL is not in format: https://sqs.{REGION_ENDPOINT}.{ENDPOINT}/{ACCOUNT_NUMBER}/{QUEUE_NAME}") + return "", errBadQueueURL } func getRegionForBucket(ctx context.Context, s3Client *s3.Client, bucketName string) (string, error) { diff --git a/x-pack/filebeat/input/awss3/input_test.go b/x-pack/filebeat/input/awss3/input_test.go index 953e8388fc0e..02a91022f5ee 100644 --- a/x-pack/filebeat/input/awss3/input_test.go +++ b/x-pack/filebeat/input/awss3/input_test.go @@ -5,35 +5,121 @@ package awss3 import ( + "errors" "testing" "github.com/stretchr/testify/assert" ) func TestGetProviderFromDomain(t *testing.T) { - assert.Equal(t, "aws", getProviderFromDomain("", "")) - assert.Equal(t, "aws", getProviderFromDomain("c2s.ic.gov", "")) - assert.Equal(t, "abc", getProviderFromDomain("abc.com", "abc")) - assert.Equal(t, "xyz", getProviderFromDomain("oraclecloud.com", "xyz")) - assert.Equal(t, "aws", getProviderFromDomain("amazonaws.com", "")) - assert.Equal(t, "aws", getProviderFromDomain("c2s.sgov.gov", "")) - assert.Equal(t, "aws", getProviderFromDomain("c2s.ic.gov", "")) - assert.Equal(t, "aws", getProviderFromDomain("amazonaws.com.cn", "")) - assert.Equal(t, "backblaze", getProviderFromDomain("https://backblazeb2.com", "")) - assert.Equal(t, "cloudflare", getProviderFromDomain("https://1234567890.r2.cloudflarestorage.com", "")) - assert.Equal(t, "wasabi", getProviderFromDomain("https://wasabisys.com", "")) - assert.Equal(t, "digitalocean", getProviderFromDomain("https://digitaloceanspaces.com", "")) - assert.Equal(t, "dreamhost", getProviderFromDomain("https://dream.io", "")) - assert.Equal(t, "scaleway", getProviderFromDomain("https://scw.cloud", "")) - assert.Equal(t, "gcp", getProviderFromDomain("https://googleapis.com", "")) - assert.Equal(t, "arubacloud", getProviderFromDomain("https://cloud.it", "")) - assert.Equal(t, "linode", getProviderFromDomain("https://linodeobjects.com", "")) - assert.Equal(t, "vultr", getProviderFromDomain("https://vultrobjects.com", "")) - assert.Equal(t, "ibm", getProviderFromDomain("https://appdomain.cloud", "")) - assert.Equal(t, "alibaba", getProviderFromDomain("https://aliyuncs.com", "")) - assert.Equal(t, "oracle", getProviderFromDomain("https://oraclecloud.com", "")) - assert.Equal(t, "exoscale", getProviderFromDomain("https://exo.io", "")) - assert.Equal(t, "upcloud", getProviderFromDomain("https://upcloudobjects.com", "")) - assert.Equal(t, "iland", getProviderFromDomain("https://ilandcloud.com", "")) - assert.Equal(t, "zadara", getProviderFromDomain("https://zadarazios.com", "")) + tests := []struct { + endpoint string + override string + want string + }{ + {endpoint: "", override: "", want: "aws"}, + {endpoint: "c2s.ic.gov", want: "aws"}, + {endpoint: "abc.com", override: "abc", want: "abc"}, + {endpoint: "oraclecloud.com", override: "xyz", want: "xyz"}, + {endpoint: "amazonaws.com", want: "aws"}, + {endpoint: "c2s.sgov.gov", want: "aws"}, + {endpoint: "c2s.ic.gov", want: "aws"}, + {endpoint: "amazonaws.com.cn", want: "aws"}, + {endpoint: "https://backblazeb2.com", want: "backblaze"}, + {endpoint: "https://1234567890.r2.cloudflarestorage.com", want: "cloudflare"}, + {endpoint: "https://wasabisys.com", want: "wasabi"}, + {endpoint: "https://digitaloceanspaces.com", want: "digitalocean"}, + {endpoint: "https://dream.io", want: "dreamhost"}, + {endpoint: "https://scw.cloud", want: "scaleway"}, + {endpoint: "https://googleapis.com", want: "gcp"}, + {endpoint: "https://cloud.it", want: "arubacloud"}, + {endpoint: "https://linodeobjects.com", want: "linode"}, + {endpoint: "https://vultrobjects.com", want: "vultr"}, + {endpoint: "https://appdomain.cloud", want: "ibm"}, + {endpoint: "https://aliyuncs.com", want: "alibaba"}, + {endpoint: "https://oraclecloud.com", want: "oracle"}, + {endpoint: "https://exo.io", want: "exoscale"}, + {endpoint: "https://upcloudobjects.com", want: "upcloud"}, + {endpoint: "https://ilandcloud.com", want: "iland"}, + {endpoint: "https://zadarazios.com", want: "zadara"}, + } + + for _, test := range tests { + assert.Equal(t, test.want, getProviderFromDomain(test.endpoint, test.override), + "for endpoint=%q and override=%q", test.endpoint, test.override) + } +} + +func TestGetRegionFromQueueURL(t *testing.T) { + tests := []struct { + name string + queueURL string + endpoint string + deflt string + want string + wantErr error + }{ + { + name: "amazonaws.com_domain_with_blank_endpoint", + queueURL: "https://sqs.us-east-1.amazonaws.com/627959692251/test-s3-logs", + want: "us-east-1", + }, + { + name: "abc.xyz_and_domain_with_matching_endpoint", + queueURL: "https://sqs.us-east-1.abc.xyz/627959692251/test-s3-logs", + endpoint: "abc.xyz", + want: "us-east-1", + }, + { + name: "abc.xyz_and_domain_with_blank_endpoint", + queueURL: "https://sqs.us-east-1.abc.xyz/627959692251/test-s3-logs", + wantErr: errBadQueueURL, + }, + { + name: "abc.xyz_and_domain_with_different_endpoint", + queueURL: "https://sqs.us-east-1.abc.xyz/627959692251/test-s3-logs", + endpoint: "googlecloud.com", + wantErr: errBadQueueURL, + }, + { + name: "localstack", + queueURL: "http://localhost:4566/000000000000/filebeat-s3-integtest-d9clk9", + deflt: "localstack", + want: "localstack", + }, + { + name: "localstack_sns", + queueURL: "http://localhost:4566/000000000000/filebeat-s3-integtest-sns-d9clk9", + deflt: "localstack_sns", + want: "localstack_sns", + }, + { + name: "invalid_queue_url", + queueURL: ":foo", + wantErr: errors.New(":foo is not a valid URL"), + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + got, err := getRegionFromQueueURL(test.queueURL, test.endpoint, test.deflt) + if !sameError(err, test.wantErr) { + t.Errorf("unexpected error: got:%v want:%v", err, test.wantErr) + } + if got != test.want { + t.Errorf("unexpected result: got:%q want:%q", got, test.want) + } + }) + } +} + +func sameError(a, b error) bool { + switch { + case a == nil && b == nil: + return true + case a == nil, b == nil: + return false + default: + return a.Error() == b.Error() + } } diff --git a/x-pack/filebeat/input/awss3/s3_objects.go b/x-pack/filebeat/input/awss3/s3_objects.go index 933a6c41a8e9..eb9d9a7eddb5 100644 --- a/x-pack/filebeat/input/awss3/s3_objects.go +++ b/x-pack/filebeat/input/awss3/s3_objects.go @@ -234,14 +234,18 @@ func (p *s3ObjectProcessor) readJSON(r io.Reader) error { } func (p *s3ObjectProcessor) splitEventList(key string, raw json.RawMessage, offset int64, objHash string) error { - var jsonObject map[string]json.RawMessage - if err := json.Unmarshal(raw, &jsonObject); err != nil { - return err - } + // .[] signifies the root object is an array, and it should be split. + if key != ".[]" { + var jsonObject map[string]json.RawMessage + if err := json.Unmarshal(raw, &jsonObject); err != nil { + return err + } - raw, found := jsonObject[key] - if !found { - return fmt.Errorf("expand_event_list_from_field key <%v> is not in event", key) + var found bool + raw, found = jsonObject[key] + if !found { + return fmt.Errorf("expand_event_list_from_field key <%v> is not in event", key) + } } dec := json.NewDecoder(bytes.NewReader(raw)) diff --git a/x-pack/filebeat/input/awss3/s3_objects_test.go b/x-pack/filebeat/input/awss3/s3_objects_test.go index 61b6124cd9a0..a1e7e4f0b81c 100644 --- a/x-pack/filebeat/input/awss3/s3_objects_test.go +++ b/x-pack/filebeat/input/awss3/s3_objects_test.go @@ -113,6 +113,16 @@ func TestS3ObjectProcessor(t *testing.T) { testProcessS3ObjectError(t, "testdata/events-array.json", "application/json", 0, sel) }) + t.Run("split array with expand_event_list_from_field equals .[]", func(t *testing.T) { + sel := fileSelectorConfig{ReaderConfig: readerConfig{ExpandEventListFromField: ".[]"}} + testProcessS3Object(t, "testdata/array.json", "application/json", 2, sel) + }) + + t.Run("split array without expand_event_list_from_field", func(t *testing.T) { + sel := fileSelectorConfig{ReaderConfig: readerConfig{ExpandEventListFromField: ""}} + testProcessS3Object(t, "testdata/array.json", "application/json", 1, sel) + }) + t.Run("events have a unique repeatable _id", func(t *testing.T) { // Hash of bucket ARN, object key, object versionId, and log offset. events := testProcessS3Object(t, "testdata/log.txt", "text/plain", 2) diff --git a/x-pack/filebeat/input/awss3/testdata/array.json b/x-pack/filebeat/input/awss3/testdata/array.json new file mode 100644 index 000000000000..8d22df6aeb8a --- /dev/null +++ b/x-pack/filebeat/input/awss3/testdata/array.json @@ -0,0 +1,10 @@ +[ + { + "time": "2021-05-25 18:20:58 UTC", + "msg": "hello" + }, + { + "time": "2021-05-26 22:21:40 UTC", + "msg": "world" + } +] diff --git a/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/okta.go b/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/okta.go new file mode 100644 index 000000000000..ff000520b2c1 --- /dev/null +++ b/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/okta.go @@ -0,0 +1,334 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Package okta provides Okta API support. +package okta + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net/http" + "net/url" + "path" + "strconv" + "strings" + "time" + + "golang.org/x/time/rate" +) + +// ISO8601 is the time format accepted by Okta queries. +const ISO8601 = "2006-01-02T15:04:05.000Z" + +// User is an Okta user's details. +// +// See https://developer.okta.com/docs/reference/api/users/#user-properties for details. +type User struct { + ID string `json:"id"` + Status string `json:"status"` + Created time.Time `json:"created"` + Activated time.Time `json:"activated"` + StatusChanged *time.Time `json:"statusChanged,omitempty"` + LastLogin *time.Time `json:"lastLogin,omitempty"` + LastUpdated time.Time `json:"lastUpdated"` + PasswordChanged *time.Time `json:"passwordChanged,omitempty"` + Type map[string]any `json:"type"` + TransitioningToStatus *string `json:"transitioningToStatus,omitempty"` + Profile Profile `json:"profile"` + Credentials *Credentials `json:"credentials,omitempty"` + Links HAL `json:"_links,omitempty"` // See https://developer.okta.com/docs/reference/api/users/#links-object for details. + Embedded HAL `json:"_embedded,omitempty"` +} + +// HAL is a JSON Hypertext Application Language object. +// +// See https://datatracker.ietf.org/doc/html/draft-kelly-json-hal-06 for details. +type HAL map[string]any + +// Profile is an Okta user's profile. +// +// See https://developer.okta.com/docs/reference/api/users/#profile-object for details. +type Profile struct { + Login string `json:"login"` + Email string `json:"email"` + SecondEmail *string `json:"secondEmail,omitempty"` + FirstName *string `json:"firstName,omitempty"` + LastName *string `json:"lastName,omitempty"` + MiddleName *string `json:"middleName,omitempty"` + HonorificPrefix *string `json:"honorificPrefix,omitempty"` + HonorificSuffix *string `json:"honorificSuffix,omitempty"` + Title *string `json:"title,omitempty"` + DisplayName *string `json:"displayName,omitempty"` + NickName *string `json:"nickName,omitempty"` + ProfileUrl *string `json:"profileUrl,omitempty"` + PrimaryPhone *string `json:"primaryPhone,omitempty"` + MobilePhone *string `json:"mobilePhone,omitempty"` + StreetAddress *string `json:"streetAddress,omitempty"` + City *string `json:"city,omitempty"` + State *string `json:"state,omitempty"` + ZipCode *string `json:"zipCode,omitempty"` + CountryCode *string `json:"countryCode,omitempty"` + PostalAddress *string `json:"postalAddress,omitempty"` + PreferredLanguage *string `json:"preferredLanguage,omitempty"` + Locale *string `json:"locale,omitempty"` + Timezone *string `json:"timezone,omitempty"` + UserType *string `json:"userType,omitempty"` + EmployeeNumber *string `json:"employeeNumber,omitempty"` + CostCenter *string `json:"costCenter,omitempty"` + Organization *string `json:"organization,omitempty"` + Division *string `json:"division,omitempty"` + Department *string `json:"department,omitempty"` + ManagerId *string `json:"managerId,omitempty"` + Manager *string `json:"manager,omitempty"` +} + +// Credentials is a redacted Okta user's credential details. Only the credential provider is retained. +// +// See https://developer.okta.com/docs/reference/api/users/#credentials-object for details. +type Credentials struct { + Password *struct{} `json:"password,omitempty"` // Contains "value"; omit but mark. + RecoveryQuestion *struct{} `json:"recovery_question,omitempty"` // Contains "question" and "answer"; omit but mark. + Provider Provider `json:"provider"` +} + +// Provider is an Okta credential provider. +// +// See https://developer.okta.com/docs/reference/api/users/#provider-object for details. +type Provider struct { + Type string `json:"type"` + Name *string `json:"name,omitempty"` +} + +// Response is a set of omit options specifying a part of the response to omit. +// +// See https://developer.okta.com/docs/reference/api/users/#content-type-header-fields-2 for details. +type Response uint8 + +const ( + // Omit the credentials sub-object from the response. + OmitCredentials Response = 1 << iota + + // Omit the following HAL links from the response: + // Change Password, Change Recovery Question, Forgot Password, Reset Password, Reset Factors, Unlock. + OmitCredentialsLinks + + // Omit the transitioningToStatus field from the response. + OmitTransitioningToStatus + + OmitNone Response = 0 +) + +var oktaResponse = [...]string{ + "omitCredentials", + "omitCredentialsLinks", + "omitTransitioningToStatus", +} + +func (o Response) String() string { + if o == OmitNone { + return "" + } + var buf strings.Builder + buf.WriteString("okta-response=") + var n int + for i, s := range &oktaResponse { + if o&(1<' })) + if err != nil { + return nil, err + } + return u.Query(), nil + } + } + } + return nil, io.EOF +} diff --git a/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/okta_test.go b/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/okta_test.go new file mode 100644 index 000000000000..0ff02bc456e6 --- /dev/null +++ b/x-pack/filebeat/input/entityanalytics/provider/okta/internal/okta/okta_test.go @@ -0,0 +1,281 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Package okta provide Okta user API support. +package okta + +import ( + "context" + "encoding/json" + "errors" + "flag" + "fmt" + "io" + "net/http" + "net/http/httptest" + "net/url" + "os" + "testing" + "time" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + "golang.org/x/time/rate" +) + +var logUsers = flag.Bool("log_user_response", false, "use to allow log users returned from the API") + +func Test(t *testing.T) { + // https://developer.okta.com/docs/reference/core-okta-api/ + host, ok := os.LookupEnv("OKTA_HOST") + if !ok { + t.Skip("okta tests require ${OKTA_HOST} to be set") + } + // https://help.okta.com/en-us/Content/Topics/Security/API.htm?cshid=Security_API#Security_API + key, ok := os.LookupEnv("OKTA_TOKEN") + if !ok { + t.Skip("okta tests require ${OKTA_TOKEN} to be set") + } + + // Make a global limiter with the capacity to proceed once. + limiter := rate.NewLimiter(1, 1) + + // There are a variety of windows, the most conservative is one minute. + // The rate limit will be adjusted on the second call to the API if + // window is actually used to rate limit calculations. + const window = time.Minute + + for _, omit := range []Response{ + OmitNone, + OmitCredentials, + } { + name := "none" + if omit != OmitNone { + name = omit.String() + } + t.Run(name, func(t *testing.T) { + var me User + t.Run("me", func(t *testing.T) { + query := make(url.Values) + query.Set("limit", "200") + users, _, err := GetUserDetails(context.Background(), http.DefaultClient, host, key, "me", query, omit, limiter, window) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if len(users) != 1 { + t.Fatalf("unexpected len(users): got:%d want:1", len(users)) + } + me = users[0] + + if omit&OmitCredentials != 0 && me.Credentials != nil { + t.Errorf("unexpected credentials with %s: %#v", omit, me.Credentials) + } + + if !*logUsers { + return + } + b, err := json.Marshal(me) + if err != nil { + t.Errorf("failed to marshal user for logging: %v", err) + } + t.Logf("user: %s", b) + }) + if t.Failed() { + return + } + + t.Run("user", func(t *testing.T) { + if me.Profile.Login == "" { + b, _ := json.Marshal(me) + t.Skipf("cannot run user test without profile.login field set: %s", b) + } + + query := make(url.Values) + query.Set("limit", "200") + users, _, err := GetUserDetails(context.Background(), http.DefaultClient, host, key, me.Profile.Login, query, omit, limiter, window) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if len(users) != 1 { + t.Fatalf("unexpected len(users): got:%d want:1", len(users)) + } + if !cmp.Equal(me, users[0]) { + t.Errorf("unexpected result:\n-'me'\n+'%s'\n%s", me.Profile.Login, cmp.Diff(me, users[0])) + } + }) + + t.Run("all", func(t *testing.T) { + query := make(url.Values) + query.Set("limit", "200") + users, _, err := GetUserDetails(context.Background(), http.DefaultClient, host, key, "", query, omit, limiter, window) + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + found := false + for _, u := range users { + if cmp.Equal(me, u, cmpopts.IgnoreFields(User{}, "Links")) { + found = true + } + } + if !found { + t.Error("failed to find 'me' in user list") + } + + if !*logUsers { + return + } + b, err := json.Marshal(users) + if err != nil { + t.Errorf("failed to marshal users for logging: %v", err) + } + t.Logf("users: %s", b) + }) + + t.Run("error", func(t *testing.T) { + query := make(url.Values) + query.Set("limit", "200") + query.Add("search", `not (status pr)`) // This cannot ever be true. + _, _, err := GetUserDetails(context.Background(), http.DefaultClient, host, key, "", query, omit, limiter, window) + oktaErr := &Error{} + if !errors.As(err, &oktaErr) { + // Don't test the value of the error since it was + // determined by observation rather than documentation. + // But log below. + t.Fatalf("expected Okta API error got: %#v", err) + } + t.Logf("actual error: %v", err) + }) + }) + } +} + +func TestLocal(t *testing.T) { + // Make a global limiter with more capacity than will be set by the mock API. + // This will show the burst drop. + limiter := rate.NewLimiter(10, 10) + + // There are a variety of windows, the most conservative is one minute. + // The rate limit will be adjusted on the second call to the API if + // window is actually used to rate limit calculations. + const window = time.Minute + + const ( + key = "token" + msg = `[{"id":"userid","status":"STATUS","created":"2023-05-14T13:37:20.000Z","activated":null,"statusChanged":"2023-05-15T01:50:30.000Z","lastLogin":"2023-05-15T01:59:20.000Z","lastUpdated":"2023-05-15T01:50:32.000Z","passwordChanged":"2023-05-15T01:50:32.000Z","type":{"id":"typeid"},"profile":{"firstName":"name","lastName":"surname","mobilePhone":null,"secondEmail":null,"login":"name.surname@example.com","email":"name.surname@example.com"},"credentials":{"password":{"value":"secret"},"emails":[{"value":"name.surname@example.com","status":"VERIFIED","type":"PRIMARY"}],"provider":{"type":"OKTA","name":"OKTA"}},"_links":{"self":{"href":"https://localhost/api/v1/users/userid"}}}]` + ) + var wantUsers []User + err := json.Unmarshal([]byte(msg), &wantUsers) + if err != nil { + t.Fatalf("failed to unmarshal user data: %v", err) + } + + ts := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + u, err := url.Parse(r.RequestURI) + if err != nil { + t.Errorf("unexpected error parsing request URI: %v", err) + } + if u.Path != "/api/v1/users" { + t.Errorf("unexpected API endpoint: got:%s want:%s", u.Path, "/api/v1/users") + } + if got := r.Header.Get("accept"); got != "application/json" { + t.Errorf("unexpected Accept header: got:%s want:%s", got, "application/json") + } + if got := r.Header.Get("authorization"); got != "SSWS "+key { + t.Errorf("unexpected Authorization header: got:%s want:%s", got, "SSWS "+key) + } + + // Leave 49 remaining, reset in one minute. + w.Header().Add("x-rate-limit-limit", "50") + w.Header().Add("x-rate-limit-remaining", "49") + w.Header().Add("x-rate-limit-reset", fmt.Sprint(time.Now().Add(time.Minute).Unix())) + + // Set next link. + w.Header().Add("link", `; rel="next"`) + + fmt.Fprintln(w, msg) + })) + defer ts.Close() + u, err := url.Parse(ts.URL) + if err != nil { + t.Errorf("failed to parse server URL: %v", err) + } + host := u.Host + + query := make(url.Values) + query.Set("limit", "200") + users, h, err := GetUserDetails(context.Background(), ts.Client(), host, key, "", query, OmitNone, limiter, window) + if err != nil { + t.Fatalf("unexpected error from GetUserDetails: %v", err) + } + + if !cmp.Equal(wantUsers, users) { + t.Errorf("unexpected result:\n- want\n+ got\n%s", cmp.Diff(wantUsers, users)) + } + + lim := limiter.Limit() + if lim < 49.0/60.0 || 50.0/60.0 < lim { + t.Errorf("unexpected rate limit (outside [49/60, 50/60]: %f", lim) + } + if limiter.Burst() != 1 { // Set in GetUserDetails. + t.Errorf("unexpected burst: got:%d want:1", limiter.Burst()) + } + + next, err := Next(h) + if err != nil { + t.Errorf("unexpected error from Next: %v", err) + } + if query := next.Encode(); query != "after=opaquevalue&limit=200" { + t.Errorf("unexpected next query: got:%s want:%s", query, "after=opaquevalue&limit=200") + } +} + +var nextTests = []struct { + header http.Header + want string + wantErr error +}{ + 0: { + header: http.Header{"Link": []string{ + `; rel="self"`, + `; rel="next"`, + }}, + want: "after=1627500044869_1&limit=20", + wantErr: nil, + }, + 1: { + header: http.Header{"Link": []string{ + `;rel="self"`, + `;rel="next"`, + }}, + want: "after=1627500044869_1&limit=20", + wantErr: nil, + }, + 2: { + header: http.Header{"Link": []string{ + `; rel = "self"`, + `; rel = "next"`, + }}, + want: "after=1627500044869_1&limit=20", + wantErr: nil, + }, + 3: { + header: http.Header{"Link": []string{ + `; rel="self"`, + }}, + want: "", + wantErr: io.EOF, + }, +} + +func TestNext(t *testing.T) { + for i, test := range nextTests { + got, err := Next(test.header) + if err != test.wantErr { + t.Errorf("unexpected ok result for %d: got:%v want:%v", i, err, test.wantErr) + } + if got.Encode() != test.want { + t.Errorf("unexpected query result for %d: got:%q want:%q", i, got.Encode(), test.want) + } + } +} diff --git a/x-pack/filebeat/input/gcppubsub/input.go b/x-pack/filebeat/input/gcppubsub/input.go index f49caf3a20aa..0ab9b907d608 100644 --- a/x-pack/filebeat/input/gcppubsub/input.go +++ b/x-pack/filebeat/input/gcppubsub/input.go @@ -19,11 +19,12 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" + "github.com/mitchellh/hashstructure" + "github.com/elastic/beats/v7/filebeat/channel" "github.com/elastic/beats/v7/filebeat/input" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common/acker" - "github.com/elastic/beats/v7/libbeat/common/atomic" "github.com/elastic/beats/v7/libbeat/version" conf "github.com/elastic/elastic-agent-libs/config" "github.com/elastic/elastic-agent-libs/logp" @@ -51,6 +52,27 @@ func init() { } } +func configID(config *conf.C) (string, error) { + var tmp struct { + ID string `config:"id"` + } + if err := config.Unpack(&tmp); err != nil { + return "", fmt.Errorf("error extracting ID: %w", err) + } + if tmp.ID != "" { + return tmp.ID, nil + } + + var h map[string]interface{} + _ = config.Unpack(&h) + id, err := hashstructure.Hash(h, nil) + if err != nil { + return "", fmt.Errorf("can not compute ID from configuration: %w", err) + } + + return fmt.Sprintf("%16X", id), nil +} + type pubsubInput struct { config @@ -63,22 +85,23 @@ type pubsubInput struct { workerOnce sync.Once // Guarantees that the worker goroutine is only started once. workerWg sync.WaitGroup // Waits on pubsub worker goroutine. - ackedCount *atomic.Uint32 // Total number of successfully ACKed pubsub messages. + metrics *inputMetrics } // NewInput creates a new Google Cloud Pub/Sub input that consumes events from // a topic subscription. -func NewInput( - cfg *conf.C, - connector channel.Connector, - inputContext input.Context, -) (inp input.Input, err error) { +func NewInput(cfg *conf.C, connector channel.Connector, inputContext input.Context) (inp input.Input, err error) { // Extract and validate the input's configuration. conf := defaultConfig() if err = cfg.Unpack(&conf); err != nil { return nil, err } + id, err := configID(cfg) + if err != nil { + return nil, err + } + logger := logp.NewLogger("gcp.pubsub").With( "pubsub_project", conf.ProjectID, "pubsub_topic", conf.Topic, @@ -99,6 +122,9 @@ func NewInput( } }() + metrics := newInputMetrics(id, nil) + defer metrics.Close() + // If the input ever needs to be made restartable, then context would need // to be recreated with each restart. workerCtx, workerCancel := context.WithCancel(inputCtx) @@ -109,7 +135,7 @@ func NewInput( inputCtx: inputCtx, workerCtx: workerCtx, workerCancel: workerCancel, - ackedCount: atomic.NewUint32(0), + metrics: metrics, } // Build outlet for events. @@ -119,8 +145,13 @@ func NewInput( for _, priv := range privates { if msg, ok := priv.(*pubsub.Message); ok { msg.Ack() - in.ackedCount.Inc() + + in.metrics.ackedMessageCount.Inc() + in.metrics.bytesProcessedTotal.Add(uint64(len(msg.Data))) + in.metrics.processingTime.Update(time.Since(msg.PublishTime).Nanoseconds()) + in.log.Error("ACKing pub/sub event") } else { + in.metrics.failedAckedMessageCount.Inc() in.log.Error("Failed ACKing pub/sub event") } } @@ -194,6 +225,7 @@ func (in *pubsubInput) run() error { return sub.Receive(ctx, func(ctx context.Context, msg *pubsub.Message) { if ok := in.outlet.OnEvent(makeEvent(topicID, msg)); !ok { msg.Nack() + in.metrics.nackedMessageCount.Inc() in.log.Debug("OnEvent returned false. Stopping input worker.") cancel() } diff --git a/x-pack/filebeat/input/gcppubsub/metrics.go b/x-pack/filebeat/input/gcppubsub/metrics.go new file mode 100644 index 000000000000..a0968d40bc56 --- /dev/null +++ b/x-pack/filebeat/input/gcppubsub/metrics.go @@ -0,0 +1,48 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package gcppubsub + +import ( + "github.com/rcrowley/go-metrics" + + "github.com/elastic/beats/v7/libbeat/monitoring/inputmon" + "github.com/elastic/elastic-agent-libs/monitoring" + "github.com/elastic/elastic-agent-libs/monitoring/adapter" +) + +// inputMetrics handles the input's metric reporting. +type inputMetrics struct { + unregister func() + + ackedMessageCount *monitoring.Uint // Number of successfully ACKed messages. + failedAckedMessageCount *monitoring.Uint // Number of failed ACKed messages. + nackedMessageCount *monitoring.Uint // Number of NACKed messages. + bytesProcessedTotal *monitoring.Uint // Number of bytes processed. + processingTime metrics.Sample // Histogram of the elapsed time for processing an event in nanoseconds. +} + +func newInputMetrics(id string, optionalParent *monitoring.Registry) *inputMetrics { + reg, unreg := inputmon.NewInputRegistry(inputName, id, optionalParent) + + out := &inputMetrics{ + unregister: unreg, + ackedMessageCount: monitoring.NewUint(reg, "acked_message_total"), + failedAckedMessageCount: monitoring.NewUint(reg, "failed_acked_message_total"), + nackedMessageCount: monitoring.NewUint(reg, "nacked_message_total"), + bytesProcessedTotal: monitoring.NewUint(reg, "bytes_processed_total"), + processingTime: metrics.NewUniformSample(1024), + } + _ = adapter.NewGoMetrics(reg, "processing_time", adapter.Accept). + Register("histogram", metrics.NewHistogram(out.processingTime)) + + return out +} + +func (m *inputMetrics) Close() { + if m == nil { + return + } + m.unregister() +} diff --git a/x-pack/filebeat/input/gcppubsub/pubsub_test.go b/x-pack/filebeat/input/gcppubsub/pubsub_test.go index 123738102d29..5a20831bf814 100644 --- a/x-pack/filebeat/input/gcppubsub/pubsub_test.go +++ b/x-pack/filebeat/input/gcppubsub/pubsub_test.go @@ -460,6 +460,9 @@ func TestEndToEndACK(t *testing.T) { _, exists := got[id] assert.True(t, exists) } + + assert.EqualValues(t, input.metrics.ackedMessageCount.Get(), len(seen)) + input.Stop() out.Close() if err := group.Wait(); err != nil { diff --git a/x-pack/filebeat/input/gcs/input.go b/x-pack/filebeat/input/gcs/input.go index 9bc897f64fc8..81ed1b822107 100644 --- a/x-pack/filebeat/input/gcs/input.go +++ b/x-pack/filebeat/input/gcs/input.go @@ -9,7 +9,7 @@ import ( "time" "cloud.google.com/go/storage" - "github.com/googleapis/gax-go/v2" + gax "github.com/googleapis/gax-go/v2" v2 "github.com/elastic/beats/v7/filebeat/input/v2" cursor "github.com/elastic/beats/v7/filebeat/input/v2/input-cursor" @@ -127,7 +127,6 @@ func (input *gcsInput) Run(inputCtx v2.Context, src cursor.Source, log := inputCtx.Logger.With("project_id", currentSource.ProjectId).With("bucket", currentSource.BucketName) log.Infof("Running google cloud storage for project: %s", input.config.ProjectId) - var cp *Checkpoint if !cursor.IsNew() { if err := cursor.Unpack(&cp); err != nil { @@ -156,7 +155,7 @@ func (input *gcsInput) Run(inputCtx v2.Context, src cursor.Source, // Since we are only reading, the operation is always idempotent storage.WithPolicy(storage.RetryAlways), ) - scheduler := newScheduler(ctx, publisher, bucket, currentSource, &input.config, st, log) + scheduler := newScheduler(publisher, bucket, currentSource, &input.config, st, log) - return scheduler.schedule() + return scheduler.schedule(ctx) } diff --git a/x-pack/filebeat/input/gcs/input_stateless.go b/x-pack/filebeat/input/gcs/input_stateless.go index b6b3b14cda7c..d31f0875262d 100644 --- a/x-pack/filebeat/input/gcs/input_stateless.go +++ b/x-pack/filebeat/input/gcs/input_stateless.go @@ -9,7 +9,7 @@ import ( "time" "cloud.google.com/go/storage" - "github.com/googleapis/gax-go/v2" + gax "github.com/googleapis/gax-go/v2" v2 "github.com/elastic/beats/v7/filebeat/input/v2" cursor "github.com/elastic/beats/v7/filebeat/input/v2/input-cursor" @@ -79,9 +79,9 @@ func (in *statelessInput) Run(inputCtx v2.Context, publisher stateless.Publisher storage.WithPolicy(storage.RetryAlways), ) - scheduler := newScheduler(ctx, pub, bkt, currentSource, &in.config, st, log) + scheduler := newScheduler(pub, bkt, currentSource, &in.config, st, log) - return scheduler.schedule() + return scheduler.schedule(ctx) } return nil } diff --git a/x-pack/filebeat/input/gcs/input_test.go b/x-pack/filebeat/input/gcs/input_test.go index 1cb658377ab4..bd9028d6bf9a 100644 --- a/x-pack/filebeat/input/gcs/input_test.go +++ b/x-pack/filebeat/input/gcs/input_test.go @@ -37,15 +37,13 @@ const ( ) func Test_StorageClient(t *testing.T) { - t.Skip("Flaky test: issue (could possibly affect this also) - https://github.com/elastic/beats/issues/34332") tests := []struct { - name string - baseConfig map[string]interface{} - mockHandler func() http.Handler - expected map[string]bool - checkJSON bool - isError error - unexpectedError error + name string + baseConfig map[string]interface{} + mockHandler func() http.Handler + expected map[string]bool + checkJSON bool + isError error }{ { name: "SingleBucketWithPoll_NoErr", @@ -67,7 +65,6 @@ func Test_StorageClient(t *testing.T) { mock.Gcs_test_new_object_data3_json: true, mock.Gcs_test_new_object_docs_ata_json: true, }, - unexpectedError: context.Canceled, }, { name: "SingleBucketWithoutPoll_NoErr", @@ -89,7 +86,6 @@ func Test_StorageClient(t *testing.T) { mock.Gcs_test_new_object_data3_json: true, mock.Gcs_test_new_object_docs_ata_json: true, }, - unexpectedError: nil, }, { name: "TwoBucketsWithPoll_NoErr", @@ -116,7 +112,6 @@ func Test_StorageClient(t *testing.T) { mock.Gcs_test_latest_object_ata_json: true, mock.Gcs_test_latest_object_data3_json: true, }, - unexpectedError: context.Canceled, }, { name: "TwoBucketsWithoutPoll_NoErr", @@ -143,7 +138,6 @@ func Test_StorageClient(t *testing.T) { mock.Gcs_test_latest_object_ata_json: true, mock.Gcs_test_latest_object_data3_json: true, }, - unexpectedError: nil, }, { name: "SingleBucketWithPoll_InvalidBucketErr", @@ -159,10 +153,9 @@ func Test_StorageClient(t *testing.T) { }, }, }, - mockHandler: mock.GCSServer, - expected: map[string]bool{}, - isError: errors.New("storage: bucket doesn't exist"), - unexpectedError: nil, + mockHandler: mock.GCSServer, + expected: map[string]bool{}, + isError: errors.New("storage: bucket doesn't exist"), }, { name: "SingleBucketWithoutPoll_InvalidBucketErr", @@ -178,10 +171,9 @@ func Test_StorageClient(t *testing.T) { }, }, }, - mockHandler: mock.GCSServer, - expected: map[string]bool{}, - isError: errors.New("storage: bucket doesn't exist"), - unexpectedError: nil, + mockHandler: mock.GCSServer, + expected: map[string]bool{}, + isError: errors.New("storage: bucket doesn't exist"), }, { name: "TwoBucketsWithPoll_InvalidBucketErr", @@ -200,10 +192,9 @@ func Test_StorageClient(t *testing.T) { }, }, }, - mockHandler: mock.GCSServer, - expected: map[string]bool{}, - isError: errors.New("storage: bucket doesn't exist"), - unexpectedError: nil, + mockHandler: mock.GCSServer, + expected: map[string]bool{}, + isError: errors.New("storage: bucket doesn't exist"), }, { name: "SingleBucketWithPoll_InvalidConfigValue", @@ -219,10 +210,9 @@ func Test_StorageClient(t *testing.T) { }, }, }, - mockHandler: mock.GCSServer, - expected: map[string]bool{}, - isError: errors.New("requires value <= 5000 accessing 'max_workers'"), - unexpectedError: nil, + mockHandler: mock.GCSServer, + expected: map[string]bool{}, + isError: errors.New("requires value <= 5000 accessing 'max_workers'"), }, { name: "TwoBucketWithPoll_InvalidConfigValue", @@ -241,10 +231,9 @@ func Test_StorageClient(t *testing.T) { }, }, }, - mockHandler: mock.GCSServer, - expected: map[string]bool{}, - isError: errors.New("requires value <= 5000 accessing 'max_workers'"), - unexpectedError: nil, + mockHandler: mock.GCSServer, + expected: map[string]bool{}, + isError: errors.New("requires value <= 5000 accessing 'max_workers'"), }, { name: "SingleBucketWithPoll_parseJSON", @@ -267,7 +256,6 @@ func Test_StorageClient(t *testing.T) { mock.Gcs_test_latest_object_ata_json_parsed: true, mock.Gcs_test_latest_object_data3_json_parsed: true, }, - unexpectedError: context.Canceled, }, { name: "ReadJSON", @@ -289,7 +277,6 @@ func Test_StorageClient(t *testing.T) { mock.BeatsFilesBucket_log_json[1]: true, mock.BeatsFilesBucket_log_json[2]: true, }, - unexpectedError: context.Canceled, }, { name: "ReadOctetStreamJSON", @@ -310,7 +297,6 @@ func Test_StorageClient(t *testing.T) { mock.BeatsFilesBucket_multiline_json[0]: true, mock.BeatsFilesBucket_multiline_json[1]: true, }, - unexpectedError: context.Canceled, }, { name: "ReadNDJSON", @@ -331,7 +317,6 @@ func Test_StorageClient(t *testing.T) { mock.BeatsFilesBucket_log_ndjson[0]: true, mock.BeatsFilesBucket_log_ndjson[1]: true, }, - unexpectedError: context.Canceled, }, { name: "ReadMultilineGzJSON", @@ -352,7 +337,6 @@ func Test_StorageClient(t *testing.T) { mock.BeatsFilesBucket_multiline_json_gz[0]: true, mock.BeatsFilesBucket_multiline_json_gz[1]: true, }, - unexpectedError: context.Canceled, }, { name: "ReadJSONWithRootAsArray", @@ -375,7 +359,6 @@ func Test_StorageClient(t *testing.T) { mock.BeatsFilesBucket_json_array[2]: true, mock.BeatsFilesBucket_json_array[3]: true, }, - unexpectedError: context.Canceled, }, } for _, tt := range tests { @@ -462,7 +445,6 @@ func Test_StorageClient(t *testing.T) { } } } - assert.ErrorIs(t, g.Wait(), tt.unexpectedError) }) } } diff --git a/x-pack/filebeat/input/gcs/job.go b/x-pack/filebeat/input/gcs/job.go index 118e89287acf..edcb7fe976ac 100644 --- a/x-pack/filebeat/input/gcs/job.go +++ b/x-pack/filebeat/input/gcs/job.go @@ -15,7 +15,6 @@ import ( "errors" "fmt" "io" - "sync" "time" "unicode" @@ -28,8 +27,6 @@ import ( ) type job struct { - // Mutex lock for concurrent publishes - mu sync.Mutex // gcs bucket handle bucket *storage.BucketHandle // gcs object attribute struct @@ -109,13 +106,13 @@ func (j *job) do(ctx context.Context, id string) { Fields: fields, } event.SetID(objectID(j.hash, 0)) - j.state.save(j.object.Name, j.object.Updated) - // locks while data is being published to avoid concurrent map read/writes - j.mu.Lock() - if err := j.publisher.Publish(event, j.state.checkpoint()); err != nil { + // locks while data is being saved and published to avoid concurrent map read/writes + cp, done := j.state.saveForTx(j.object.Name, j.object.Updated) + if err := j.publisher.Publish(event, cp); err != nil { j.log.Errorw("job encountered an error", "gcs.jobId", id, "error", err) } - j.mu.Unlock() + // unlocks after data is saved and published + done() } } @@ -216,19 +213,23 @@ func (j *job) readJsonAndPublish(ctx context.Context, r io.Reader, id string) er // updates the offset after reading the file // this avoids duplicates for the last read when resuming operation offset = dec.InputOffset() + // locks while data is being saved and published to avoid concurrent map read/writes + var ( + done func() + cp *Checkpoint + ) if !dec.More() { // if this is the last object, then peform a complete state save - j.state.save(j.object.Name, j.object.Updated) + cp, done = j.state.saveForTx(j.object.Name, j.object.Updated) } else { // partially saves read state using offset - j.state.savePartial(j.object.Name, offset+relativeOffset) + cp, done = j.state.savePartialForTx(j.object.Name, offset+relativeOffset) } - // locks while data is being published to avoid concurrent map read/writes - j.mu.Lock() - if err := j.publisher.Publish(evt, j.state.checkpoint()); err != nil { + if err := j.publisher.Publish(evt, cp); err != nil { j.log.Errorw("job encountered an error", "gcs.jobId", id, "error", err) } - j.mu.Unlock() + // unlocks after data is saved and published + done() } return nil } diff --git a/x-pack/filebeat/input/gcs/scheduler.go b/x-pack/filebeat/input/gcs/scheduler.go index 7feb57f7c1e5..d88112979b2a 100644 --- a/x-pack/filebeat/input/gcs/scheduler.go +++ b/x-pack/filebeat/input/gcs/scheduler.go @@ -26,7 +26,6 @@ type limiter struct { limit chan struct{} } type scheduler struct { - parentCtx context.Context publisher cursor.Publisher bucket *storage.BucketHandle src *Source @@ -37,11 +36,10 @@ type scheduler struct { } // newScheduler, returns a new scheduler instance -func newScheduler(ctx context.Context, publisher cursor.Publisher, bucket *storage.BucketHandle, src *Source, cfg *config, +func newScheduler(publisher cursor.Publisher, bucket *storage.BucketHandle, src *Source, cfg *config, state *state, log *logp.Logger, ) *scheduler { return &scheduler{ - parentCtx: ctx, publisher: publisher, bucket: bucket, src: src, @@ -53,23 +51,18 @@ func newScheduler(ctx context.Context, publisher cursor.Publisher, bucket *stora } // Schedule, is responsible for fetching & scheduling jobs using the workerpool model -func (s *scheduler) schedule() error { +func (s *scheduler) schedule(ctx context.Context) error { if !s.src.Poll { - ctxWithTimeout, cancel := context.WithTimeout(s.parentCtx, s.src.BucketTimeOut) - defer cancel() - return s.scheduleOnce(ctxWithTimeout) + return s.scheduleOnce(ctx) } for { - ctxWithTimeout, cancel := context.WithTimeout(s.parentCtx, s.src.BucketTimeOut) - defer cancel() - - err := s.scheduleOnce(ctxWithTimeout) + err := s.scheduleOnce(ctx) if err != nil { return err } - err = timed.Wait(s.parentCtx, s.src.PollInterval) + err = timed.Wait(ctx, s.src.PollInterval) if err != nil { return err } @@ -92,40 +85,51 @@ func (l *limiter) release() { l.wg.Done() } -func (s *scheduler) scheduleOnce(ctxWithTimeout context.Context) error { +func (s *scheduler) scheduleOnce(ctx context.Context) error { defer s.limiter.wait() - pager := s.fetchObjectPager(ctxWithTimeout, s.src.MaxWorkers) + pager := s.fetchObjectPager(ctx, s.src.MaxWorkers) + var numObs, numJobs int for { var objects []*storage.ObjectAttrs nextPageToken, err := pager.NextPage(&objects) if err != nil { return err } + numObs += len(objects) jobs := s.createJobs(objects, s.log) + s.log.Debugf("scheduler: %d objects fetched for current batch", len(objects)) // If previous checkpoint was saved then look up starting point for new jobs if !s.state.checkpoint().LatestEntryTime.IsZero() { jobs = s.moveToLastSeenJob(jobs) if len(s.state.checkpoint().FailedJobs) > 0 { - jobs = s.addFailedJobs(ctxWithTimeout, jobs) + jobs = s.addFailedJobs(ctx, jobs) } } + s.log.Debugf("scheduler: %d jobs scheduled for current batch", len(jobs)) // distributes jobs among workers with the help of a limiter for i, job := range jobs { + numJobs++ id := fetchJobID(i, s.src.BucketName, job.Name()) job := job s.limiter.acquire() go func() { defer s.limiter.release() - job.do(s.parentCtx, id) + job.do(ctx, id) }() } + s.log.Debugf("scheduler: total objects read till now: %d\nscheduler: total jobs scheduled till now: %d", numObs, numJobs) + if len(jobs) != 0 { + s.log.Debugf("scheduler: first job in current batch: %s\nscheduler: last job in current batch: %s", jobs[0].Name(), jobs[len(jobs)-1].Name()) + } + if nextPageToken == "" { break } } + return nil } @@ -216,7 +220,10 @@ func (s *scheduler) addFailedJobs(ctx context.Context, jobs []*job) []*job { jobMap[j.Name()] = true } - for name := range s.state.checkpoint().FailedJobs { + failedJobs := s.state.checkpoint().FailedJobs + s.log.Debugf("scheduler: %d failed jobs found", len(failedJobs)) + fj := 0 + for name := range failedJobs { if !jobMap[name] { obj, err := s.bucket.Object(name).Attrs(ctx) if err != nil { @@ -226,6 +233,8 @@ func (s *scheduler) addFailedJobs(ctx context.Context, jobs []*job) []*job { objectURI := "gs://" + s.src.BucketName + "/" + obj.Name job := newJob(s.bucket, obj, objectURI, s.state, s.src, s.publisher, s.log, true) jobs = append(jobs, job) + s.log.Debugf("scheduler: adding failed job number %d with name %s to job current list", fj, job.Name()) + fj++ } } return jobs diff --git a/x-pack/filebeat/input/gcs/state.go b/x-pack/filebeat/input/gcs/state.go index 6b2a269481f4..afa20e5d52dd 100644 --- a/x-pack/filebeat/input/gcs/state.go +++ b/x-pack/filebeat/input/gcs/state.go @@ -47,8 +47,11 @@ func newState() *state { } } -// save, saves/updates the current state for cursor checkpoint -func (s *state) save(name string, lastModifiedOn time.Time) { +// saveForTx updates and returns the current state checkpoint, locks the state +// and returns an unlock function, done. The caller must call done when +// s and cp are no longer needed in a locked state. done may not be called +// more than once. +func (s *state) saveForTx(name string, lastModifiedOn time.Time) (cp *Checkpoint, done func()) { s.mu.Lock() delete(s.cp.LastProcessedOffset, name) delete(s.cp.IsRootArray, name) @@ -68,20 +71,23 @@ func (s *state) save(name string, lastModifiedOn time.Time) { // clear entry if this is a failed job delete(s.cp.FailedJobs, name) } - s.mu.Unlock() + return s.cp, func() { s.mu.Unlock() } } -// setRootArray, sets boolean true for objects that have their roots defined as an array type -func (s *state) setRootArray(name string) { +// savePartialForTx partially updates and returns the current state checkpoint, locks the state +// and returns an unlock function, done. The caller must call done when +// s and cp are no longer needed in a locked state. done may not be called +// more than once. +func (s *state) savePartialForTx(name string, offset int64) (cp *Checkpoint, done func()) { s.mu.Lock() - s.cp.IsRootArray[name] = true - s.mu.Unlock() + s.cp.LastProcessedOffset[name] = offset + return s.cp, func() { s.mu.Unlock() } } -// savePartial, partially saves/updates the current state for cursor checkpoint -func (s *state) savePartial(name string, offset int64) { +// setRootArray, sets boolean true for objects that have their roots defined as an array type +func (s *state) setRootArray(name string) { s.mu.Lock() - s.cp.LastProcessedOffset[name] = offset + s.cp.IsRootArray[name] = true s.mu.Unlock() } diff --git a/x-pack/filebeat/input/http_endpoint/config.go b/x-pack/filebeat/input/http_endpoint/config.go index 2a8a246460ef..d60ffdeb989e 100644 --- a/x-pack/filebeat/input/http_endpoint/config.go +++ b/x-pack/filebeat/input/http_endpoint/config.go @@ -40,6 +40,7 @@ type config struct { HMACType string `config:"hmac.type"` HMACPrefix string `config:"hmac.prefix"` CRCProvider string `config:"crc.provider"` + CRCSecret string `config:"crc.secret"` IncludeHeaders []string `config:"include_headers"` PreserveOriginalEvent bool `config:"preserve_original_event"` } @@ -63,6 +64,7 @@ func defaultConfig() config { HMACType: "", HMACPrefix: "", CRCProvider: "", + CRCSecret: "", } } @@ -92,9 +94,11 @@ func (c *config) Validate() error { if c.CRCProvider != "" { if !isValidCRCProvider(c.CRCProvider) { return fmt.Errorf("not a valid CRC provider: %q", c.CRCProvider) - } else if c.SecretValue == "" { - return errors.New("secret.value is required when crc.provider is defined") + } else if c.CRCSecret == "" { + return errors.New("crc.secret is required when crc.provider is defined") } + } else if c.CRCSecret != "" { + return errors.New("crc.provider is required when crc.secret is defined") } return nil diff --git a/x-pack/filebeat/input/http_endpoint/handler_test.go b/x-pack/filebeat/input/http_endpoint/handler_test.go index ec9533ff97c7..d5250881ae09 100644 --- a/x-pack/filebeat/input/http_endpoint/handler_test.go +++ b/x-pack/filebeat/input/http_endpoint/handler_test.go @@ -245,9 +245,8 @@ func Test_apiResponse(t *testing.T) { { name: "validate CRC request", conf: config{ - SecretHeader: "secretHeaderTest", - SecretValue: "secretValueTest", - CRCProvider: "Zoom", + CRCProvider: "Zoom", + CRCSecret: "secretValueTest", }, request: func() *http.Request { buf := bytes.NewBufferString( @@ -261,7 +260,6 @@ func Test_apiResponse(t *testing.T) { ) req := httptest.NewRequest(http.MethodPost, "/", buf) req.Header.Set("Content-Type", "application/json") - req.Header.Set("secretHeaderTest", "secretValueTest") return req }(), events: nil, @@ -271,9 +269,8 @@ func Test_apiResponse(t *testing.T) { { name: "malformed CRC request", conf: config{ - SecretHeader: "secretHeaderTest", - SecretValue: "secretValueTest", - CRCProvider: "Zoom", + CRCProvider: "Zoom", + CRCSecret: "secretValueTest", }, request: func() *http.Request { buf := bytes.NewBufferString( @@ -287,7 +284,6 @@ func Test_apiResponse(t *testing.T) { ) req := httptest.NewRequest(http.MethodPost, "/", buf) req.Header.Set("Content-Type", "application/json") - req.Header.Set("secretHeaderTest", "secretValueTest") return req }(), events: nil, @@ -297,9 +293,8 @@ func Test_apiResponse(t *testing.T) { { name: "empty CRC challenge", conf: config{ - SecretHeader: "secretHeaderTest", - SecretValue: "secretValueTest", - CRCProvider: "Zoom", + CRCProvider: "Zoom", + CRCSecret: "secretValueTest", }, request: func() *http.Request { buf := bytes.NewBufferString( @@ -313,7 +308,6 @@ func Test_apiResponse(t *testing.T) { ) req := httptest.NewRequest(http.MethodPost, "/", buf) req.Header.Set("Content-Type", "application/json") - req.Header.Set("secretHeaderTest", "secretValueTest") return req }(), events: nil, diff --git a/x-pack/filebeat/input/http_endpoint/input.go b/x-pack/filebeat/input/http_endpoint/input.go index e4d99806f5e9..4fe312a57264 100644 --- a/x-pack/filebeat/input/http_endpoint/input.go +++ b/x-pack/filebeat/input/http_endpoint/input.go @@ -259,7 +259,7 @@ func newHandler(c config, pub stateless.Publisher, log *logp.Logger) http.Handle responseBody: c.ResponseBody, includeHeaders: canonicalizeHeaders(c.IncludeHeaders), preserveOriginalEvent: c.PreserveOriginalEvent, - crc: newCRC(c.CRCProvider, c.SecretValue), + crc: newCRC(c.CRCProvider, c.CRCSecret), } return newAPIValidationHandler(http.HandlerFunc(handler.apiResponse), validator, log) diff --git a/x-pack/filebeat/input/httpjson/input_test.go b/x-pack/filebeat/input/httpjson/input_test.go index 184705207478..bf12335ac3df 100644 --- a/x-pack/filebeat/input/httpjson/input_test.go +++ b/x-pack/filebeat/input/httpjson/input_test.go @@ -26,1164 +26,1167 @@ import ( "github.com/elastic/elastic-agent-libs/mapstr" ) -func TestInput(t *testing.T) { - testCases := []struct { - name string - setupServer func(*testing.T, http.HandlerFunc, map[string]interface{}) - baseConfig map[string]interface{} - handler http.HandlerFunc - expected []string - expectedFile string - }{ - { - name: "Test simple GET request", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, - }, - { - name: "Test simple HTTPS GET request", - setupServer: newTestServer(httptest.NewTLSServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "request.ssl.verification_mode": "none", - }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, - }, - { - name: "Test request honors rate limit", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "http_method": http.MethodGet, - "request.rate_limit.limit": `[[.last_response.header.Get "X-Rate-Limit-Limit"]]`, - "request.rate_limit.remaining": `[[.last_response.header.Get "X-Rate-Limit-Remaining"]]`, - "request.rate_limit.reset": `[[.last_response.header.Get "X-Rate-Limit-Reset"]]`, - }, - handler: rateLimitHandler(), - expected: []string{`{"hello":"world"}`}, - }, - { - name: "Test request retries when failed", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, +var testCases = []struct { + name string + setupServer func(testing.TB, http.HandlerFunc, map[string]interface{}) + baseConfig map[string]interface{} + handler http.HandlerFunc + expected []string + expectedFile string + + skipReason string +}{ + { + name: "simple_GET_request", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, + }, + { + name: "simple_HTTPS_GET_request", + setupServer: newTestServer(httptest.NewTLSServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "request.ssl.verification_mode": "none", + }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, + }, + { + name: "request_honors_rate_limit", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "http_method": http.MethodGet, + "request.rate_limit.limit": `[[.last_response.header.Get "X-Rate-Limit-Limit"]]`, + "request.rate_limit.remaining": `[[.last_response.header.Get "X-Rate-Limit-Remaining"]]`, + "request.rate_limit.reset": `[[.last_response.header.Get "X-Rate-Limit-Reset"]]`, + }, + handler: rateLimitHandler(), + expected: []string{`{"hello":"world"}`}, + }, + { + name: "request_retries_when_failed", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + }, + handler: retryHandler(), + expected: []string{`{"hello":"world"}`}, + }, + { + name: "POST_request_with_body", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodPost, + "request.body": map[string]interface{}{ + "test": "abc", }, - handler: retryHandler(), - expected: []string{`{"hello":"world"}`}, - }, - { - name: "Test POST request with body", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodPost, - "request.body": map[string]interface{}{ - "test": "abc", - }, + }, + handler: defaultHandler(http.MethodPost, `{"test":"abc"}`, ""), + expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, + }, + { + name: "repeated_POST_requests", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": "100ms", + "request.method": http.MethodPost, + }, + handler: defaultHandler(http.MethodPost, "", ""), + expected: []string{ + `{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`, + `{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`, + }, + }, + { + name: "split_by_json_objects_array", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.hello", }, - handler: defaultHandler(http.MethodPost, `{"test":"abc"}`, ""), - expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, - }, - { - name: "Test repeated POST requests", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": "100ms", - "request.method": http.MethodPost, + }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{`{"world":"moon"}`, `{"space":[{"cake":"pumpkin"}]}`}, + }, + { + name: "split_by_json_objects_array_with_keep_parent", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.hello", + "keep_parent": true, }, - handler: defaultHandler(http.MethodPost, "", ""), - expected: []string{ - `{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`, - `{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`, + }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{ + `{"hello":{"world":"moon"}}`, + `{"hello":{"space":[{"cake":"pumpkin"}]}}`, + }, + }, + { + name: "split_on_empty_array_without_ignore_empty_value", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.response.empty", }, }, - { - name: "Test split by json objects array", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.hello", - }, + handler: defaultHandler(http.MethodGet, "", `{"response":{"empty":[]}}`), + expected: []string{`{"response":{"empty":[]}}`}, + }, + { + name: "split_on_empty_array_with_ignore_empty_value", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.response.empty", + "ignore_empty_value": true, }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{`{"world":"moon"}`, `{"space":[{"cake":"pumpkin"}]}`}, - }, - { - name: "Test split by json objects array with keep parent", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.hello", - "keep_parent": true, - }, + }, + handler: defaultHandler(http.MethodGet, "", `{"response":{"empty":[]}}`), + expected: nil, + }, + { + name: "split_on_null_field_with_ignore_empty_value_keeping_parent", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.response.empty", + "ignore_empty_value": true, + "keep_parent": true, }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{ - `{"hello":{"world":"moon"}}`, - `{"hello":{"space":[{"cake":"pumpkin"}]}}`, + }, + handler: defaultHandler(http.MethodGet, "", `{"response":{"empty":null}}`), + expected: []string{`{"response":{"empty":null}}`}, + }, + { + name: "split_on_empty_array_with_ignore_empty_value_keeping_parent", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.response.empty", + "ignore_empty_value": true, + "keep_parent": true, }, }, - { - name: "Test split on empty array without ignore_empty_value", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.response.empty", - }, + handler: defaultHandler(http.MethodGet, "", `{"response":{"empty":[]}}`), + expected: []string{`{"response":{"empty":[]}}`}, + }, + { + name: "split_on_null_field_at_root_with_ignore_empty_value_keeping_parent", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.response", + "ignore_empty_value": true, + "keep_parent": true, }, - handler: defaultHandler(http.MethodGet, "", `{"response":{"empty":[]}}`), - expected: []string{`{"response":{"empty":[]}}`}, - }, - { - name: "Test split on empty array with ignore_empty_value", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.response.empty", - "ignore_empty_value": true, - }, + }, + handler: defaultHandler(http.MethodGet, "", `{"response":null,"other":"data"}`), + expected: []string{`{"other":"data","response":null}`}, + }, + { + name: "split_on_empty_array_at_root_with_ignore_empty_value_keeping_parent", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.response", + "ignore_empty_value": true, + "keep_parent": true, }, - handler: defaultHandler(http.MethodGet, "", `{"response":{"empty":[]}}`), - expected: nil, - }, - { - name: "Test split on null field with ignore_empty_value keeping parent", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.response.empty", - "ignore_empty_value": true, - "keep_parent": true, + }, + handler: defaultHandler(http.MethodGet, "", `{"response":[],"other":"data"}`), + expected: []string{`{"other":"data","response":[]}`}, + }, + { + name: "nested_split", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.hello", + "split": map[string]interface{}{ + "target": "body.space", + "keep_parent": true, }, }, - handler: defaultHandler(http.MethodGet, "", `{"response":{"empty":null}}`), - expected: []string{`{"response":{"empty":null}}`}, - }, - { - name: "Test split on empty array with ignore_empty_value keeping parent", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.response.empty", - "ignore_empty_value": true, - "keep_parent": true, - }, + }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{ + `{"world":"moon"}`, + `{"space":{"cake":"pumpkin"}}`, + }, + }, + { + name: "split_events_by_not_found", + setupServer: newTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.unknown", }, - handler: defaultHandler(http.MethodGet, "", `{"response":{"empty":[]}}`), - expected: []string{`{"response":{"empty":[]}}`}, - }, - { - name: "Test split on null field at root with ignore_empty_value keeping parent", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.response", - "ignore_empty_value": true, - "keep_parent": true, + }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{}, + }, + { + name: "date_cursor", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + registerRequestTransforms() + t.Cleanup(func() { registeredTransforms = newRegistry() }) + // mock timeNow func to return a fixed value + timeNow = func() time.Time { + t, _ := time.Parse(time.RFC3339, "2002-10-02T15:00:00Z") + return t + } + + server := httptest.NewServer(h) + config["request.url"] = server.URL + t.Cleanup(server.Close) + t.Cleanup(func() { timeNow = time.Now }) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "request.transforms": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "url.params.$filter", + "value": "alertCreationTime ge [[.cursor.timestamp]]", + "default": `alertCreationTime ge [[formatDate (now (parseDuration "-10m")) "2006-01-02T15:04:05Z"]]`, + }, }, }, - handler: defaultHandler(http.MethodGet, "", `{"response":null,"other":"data"}`), - expected: []string{`{"other":"data","response":null}`}, - }, - { - name: "Test split on empty array at root with ignore_empty_value keeping parent", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.response", - "ignore_empty_value": true, - "keep_parent": true, + "cursor": map[string]interface{}{ + "timestamp": map[string]interface{}{ + "value": `[[index .last_response.body "@timestamp"]]`, }, }, - handler: defaultHandler(http.MethodGet, "", `{"response":[],"other":"data"}`), - expected: []string{`{"other":"data","response":[]}`}, - }, - { - name: "Test nested split", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.hello", - "split": map[string]interface{}{ - "target": "body.space", - "keep_parent": true, + }, + handler: dateCursorHandler(), + expected: []string{ + `{"@timestamp":"2002-10-02T15:00:00Z","foo":"bar"}`, + `{"@timestamp":"2002-10-02T15:00:01Z","foo":"bar"}`, + `{"@timestamp":"2002-10-02T15:00:02Z","foo":"bar"}`, + }, + }, + { + name: "tracer_filename_sanitization", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + registerRequestTransforms() + t.Cleanup(func() { registeredTransforms = newRegistry() }) + // mock timeNow func to return a fixed value + timeNow = func() time.Time { + t, _ := time.Parse(time.RFC3339, "2002-10-02T15:00:00Z") + return t + } + + server := httptest.NewServer(h) + config["request.url"] = server.URL + t.Cleanup(server.Close) + t.Cleanup(func() { timeNow = time.Now }) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "request.transforms": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "url.params.$filter", + "value": "alertCreationTime ge [[.cursor.timestamp]]", + "default": `alertCreationTime ge [[formatDate (now (parseDuration "-10m")) "2006-01-02T15:04:05Z"]]`, }, }, }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{ - `{"world":"moon"}`, - `{"space":{"cake":"pumpkin"}}`, - }, - }, - { - name: "Test split events by not found", - setupServer: newTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.unknown", + "cursor": map[string]interface{}{ + "timestamp": map[string]interface{}{ + "value": `[[index .last_response.body "@timestamp"]]`, }, }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{}, - }, - { - name: "Test date cursor", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - registerRequestTransforms() - t.Cleanup(func() { registeredTransforms = newRegistry() }) - // mock timeNow func to return a fixed value - timeNow = func() time.Time { - t, _ := time.Parse(time.RFC3339, "2002-10-02T15:00:00Z") - return t - } - - server := httptest.NewServer(h) - config["request.url"] = server.URL - t.Cleanup(server.Close) - t.Cleanup(func() { timeNow = time.Now }) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "request.transforms": []interface{}{ + "request.tracer.filename": "logs/http-request-trace-*.ndjson", + }, + handler: dateCursorHandler(), + expected: []string{ + `{"@timestamp":"2002-10-02T15:00:00Z","foo":"bar"}`, + `{"@timestamp":"2002-10-02T15:00:01Z","foo":"bar"}`, + `{"@timestamp":"2002-10-02T15:00:02Z","foo":"bar"}`, + }, + expectedFile: filepath.Join("logs", "http-request-trace-httpjson-foo-eb837d4c-5ced-45ed-b05c-de658135e248_https_somesource_someapi.ndjson"), + }, + { + name: "pagination", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + registerPaginationTransforms() + registerResponseTransforms() + t.Cleanup(func() { registeredTransforms = newRegistry() }) + server := httptest.NewServer(h) + config["request.url"] = server.URL + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": time.Millisecond, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.items", + "transforms": []interface{}{ map[string]interface{}{ "set": map[string]interface{}{ - "target": "url.params.$filter", - "value": "alertCreationTime ge [[.cursor.timestamp]]", - "default": `alertCreationTime ge [[formatDate (now (parseDuration "-10m")) "2006-01-02T15:04:05Z"]]`, + "target": "body.page", + "value": "[[.last_response.page]]", }, }, }, - "cursor": map[string]interface{}{ - "timestamp": map[string]interface{}{ - "value": `[[index .last_response.body "@timestamp"]]`, + }, + "response.pagination": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "url.params.page", + "value": "[[.last_response.body.nextPageToken]]", + "fail_on_template_error": true, }, }, }, - handler: dateCursorHandler(), - expected: []string{ - `{"@timestamp":"2002-10-02T15:00:00Z","foo":"bar"}`, - `{"@timestamp":"2002-10-02T15:00:01Z","foo":"bar"}`, - `{"@timestamp":"2002-10-02T15:00:02Z","foo":"bar"}`, - }, }, - { - name: "Test tracer filename sanitization", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - registerRequestTransforms() - t.Cleanup(func() { registeredTransforms = newRegistry() }) - // mock timeNow func to return a fixed value - timeNow = func() time.Time { - t, _ := time.Parse(time.RFC3339, "2002-10-02T15:00:00Z") - return t - } + handler: paginationHandler(), + expected: []string{ + `{"foo":"a","page":"0"}`, `{"foo":"b","page":"1"}`, `{"foo":"c","page":"0"}`, `{"foo":"d","page":"0"}`, + `{"foo":"a","page":"0"}`, `{"foo":"b","page":"1"}`, `{"foo":"c","page":"0"}`, `{"foo":"d","page":"0"}`, + }, + }, + { + skipReason: "flakey test - see https://github.com/elastic/beats/issues/34929", - server := httptest.NewServer(h) - config["request.url"] = server.URL - t.Cleanup(server.Close) - t.Cleanup(func() { timeNow = time.Now }) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "request.transforms": []interface{}{ + name: "first_event", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + registerPaginationTransforms() + registerResponseTransforms() + t.Cleanup(func() { registeredTransforms = newRegistry() }) + server := httptest.NewServer(h) + config["request.url"] = server.URL + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.items", + "transforms": []interface{}{ map[string]interface{}{ "set": map[string]interface{}{ - "target": "url.params.$filter", - "value": "alertCreationTime ge [[.cursor.timestamp]]", - "default": `alertCreationTime ge [[formatDate (now (parseDuration "-10m")) "2006-01-02T15:04:05Z"]]`, + "target": "body.first", + "value": "[[.cursor.first]]", + "default": "none", }, }, }, - "cursor": map[string]interface{}{ - "timestamp": map[string]interface{}{ - "value": `[[index .last_response.body "@timestamp"]]`, + }, + "response.pagination": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "url.params.page", + "value": "[[.last_response.body.nextPageToken]]", + "fail_on_template_error": true, }, }, - "request.tracer.filename": "logs/http-request-trace-*.ndjson", - }, - handler: dateCursorHandler(), - expected: []string{ - `{"@timestamp":"2002-10-02T15:00:00Z","foo":"bar"}`, - `{"@timestamp":"2002-10-02T15:00:01Z","foo":"bar"}`, - `{"@timestamp":"2002-10-02T15:00:02Z","foo":"bar"}`, }, - expectedFile: filepath.Join("logs", "http-request-trace-httpjson-foo-eb837d4c-5ced-45ed-b05c-de658135e248_https_somesource_someapi.ndjson"), - }, - { - name: "Test pagination", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - registerPaginationTransforms() - registerResponseTransforms() - t.Cleanup(func() { registeredTransforms = newRegistry() }) - server := httptest.NewServer(h) - config["request.url"] = server.URL - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": time.Millisecond, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.items", - "transforms": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "body.page", - "value": "[[.last_response.page]]", - }, - }, - }, + "cursor": map[string]interface{}{ + "first": map[string]interface{}{ + "value": "[[.first_event.foo]]", }, - "response.pagination": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "url.params.page", - "value": "[[.last_response.body.nextPageToken]]", - "fail_on_template_error": true, - }, + }, + }, + handler: paginationHandler(), + expected: []string{`{"first":"none", "foo":"a"}`, `{"first":"a", "foo":"b"}`, `{"first":"a", "foo":"c"}`, `{"first":"c", "foo":"d"}`}, + }, + { + name: "pagination_with_array_response", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + registerPaginationTransforms() + t.Cleanup(func() { registeredTransforms = newRegistry() }) + server := httptest.NewServer(h) + config["request.url"] = server.URL + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.pagination": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "url.params.page", + "value": `[[index (index .last_response.body 0) "nextPageToken"]]`, }, }, }, - handler: paginationHandler(), - expected: []string{ - `{"foo":"a","page":"0"}`, `{"foo":"b","page":"1"}`, `{"foo":"c","page":"0"}`, `{"foo":"d","page":"0"}`, - `{"foo":"a","page":"0"}`, `{"foo":"b","page":"1"}`, `{"foo":"c","page":"0"}`, `{"foo":"d","page":"0"}`, - }, }, - { - name: "Test first event", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - registerPaginationTransforms() - registerResponseTransforms() - t.Cleanup(func() { registeredTransforms = newRegistry() }) - server := httptest.NewServer(h) - config["request.url"] = server.URL - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.items", - "transforms": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "body.first", - "value": "[[.cursor.first]]", - "default": "none", - }, - }, + handler: paginationArrayHandler(), + expected: []string{`{"nextPageToken":"bar","foo":"bar"}`, `{"foo":"bar"}`, `{"foo":"bar"}`}, + }, + { + name: "oauth2", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + server := httptest.NewServer(h) + config["request.url"] = server.URL + config["auth.oauth2.token_url"] = server.URL + "/token" + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodPost, + "auth.oauth2.client.id": "a_client_id", + "auth.oauth2.client.secret": "a_client_secret", + "auth.oauth2.endpoint_params": map[string]interface{}{ + "param1": "v1", + }, + "auth.oauth2.scopes": []string{"scope1", "scope2"}, + }, + handler: oauth2Handler, + expected: []string{`{"hello": "world"}`}, + }, + { + name: "request_transforms_can_access_state_from_previous_transforms", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + registerRequestTransforms() + t.Cleanup(func() { registeredTransforms = newRegistry() }) + server := httptest.NewServer(h) + config["request.url"] = server.URL + "/test-path" + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodPost, + "request.transforms": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "header.X-Foo", + "value": "foo", }, }, - "response.pagination": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "url.params.page", - "value": "[[.last_response.body.nextPageToken]]", - "fail_on_template_error": true, - }, + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "body.bar", + "value": `[[.header.Get "X-Foo"]]`, }, }, - "cursor": map[string]interface{}{ - "first": map[string]interface{}{ - "value": "[[.first_event.foo]]", + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "body.url.path", + "value": `[[.url.Path]]`, }, }, }, - handler: paginationHandler(), - expected: []string{`{"first":"none", "foo":"a"}`, `{"first":"a", "foo":"b"}`, `{"first":"a", "foo":"c"}`, `{"first":"c", "foo":"d"}`}, - }, - { - name: "Test pagination with array response", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - registerPaginationTransforms() - t.Cleanup(func() { registeredTransforms = newRegistry() }) - server := httptest.NewServer(h) - config["request.url"] = server.URL - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.pagination": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "url.params.page", - "value": `[[index (index .last_response.body 0) "nextPageToken"]]`, - }, + }, + handler: defaultHandler(http.MethodPost, `{"bar":"foo","url":{"path":"/test-path"}}`, ""), + expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, + }, + { + name: "response_transforms_can't_access_request_state_from_previous_transforms", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + registerRequestTransforms() + registerResponseTransforms() + t.Cleanup(func() { registeredTransforms = newRegistry() }) + server := httptest.NewServer(h) + config["request.url"] = server.URL + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 10, + "request.method": http.MethodGet, + "request.transforms": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "header.X-Foo", + "value": "foo", }, }, }, - handler: paginationArrayHandler(), - expected: []string{`{"nextPageToken":"bar","foo":"bar"}`, `{"foo":"bar"}`, `{"foo":"bar"}`}, - }, - { - name: "Test oauth2", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - server := httptest.NewServer(h) - config["request.url"] = server.URL - config["auth.oauth2.token_url"] = server.URL + "/token" - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodPost, - "auth.oauth2.client.id": "a_client_id", - "auth.oauth2.client.secret": "a_client_secret", - "auth.oauth2.endpoint_params": map[string]interface{}{ - "param1": "v1", - }, - "auth.oauth2.scopes": []string{"scope1", "scope2"}, - }, - handler: oauth2Handler, - expected: []string{`{"hello": "world"}`}, - }, - { - name: "Test request transforms can access state from previous transforms", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - registerRequestTransforms() - t.Cleanup(func() { registeredTransforms = newRegistry() }) - server := httptest.NewServer(h) - config["request.url"] = server.URL + "/test-path" - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodPost, - "request.transforms": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "header.X-Foo", - "value": "foo", - }, - }, - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "body.bar", - "value": `[[.header.Get "X-Foo"]]`, - }, - }, - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "body.url.path", - "value": `[[.url.Path]]`, - }, + "response.transforms": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "body.bar", + "value": `[[.header.Get "X-Foo"]]`, }, }, }, - handler: defaultHandler(http.MethodPost, `{"bar":"foo","url":{"path":"/test-path"}}`, ""), - expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, - }, - { - name: "Test response transforms can't access request state from previous transforms", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - registerRequestTransforms() - registerResponseTransforms() - t.Cleanup(func() { registeredTransforms = newRegistry() }) - server := httptest.NewServer(h) - config["request.url"] = server.URL - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 10, - "request.method": http.MethodGet, - "request.transforms": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "header.X-Foo", - "value": "foo", - }, - }, - }, - "response.transforms": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "body.bar", - "value": `[[.header.Get "X-Foo"]]`, - }, + }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, + }, + { + name: "simple_Chain_GET_request", + setupServer: newChainTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 10, + "request.method": http.MethodGet, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.records[:].id", }, }, }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, - }, - { - name: "Test simple Chain GET request", - setupServer: newChainTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 10, - "request.method": http.MethodGet, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.records[:].id", - }, + }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, + }, + { + name: "multiple_Chain_GET_request", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/": + fmt.Fprintln(w, `{"records":[{"id":1}]}`) + case "/1": + fmt.Fprintln(w, `{"file_name": "file_1"}`) + case "/file_1": + fmt.Fprintln(w, `{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`) + } + }) + server := httptest.NewServer(r) + config["request.url"] = server.URL + config["chain.0.step.request.url"] = server.URL + "/$.records[:].id" + config["chain.1.step.request.url"] = server.URL + "/$.file_name" + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 10, + "request.method": http.MethodGet, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.records[:].id", }, }, - }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, - }, - { - name: "Test multiple Chain GET request", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - switch r.URL.Path { - case "/": - fmt.Fprintln(w, `{"records":[{"id":1}]}`) - case "/1": - fmt.Fprintln(w, `{"file_name": "file_1"}`) - case "/file_1": - fmt.Fprintln(w, `{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`) - } - }) - server := httptest.NewServer(r) - config["request.url"] = server.URL - config["chain.0.step.request.url"] = server.URL + "/$.records[:].id" - config["chain.1.step.request.url"] = server.URL + "/$.file_name" - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 10, - "request.method": http.MethodGet, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.records[:].id", - }, - }, - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.file_name", - }, + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.file_name", }, }, }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, - }, - { - name: "Test date cursor while using chain", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - registerRequestTransforms() - t.Cleanup(func() { registeredTransforms = newRegistry() }) - // mock timeNow func to return a fixed value - timeNow = func() time.Time { - t, _ := time.Parse(time.RFC3339, "2002-10-02T15:00:00Z") - return t - } + }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, + }, + { + name: "date_cursor_while_using_chain", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + registerRequestTransforms() + t.Cleanup(func() { registeredTransforms = newRegistry() }) + // mock timeNow func to return a fixed value + timeNow = func() time.Time { + t, _ := time.Parse(time.RFC3339, "2002-10-02T15:00:00Z") + return t + } - r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - switch r.URL.Path { - case "/": - fmt.Fprintln(w, `{"records":[{"id":1}]}`) - case "/1": - fmt.Fprintln(w, `{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`) - } - }) - server := httptest.NewServer(r) - config["request.url"] = server.URL - config["chain.0.step.request.url"] = server.URL + "/$.records[:].id" - t.Cleanup(server.Close) - t.Cleanup(func() { timeNow = time.Now }) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "request.transforms": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "url.params.$filter", - "value": "alertCreationTime ge [[.cursor.timestamp]]", - "default": `alertCreationTime ge [[formatDate (now (parseDuration "-10m")) "2006-01-02T15:04:05Z"]]`, - }, + r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/": + fmt.Fprintln(w, `{"records":[{"id":1}]}`) + case "/1": + fmt.Fprintln(w, `{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`) + } + }) + server := httptest.NewServer(r) + config["request.url"] = server.URL + config["chain.0.step.request.url"] = server.URL + "/$.records[:].id" + t.Cleanup(server.Close) + t.Cleanup(func() { timeNow = time.Now }) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "request.transforms": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "url.params.$filter", + "value": "alertCreationTime ge [[.cursor.timestamp]]", + "default": `alertCreationTime ge [[formatDate (now (parseDuration "-10m")) "2006-01-02T15:04:05Z"]]`, }, }, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.records[:].id", - }, + }, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.records[:].id", }, }, - "cursor": map[string]interface{}{ - "timestamp": map[string]interface{}{ - "value": `[[index .last_response.body "@timestamp"]]`, - }, + }, + "cursor": map[string]interface{}{ + "timestamp": map[string]interface{}{ + "value": `[[index .last_response.body "@timestamp"]]`, }, }, - handler: dateCursorHandler(), - expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, - }, - { - name: "Test split by json objects array in chain", - setupServer: newChainTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.records[:].id", - "response.split": map[string]interface{}{ - "target": "body.hello", - }, + }, + handler: dateCursorHandler(), + expected: []string{`{"hello":[{"world":"moon"},{"space":[{"cake":"pumpkin"}]}]}`}, + }, + { + name: "split_by_json_objects_array_in_chain", + setupServer: newChainTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.records[:].id", + "response.split": map[string]interface{}{ + "target": "body.hello", }, }, }, }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{`{"world":"moon"}`, `{"space":[{"cake":"pumpkin"}]}`}, - }, - { - name: "Test split by json objects array with keep parent in chain", - setupServer: newChainTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.records[:].id", - "response.split": map[string]interface{}{ - "target": "body.hello", - "keep_parent": true, - }, + }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{`{"world":"moon"}`, `{"space":[{"cake":"pumpkin"}]}`}, + }, + { + name: "split_by_json_objects_array_with_keep_parent_in_chain", + setupServer: newChainTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.records[:].id", + "response.split": map[string]interface{}{ + "target": "body.hello", + "keep_parent": true, }, }, }, }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{ - `{"hello":{"world":"moon"}}`, - `{"hello":{"space":[{"cake":"pumpkin"}]}}`, - }, }, - { - name: "Test nested split in chain", - setupServer: newChainTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.split": map[string]interface{}{ - "target": "body.hello", - }, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.records[:].id", - "response.split": map[string]interface{}{ - "target": "body.hello", - "split": map[string]interface{}{ - "target": "body.space", - "keep_parent": true, - }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{ + `{"hello":{"world":"moon"}}`, + `{"hello":{"space":[{"cake":"pumpkin"}]}}`, + }, + }, + { + name: "nested_split_in_chain", + setupServer: newChainTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.split": map[string]interface{}{ + "target": "body.hello", + }, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.records[:].id", + "response.split": map[string]interface{}{ + "target": "body.hello", + "split": map[string]interface{}{ + "target": "body.space", + "keep_parent": true, }, }, }, }, }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{ - `{"world":"moon"}`, - `{"space":{"cake":"pumpkin"}}`, - }, }, - { - name: "Test pagination when used with chaining", - setupServer: newChainPaginationTestServer(httptest.NewServer), - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.pagination": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "url.value", - "value": "[[.last_response.body.nextLink]]", - "fail_on_template_error": true, - }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{ + `{"world":"moon"}`, + `{"space":{"cake":"pumpkin"}}`, + }, + }, + { + name: "pagination_when_used_with_chaining", + setupServer: newChainPaginationTestServer(httptest.NewServer), + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.pagination": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "url.value", + "value": "[[.last_response.body.nextLink]]", + "fail_on_template_error": true, }, }, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.records[:].id", - }, + }, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.records[:].id", }, }, }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{ - `{"hello":{"world":"moon"}}`, - `{"space":{"cake":"pumpkin"}}`, - }, }, - { - name: "Test replace_with clause and first_response object", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - switch r.URL.Path { - case "/": - fmt.Fprintln(w, `{"exportId":"2212"}`) - case "/2212": - fmt.Fprintln(w, `{"files":[{"id":"1"},{"id":"2"}]}`) - case "/2212/1": - fmt.Fprintln(w, `{"hello":{"world":"moon"}}`) - case "/2212/2": - fmt.Fprintln(w, `{"space":{"cake":"pumpkin"}}`) - } - }) - server := httptest.NewServer(r) - config["request.url"] = server.URL - config["chain.0.step.request.url"] = server.URL + "/$.exportId" - config["chain.1.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.save_first_response": true, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.exportId", - }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{ + `{"hello":{"world":"moon"}}`, + `{"space":{"cake":"pumpkin"}}`, + }, + }, + { + name: "replace_with_clause_and_first_response_object", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/": + fmt.Fprintln(w, `{"exportId":"2212"}`) + case "/2212": + fmt.Fprintln(w, `{"files":[{"id":"1"},{"id":"2"}]}`) + case "/2212/1": + fmt.Fprintln(w, `{"hello":{"world":"moon"}}`) + case "/2212/2": + fmt.Fprintln(w, `{"space":{"cake":"pumpkin"}}`) + } + }) + server := httptest.NewServer(r) + config["request.url"] = server.URL + config["chain.0.step.request.url"] = server.URL + "/$.exportId" + config["chain.1.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.save_first_response": true, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.exportId", }, - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.files[:].id", - "replace_with": "$.exportId,.first_response.body.exportId", - }, + }, + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.files[:].id", + "replace_with": "$.exportId,.first_response.body.exportId", }, }, }, - expected: []string{ - `{"hello":{"world":"moon"}}`, - `{"space":{"cake":"pumpkin"}}`, - }, }, - { - name: "Test replace_with clause with hardcoded value_1", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - switch r.URL.Path { - case "/": - fmt.Fprintln(w, `{"files":[{"id":"1"},{"id":"2"}]}`) - case "/2212/1": - fmt.Fprintln(w, `{"hello":{"world":"moon"}}`) - case "/2212/2": - fmt.Fprintln(w, `{"space":{"cake":"pumpkin"}}`) - } - }) - server := httptest.NewServer(r) - config["request.url"] = server.URL - config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.files[:].id", - "replace_with": "$.exportId,2212", - }, + expected: []string{ + `{"hello":{"world":"moon"}}`, + `{"space":{"cake":"pumpkin"}}`, + }, + }, + { + name: "replace_with_clause_with_hardcoded_value_1", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/": + fmt.Fprintln(w, `{"files":[{"id":"1"},{"id":"2"}]}`) + case "/2212/1": + fmt.Fprintln(w, `{"hello":{"world":"moon"}}`) + case "/2212/2": + fmt.Fprintln(w, `{"space":{"cake":"pumpkin"}}`) + } + }) + server := httptest.NewServer(r) + config["request.url"] = server.URL + config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.files[:].id", + "replace_with": "$.exportId,2212", }, }, }, - expected: []string{ - `{"hello":{"world":"moon"}}`, - `{"space":{"cake":"pumpkin"}}`, - }, }, - { - name: "Test replace_with clause with hardcoded value (no dot prefix)", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - switch r.URL.Path { - case "/": - fmt.Fprintln(w, `{"files":[{"id":"1"},{"id":"2"}]}`) - case "/first_response.body.id/1": - fmt.Fprintln(w, `{"hello":{"world":"moon"}}`) - case "/first_response.body.id/2": - fmt.Fprintln(w, `{"space":{"cake":"pumpkin"}}`) - } - }) - server := httptest.NewServer(r) - config["request.url"] = server.URL - config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.save_first_response": true, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.files[:].id", - "replace_with": "$.exportId,first_response.body.id", - }, + expected: []string{ + `{"hello":{"world":"moon"}}`, + `{"space":{"cake":"pumpkin"}}`, + }, + }, + { + name: "replace_with_clause_with_hardcoded_value_(no_dot_prefix)", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/": + fmt.Fprintln(w, `{"files":[{"id":"1"},{"id":"2"}]}`) + case "/first_response.body.id/1": + fmt.Fprintln(w, `{"hello":{"world":"moon"}}`) + case "/first_response.body.id/2": + fmt.Fprintln(w, `{"space":{"cake":"pumpkin"}}`) + } + }) + server := httptest.NewServer(r) + config["request.url"] = server.URL + config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.save_first_response": true, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.files[:].id", + "replace_with": "$.exportId,first_response.body.id", }, }, }, - expected: []string{ - `{"hello":{"world":"moon"}}`, - `{"space":{"cake":"pumpkin"}}`, - }, }, - { - name: "Test replace_with clause with hardcoded value (more than one dot prefix)", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - switch r.URL.Path { - case "/": - fmt.Fprintln(w, `{"files":[{"id":"1"},{"id":"2"}]}`) - case "/..first_response.body.id/1": - fmt.Fprintln(w, `{"hello":{"world":"moon"}}`) - case "/..first_response.body.id/2": - fmt.Fprintln(w, `{"space":{"cake":"pumpkin"}}`) - } - }) - server := httptest.NewServer(r) - config["request.url"] = server.URL - config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.save_first_response": true, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.files[:].id", - "replace_with": "$.exportId,..first_response.body.id", - }, + expected: []string{ + `{"hello":{"world":"moon"}}`, + `{"space":{"cake":"pumpkin"}}`, + }, + }, + { + name: "replace_with_clause_with_hardcoded_value_(more_than_one_dot_prefix)", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/": + fmt.Fprintln(w, `{"files":[{"id":"1"},{"id":"2"}]}`) + case "/..first_response.body.id/1": + fmt.Fprintln(w, `{"hello":{"world":"moon"}}`) + case "/..first_response.body.id/2": + fmt.Fprintln(w, `{"space":{"cake":"pumpkin"}}`) + } + }) + server := httptest.NewServer(r) + config["request.url"] = server.URL + config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.save_first_response": true, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.files[:].id", + "replace_with": "$.exportId,..first_response.body.id", }, }, }, - expected: []string{ - `{"hello":{"world":"moon"}}`, - `{"space":{"cake":"pumpkin"}}`, - }, }, - { - name: "Test replace_with clause with hardcoded value containing '.' (dots)", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - switch r.URL.Path { - case "/": - fmt.Fprintln(w, `{"files":[{"id":"1"},{"id":"2"}]}`) - case "/.xyz.2212.abc./1": - fmt.Fprintln(w, `{"hello":{"world":"moon"}}`) - case "/.xyz.2212.abc./2": - fmt.Fprintln(w, `{"space":{"cake":"pumpkin"}}`) - } - }) - server := httptest.NewServer(r) - config["request.url"] = server.URL - config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodGet, - "replace": "$.files[:].id", - "replace_with": "$.exportId,.xyz.2212.abc.", - }, + expected: []string{ + `{"hello":{"world":"moon"}}`, + `{"space":{"cake":"pumpkin"}}`, + }, + }, + { + name: "replace_with_clause_with_hardcoded_value_containing_'.'_(dots)", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/": + fmt.Fprintln(w, `{"files":[{"id":"1"},{"id":"2"}]}`) + case "/.xyz.2212.abc./1": + fmt.Fprintln(w, `{"hello":{"world":"moon"}}`) + case "/.xyz.2212.abc./2": + fmt.Fprintln(w, `{"space":{"cake":"pumpkin"}}`) + } + }) + server := httptest.NewServer(r) + config["request.url"] = server.URL + config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodGet, + "replace": "$.files[:].id", + "replace_with": "$.exportId,.xyz.2212.abc.", }, }, }, - expected: []string{ - `{"hello":{"world":"moon"}}`, - `{"space":{"cake":"pumpkin"}}`, - }, }, - { - name: "Test global transform context separation with parent_last_response object", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - var serverURL string - registerPaginationTransforms() - registerRequestTransforms() - r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - switch r.URL.Path { - case "/": - fmt.Fprintf(w, `{"files":[{"id":"1"},{"id":"2"}],"exportId":"2212", "nextLink":"%s/link1"}`, serverURL) - case "/link1": - fmt.Fprintln(w, `{"files":[{"id":"3"},{"id":"4"}], "exportId":"2213"}`) - case "/2212/1": - matchBody(w, r, `{"exportId":"2212"}`, `{"hello":{"world":"moon"}}`) - case "/2212/2": - matchBody(w, r, `{"exportId":"2212"}`, `{"space":{"cake":"pumpkin"}}`) - case "/2213/3": - matchBody(w, r, `{"exportId":"2213"}`, `{"hello":{"cake":"pumpkin"}}`) - case "/2213/4": - matchBody(w, r, `{"exportId":"2213"}`, `{"space":{"world":"moon"}}`) - } - }) - server := httptest.NewServer(r) - t.Cleanup(func() { registeredTransforms = newRegistry() }) - config["request.url"] = server.URL - serverURL = server.URL - config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodPost, - "response.request_body_on_pagination": true, - "response.pagination": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "url.value", - "value": "[[.last_response.body.nextLink]]", - "fail_on_template_error": true, - }, + expected: []string{ + `{"hello":{"world":"moon"}}`, + `{"space":{"cake":"pumpkin"}}`, + }, + }, + { + name: "global_transform_context_separation_with_parent_last_response_object", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + var serverURL string + registerPaginationTransforms() + registerRequestTransforms() + r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/": + fmt.Fprintf(w, `{"files":[{"id":"1"},{"id":"2"}],"exportId":"2212", "nextLink":"%s/link1"}`, serverURL) + case "/link1": + fmt.Fprintln(w, `{"files":[{"id":"3"},{"id":"4"}], "exportId":"2213"}`) + case "/2212/1": + matchBody(w, r, `{"exportId":"2212"}`, `{"hello":{"world":"moon"}}`) + case "/2212/2": + matchBody(w, r, `{"exportId":"2212"}`, `{"space":{"cake":"pumpkin"}}`) + case "/2213/3": + matchBody(w, r, `{"exportId":"2213"}`, `{"hello":{"cake":"pumpkin"}}`) + case "/2213/4": + matchBody(w, r, `{"exportId":"2213"}`, `{"space":{"world":"moon"}}`) + } + }) + server := httptest.NewServer(r) + t.Cleanup(func() { registeredTransforms = newRegistry() }) + config["request.url"] = server.URL + serverURL = server.URL + config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodPost, + "response.request_body_on_pagination": true, + "response.pagination": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "url.value", + "value": "[[.last_response.body.nextLink]]", + "fail_on_template_error": true, }, }, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodPost, - "replace": "$.files[:].id", - "replace_with": "$.exportId,.parent_last_response.body.exportId", - "request.transforms": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "body.exportId", - "value": "[[ .parent_last_response.body.exportId ]]", - }, + }, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodPost, + "replace": "$.files[:].id", + "replace_with": "$.exportId,.parent_last_response.body.exportId", + "request.transforms": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "body.exportId", + "value": "[[ .parent_last_response.body.exportId ]]", }, }, }, }, }, }, - expected: []string{ - `{"hello":{"world":"moon"}}`, - `{"space":{"cake":"pumpkin"}}`, - `{"hello":{"cake":"pumpkin"}}`, - `{"space":{"world":"moon"}}`, - }, }, - { - name: "Test if cursor value is updated for root response with chaining & pagination", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - var serverURL string - registerPaginationTransforms() - registerRequestTransforms() - r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - switch r.URL.Path { - case "/": - fmt.Fprintf(w, `{"files":[{"id":"1"},{"id":"2"}],"exportId":"2212", "createdAt":"22/02/2022", + expected: []string{ + `{"hello":{"world":"moon"}}`, + `{"space":{"cake":"pumpkin"}}`, + `{"hello":{"cake":"pumpkin"}}`, + `{"space":{"world":"moon"}}`, + }, + }, + { + name: "cursor_value_is_updated_for_root_response_with_chaining_&_pagination", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + var serverURL string + registerPaginationTransforms() + registerRequestTransforms() + r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/": + fmt.Fprintf(w, `{"files":[{"id":"1"},{"id":"2"}],"exportId":"2212", "createdAt":"22/02/2022", "nextLink":"%s/link1"}`, serverURL) - case "/link1": - fmt.Fprintln(w, `{"files":[{"id":"3"},{"id":"4"}], "exportId":"2213", "createdAt":"24/04/2022"}`) - case "/2212/1": - matchBody(w, r, `{"createdAt":"22/02/2022","exportId":"2212"}`, `{"hello":{"world":"moon"}}`) - case "/2212/2": - matchBody(w, r, `{"createdAt":"22/02/2022","exportId":"2212"}`, `{"space":{"cake":"pumpkin"}}`) - case "/2213/3": - matchBody(w, r, `{"createdAt":"24/04/2022","exportId":"2213"}`, `{"hello":{"cake":"pumpkin"}}`) - case "/2213/4": - matchBody(w, r, `{"createdAt":"24/04/2022","exportId":"2213"}`, `{"space":{"world":"moon"}}`) - } - }) - server := httptest.NewServer(r) - t.Cleanup(func() { registeredTransforms = newRegistry() }) - config["request.url"] = server.URL - serverURL = server.URL - config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodPost, - "response.request_body_on_pagination": true, - "response.pagination": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "url.value", - "value": "[[.last_response.body.nextLink]]", - "fail_on_template_error": true, - }, + case "/link1": + fmt.Fprintln(w, `{"files":[{"id":"3"},{"id":"4"}], "exportId":"2213", "createdAt":"24/04/2022"}`) + case "/2212/1": + matchBody(w, r, `{"createdAt":"22/02/2022","exportId":"2212"}`, `{"hello":{"world":"moon"}}`) + case "/2212/2": + matchBody(w, r, `{"createdAt":"22/02/2022","exportId":"2212"}`, `{"space":{"cake":"pumpkin"}}`) + case "/2213/3": + matchBody(w, r, `{"createdAt":"24/04/2022","exportId":"2213"}`, `{"hello":{"cake":"pumpkin"}}`) + case "/2213/4": + matchBody(w, r, `{"createdAt":"24/04/2022","exportId":"2213"}`, `{"space":{"world":"moon"}}`) + } + }) + server := httptest.NewServer(r) + t.Cleanup(func() { registeredTransforms = newRegistry() }) + config["request.url"] = server.URL + serverURL = server.URL + config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodPost, + "response.request_body_on_pagination": true, + "response.pagination": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "url.value", + "value": "[[.last_response.body.nextLink]]", + "fail_on_template_error": true, }, }, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodPost, - "replace": "$.files[:].id", - "replace_with": "$.exportId,.parent_last_response.body.exportId", - "request.transforms": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "body.exportId", - "value": "[[ .parent_last_response.body.exportId ]]", - }, + }, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodPost, + "replace": "$.files[:].id", + "replace_with": "$.exportId,.parent_last_response.body.exportId", + "request.transforms": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "body.exportId", + "value": "[[ .parent_last_response.body.exportId ]]", }, - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "body.createdAt", - "value": "[[ .cursor.last_published_login ]]", - }, + }, + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "body.createdAt", + "value": "[[ .cursor.last_published_login ]]", }, }, }, }, }, - "cursor": map[string]interface{}{ - "last_published_login": map[string]interface{}{ - "value": "[[ .last_event.createdAt ]]", - }, - }, }, - expected: []string{ - `{"hello":{"world":"moon"}}`, - `{"space":{"cake":"pumpkin"}}`, - `{"hello":{"cake":"pumpkin"}}`, - `{"space":{"world":"moon"}}`, + "cursor": map[string]interface{}{ + "last_published_login": map[string]interface{}{ + "value": "[[ .last_event.createdAt ]]", + }, }, }, - { - name: "Test if cursor value is updated for root response with chaining & pagination along with split operator", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - var serverURL string - registerPaginationTransforms() - registerRequestTransforms() - r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - switch r.URL.Path { - case "/": - fmt.Fprintf(w, `{"files":[{"id":"1"},{"id":"2"}],"exportId":"2212","time":[{"timeStamp":"22/02/2022"}], + expected: []string{ + `{"hello":{"world":"moon"}}`, + `{"space":{"cake":"pumpkin"}}`, + `{"hello":{"cake":"pumpkin"}}`, + `{"space":{"world":"moon"}}`, + }, + }, + { + name: "cursor_value_is_updated_for_root_response_with_chaining_&_pagination_along_with_split_operator", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + var serverURL string + registerPaginationTransforms() + registerRequestTransforms() + r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/": + fmt.Fprintf(w, `{"files":[{"id":"1"},{"id":"2"}],"exportId":"2212","time":[{"timeStamp":"22/02/2022"}], "nextLink":"%s/link1"}`, serverURL) - case "/link1": - fmt.Fprintln(w, `{"files":[{"id":"3"},{"id":"4"}], "exportId":"2213","time":[{"timeStamp":"24/04/2022"}]}`) - case "/2212/1": - matchBody(w, r, `{"createdAt":"22/02/2022","exportId":"2212"}`, `{"hello":{"world":"moon"}}`) - case "/2212/2": - matchBody(w, r, `{"createdAt":"22/02/2022","exportId":"2212"}`, `{"space":{"cake":"pumpkin"}}`) - case "/2213/3": - matchBody(w, r, `{"createdAt":"24/04/2022","exportId":"2213"}`, `{"hello":{"cake":"pumpkin"}}`) - case "/2213/4": - matchBody(w, r, `{"createdAt":"24/04/2022","exportId":"2213"}`, `{"space":{"world":"moon"}}`) - } - }) - server := httptest.NewServer(r) - t.Cleanup(func() { registeredTransforms = newRegistry() }) - config["request.url"] = server.URL - serverURL = server.URL - config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodPost, - "response.request_body_on_pagination": true, - "response.pagination": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "url.value", - "value": "[[.last_response.body.nextLink]]", - "fail_on_template_error": true, - }, + case "/link1": + fmt.Fprintln(w, `{"files":[{"id":"3"},{"id":"4"}], "exportId":"2213","time":[{"timeStamp":"24/04/2022"}]}`) + case "/2212/1": + matchBody(w, r, `{"createdAt":"22/02/2022","exportId":"2212"}`, `{"hello":{"world":"moon"}}`) + case "/2212/2": + matchBody(w, r, `{"createdAt":"22/02/2022","exportId":"2212"}`, `{"space":{"cake":"pumpkin"}}`) + case "/2213/3": + matchBody(w, r, `{"createdAt":"24/04/2022","exportId":"2213"}`, `{"hello":{"cake":"pumpkin"}}`) + case "/2213/4": + matchBody(w, r, `{"createdAt":"24/04/2022","exportId":"2213"}`, `{"space":{"world":"moon"}}`) + } + }) + server := httptest.NewServer(r) + t.Cleanup(func() { registeredTransforms = newRegistry() }) + config["request.url"] = server.URL + serverURL = server.URL + config["chain.0.step.request.url"] = server.URL + "/$.exportId/$.files[:].id" + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodPost, + "response.request_body_on_pagination": true, + "response.pagination": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "url.value", + "value": "[[.last_response.body.nextLink]]", + "fail_on_template_error": true, }, }, - "response.split": map[string]interface{}{ - "target": "body.time", - "type": "array", - "keep_parent": true, - }, - "chain": []interface{}{ - map[string]interface{}{ - "step": map[string]interface{}{ - "request.method": http.MethodPost, - "replace": "$.files[:].id", - "replace_with": "$.exportId,.parent_last_response.body.exportId", - "request.transforms": []interface{}{ - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "body.exportId", - "value": "[[ .parent_last_response.body.exportId ]]", - }, + }, + "response.split": map[string]interface{}{ + "target": "body.time", + "type": "array", + "keep_parent": true, + }, + "chain": []interface{}{ + map[string]interface{}{ + "step": map[string]interface{}{ + "request.method": http.MethodPost, + "replace": "$.files[:].id", + "replace_with": "$.exportId,.parent_last_response.body.exportId", + "request.transforms": []interface{}{ + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "body.exportId", + "value": "[[ .parent_last_response.body.exportId ]]", }, - map[string]interface{}{ - "set": map[string]interface{}{ - "target": "body.createdAt", - "value": "[[ .cursor.last_published_login ]]", - }, + }, + map[string]interface{}{ + "set": map[string]interface{}{ + "target": "body.createdAt", + "value": "[[ .cursor.last_published_login ]]", }, }, }, }, }, - "cursor": map[string]interface{}{ - "last_published_login": map[string]interface{}{ - "value": "[[ .last_event.time.timeStamp ]]", - }, - }, }, - expected: []string{ - `{"hello":{"world":"moon"}}`, - `{"space":{"cake":"pumpkin"}}`, - `{"hello":{"cake":"pumpkin"}}`, - `{"space":{"world":"moon"}}`, + "cursor": map[string]interface{}{ + "last_published_login": map[string]interface{}{ + "value": "[[ .last_event.time.timeStamp ]]", + }, }, }, - { - name: "Test simple XML decode", - setupServer: func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { - registerDecoders() - registerRequestTransforms() - r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - const text = ` + expected: []string{ + `{"hello":{"world":"moon"}}`, + `{"space":{"cake":"pumpkin"}}`, + `{"hello":{"cake":"pumpkin"}}`, + `{"space":{"world":"moon"}}`, + }, + }, + { + name: "Test simple XML decode", + setupServer: func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { + registerDecoders() + registerRequestTransforms() + r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + const text = ` Ástríðr Ragnar
@@ -1202,19 +1205,19 @@ func TestInput(t *testing.T) { ` - io.ReadAll(r.Body) - r.Body.Close() - w.Write([]byte(text)) - }) - server := httptest.NewServer(r) - t.Cleanup(func() { registeredTransforms = newRegistry() }) - config["request.url"] = server.URL - t.Cleanup(server.Close) - }, - baseConfig: map[string]interface{}{ - "interval": 1, - "request.method": http.MethodGet, - "response.xsd": ` + io.ReadAll(r.Body) + r.Body.Close() + w.Write([]byte(text)) + }) + server := httptest.NewServer(r) + t.Cleanup(func() { registeredTransforms = newRegistry() }) + config["request.url"] = server.URL + t.Cleanup(server.Close) + }, + baseConfig: map[string]interface{}{ + "interval": 1, + "request.method": http.MethodGet, + "response.xsd": ` @@ -1248,41 +1251,45 @@ func TestInput(t *testing.T) { `, - }, - handler: defaultHandler(http.MethodGet, "", ""), - expected: []string{mapstr.M{ - "order": map[string]interface{}{ - "address": map[string]interface{}{ - "address": "Beekplantsoen 594, 2 hoog, 6849 IG", - "city": "Boekend", - "company": "Sydøstlige Gruppe", - "country": "Netherlands", - "name": "Joord Lennart", - }, - "item": []interface{}{ - map[string]interface{}{ - "cost": 99.95, - "name": "Egil's Saga", - "note": "Free Sample", - "number": 1, - "sent": false, - }, + }, + handler: defaultHandler(http.MethodGet, "", ""), + expected: []string{mapstr.M{ + "order": map[string]interface{}{ + "address": map[string]interface{}{ + "address": "Beekplantsoen 594, 2 hoog, 6849 IG", + "city": "Boekend", + "company": "Sydøstlige Gruppe", + "country": "Netherlands", + "name": "Joord Lennart", + }, + "item": []interface{}{ + map[string]interface{}{ + "cost": 99.95, + "name": "Egil's Saga", + "note": "Free Sample", + "number": 1, + "sent": false, }, - "noNamespaceSchemaLocation": "sales.xsd", - "orderid": "56733", - "sender": "Ástríðr Ragnar", - "xsi": "http://www.w3.org/2001/XMLSchema-instance", }, - }.String()}, - }, - } + "noNamespaceSchemaLocation": "sales.xsd", + "orderid": "56733", + "sender": "Ástríðr Ragnar", + "xsi": "http://www.w3.org/2001/XMLSchema-instance", + }, + }.String()}, + }, +} - for _, testCase := range testCases { - tc := testCase - t.Run(tc.name, func(t *testing.T) { - tc.setupServer(t, tc.handler, tc.baseConfig) +func TestInput(t *testing.T) { + for _, test := range testCases { + t.Run(test.name, func(t *testing.T) { + if test.skipReason != "" { + t.Skipf("skip: %s", test.skipReason) + } - cfg := conf.MustNewConfigFrom(tc.baseConfig) + test.setupServer(t, test.handler, test.baseConfig) + + cfg := conf.MustNewConfigFrom(test.baseConfig) conf := defaultConfig() assert.NoError(t, cfg.Unpack(&conf)) @@ -1298,10 +1305,10 @@ func TestInput(t *testing.T) { assert.Equal(t, "httpjson-stateless", input.Name()) assert.NoError(t, input.Test(v2.TestContext{})) - chanClient := beattest.NewChanClient(len(tc.expected)) + chanClient := beattest.NewChanClient(len(test.expected)) t.Cleanup(func() { _ = chanClient.Close() }) - ctx, cancel := newV2Context() + ctx, cancel := newV2Context("httpjson-foo-eb837d4c-5ced-45ed-b05c-de658135e248::https://somesource/someapi") t.Cleanup(cancel) var g errgroup.Group @@ -1312,7 +1319,7 @@ func TestInput(t *testing.T) { timeout := time.NewTimer(5 * time.Second) t.Cleanup(func() { _ = timeout.Stop() }) - if len(tc.expected) == 0 { + if len(test.expected) == 0 { select { case <-timeout.C: case got := <-chanClient.Channel: @@ -1328,22 +1335,22 @@ func TestInput(t *testing.T) { for { select { case <-timeout.C: - t.Errorf("timed out waiting for %d events", len(tc.expected)) + t.Errorf("timed out waiting for %d events", len(test.expected)) cancel() return case got := <-chanClient.Channel: val, err := got.Fields.GetValue("message") assert.NoError(t, err) - assert.JSONEq(t, tc.expected[receivedCount], val.(string)) + assert.JSONEq(t, test.expected[receivedCount], val.(string)) receivedCount += 1 - if receivedCount == len(tc.expected) { + if receivedCount == len(test.expected) { cancel() break wait } } } - if tc.expectedFile != "" { - if _, err := os.Stat(filepath.Join(tempDir, tc.expectedFile)); err == nil { + if test.expectedFile != "" { + if _, err := os.Stat(filepath.Join(tempDir, test.expectedFile)); err == nil { assert.NoError(t, g.Wait()) } else { t.Errorf("Expected log filename not found") @@ -1354,10 +1361,70 @@ func TestInput(t *testing.T) { } } +func BenchmarkInput(b *testing.B) { + for _, test := range testCases { + b.Run(test.name, func(b *testing.B) { + test.setupServer(b, test.handler, test.baseConfig) + + cfg := conf.MustNewConfigFrom(test.baseConfig) + + conf := defaultConfig() + assert.NoError(b, cfg.Unpack(&conf)) + + b.ResetTimer() + for i := 0; i < b.N; i++ { + input := newStatelessInput(conf) + + chanClient := beattest.NewChanClient(len(test.expected)) + b.Cleanup(func() { _ = chanClient.Close() }) + + ctx, cancel := newV2Context(fmt.Sprintf("%s-%d", test.name, i)) + b.Cleanup(cancel) + + var g errgroup.Group + g.Go(func() error { + return input.Run(ctx, chanClient) + }) + + timeout := time.NewTimer(5 * time.Second) + b.Cleanup(func() { _ = timeout.Stop() }) + + if len(test.expected) == 0 { + select { + case <-timeout.C: + case got := <-chanClient.Channel: + b.Errorf("unexpected event: %v", got) + } + cancel() + assert.NoError(b, g.Wait()) + return + } + + var receivedCount int + wait: + for { + select { + case <-timeout.C: + b.Errorf("timed out waiting for %d events", len(test.expected)) + cancel() + return + case <-chanClient.Channel: + receivedCount += 1 + if receivedCount == len(test.expected) { + cancel() + break wait + } + } + } + } + }) + } +} + func newTestServer( newServer func(http.Handler) *httptest.Server, -) func(*testing.T, http.HandlerFunc, map[string]interface{}) { - return func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { +) func(testing.TB, http.HandlerFunc, map[string]interface{}) { + return func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { server := newServer(h) config["request.url"] = server.URL t.Cleanup(server.Close) @@ -1366,8 +1433,8 @@ func newTestServer( func newChainTestServer( newServer func(http.Handler) *httptest.Server, -) func(*testing.T, http.HandlerFunc, map[string]interface{}) { - return func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { +) func(testing.TB, http.HandlerFunc, map[string]interface{}) { + return func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { switch r.URL.Path { case "/": @@ -1385,8 +1452,8 @@ func newChainTestServer( func newChainPaginationTestServer( newServer func(http.Handler) *httptest.Server, -) func(*testing.T, http.HandlerFunc, map[string]interface{}) { - return func(t *testing.T, h http.HandlerFunc, config map[string]interface{}) { +) func(testing.TB, http.HandlerFunc, map[string]interface{}) { + return func(t testing.TB, h http.HandlerFunc, config map[string]interface{}) { registerPaginationTransforms() var serverURL string r := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -1411,11 +1478,11 @@ func newChainPaginationTestServer( } } -func newV2Context() (v2.Context, func()) { +func newV2Context(id string) (v2.Context, func()) { ctx, cancel := context.WithCancel(context.Background()) return v2.Context{ Logger: logp.NewLogger("httpjson_test"), - ID: "httpjson-foo-eb837d4c-5ced-45ed-b05c-de658135e248::https://somesource/someapi", + ID: id, Cancelation: ctx, }, cancel } diff --git a/x-pack/filebeat/input/httpjson/metrics_test.go b/x-pack/filebeat/input/httpjson/metrics_test.go index d72243ad1f09..59043a8fcf8c 100644 --- a/x-pack/filebeat/input/httpjson/metrics_test.go +++ b/x-pack/filebeat/input/httpjson/metrics_test.go @@ -113,7 +113,7 @@ func TestMetrics(t *testing.T) { chanClient := beattest.NewChanClient(len(tc.expectedEvents)) t.Cleanup(func() { _ = chanClient.Close() }) - ctx, cancel := newV2Context() + ctx, cancel := newV2Context("httpjson-foo-eb837d4c-5ced-45ed-b05c-de658135e248::https://somesource/someapi") t.Cleanup(cancel) reg, unreg := inputmon.NewInputRegistry("httpjson-test", ctx.ID, nil) diff --git a/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml b/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml index b53c97f8ce8e..92037a746b16 100644 --- a/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml +++ b/x-pack/filebeat/module/fortinet/firewall/ingest/pipeline.yml @@ -7,18 +7,51 @@ processors: field: message patterns: - '%{SYSLOG5424PRI}%{GREEDYDATA:syslog5424_sd}$' -- kv: - field: syslog5424_sd - field_split: " (?=[a-z\\_\\-]+=)" - value_split: "=" - prefix: "fortinet.tmp." - ignore_missing: true - ignore_failure: false - trim_value: "\"" -- rename: - field: fortinet.tmp - target_field: fortinet.firewall - ignore_missing: true +- script: + lang: painless + if: ctx.syslog5424_sd != null + description: | + Splits syslog5424_sd KV list by space and then each by "=" taking into account quoted values. + source: + def splitUnquoted(String input, String sep) { + def tokens = []; + def startPosition = 0; + def isInQuotes = false; + char quote = (char)"\""; + for (def currentPosition = 0; currentPosition < input.length(); currentPosition++) { + if (input.charAt(currentPosition) == quote) { + isInQuotes = !isInQuotes; + } + else if (input.charAt(currentPosition) == (char)sep && !isInQuotes) { + def token = input.substring(startPosition, currentPosition).trim(); + if (!token.equals("")) { + tokens.add(token); + } + startPosition = currentPosition + 1; + } + } + + def lastToken = input.substring(startPosition); + if (!lastToken.equals(sep) && !lastToken.equals("")) { + tokens.add(lastToken.trim()); + } + return tokens; + } + + def arr = splitUnquoted(ctx.syslog5424_sd, " "); + + Map map = new HashMap(); + Pattern pattern = /^\"|\"$/; + for (def i = 0; i < arr?.length; i++) { + def kv = splitUnquoted(arr[i], "="); + if (kv.length == 2) { + map[kv[0]] = pattern.matcher(kv[1]).replaceAll(""); + } + } + if (ctx.fortinet == null) { + ctx.fortinet = new HashMap(); + } + ctx.fortinet.firewall = map; - script: lang: painless source: | @@ -42,11 +75,11 @@ processors: - set: field: _temp.time value: "{{fortinet.firewall.date}} {{fortinet.firewall.time}} {{event.timezone}}" - if: "ctx.event?.timezone != null" + if: "ctx.fortinet?.firewall?.date != null && ctx.fortinet?.firewall?.time != null && ctx.event?.timezone != null" - set: field: _temp.time value: "{{fortinet.firewall.date}} {{fortinet.firewall.time}}" - if: "ctx.event?.timezone == null" + if: "ctx.fortinet?.firewall?.date != null && ctx.fortinet?.firewall?.time != null && ctx.event?.timezone == null" - date: field: _temp.time target_field: "@timestamp" @@ -56,7 +89,7 @@ processors: - yyyy-MM-dd HH:mm:ss z - ISO8601 timezone: "{{event.timezone}}" - if: "ctx.event?.timezone != null" + if: "ctx._temp?.time != null && ctx.event?.timezone != null" - date: field: _temp.time target_field: "@timestamp" @@ -65,7 +98,7 @@ processors: - yyyy-MM-dd HH:mm:ss Z - yyyy-MM-dd HH:mm:ss z - ISO8601 - if: "ctx.event?.timezone == null" + if: "ctx._temp?.time != null && ctx.event?.timezone == null" - gsub: field: fortinet.firewall.eventtime pattern: "\\d{6}$" diff --git a/x-pack/filebeat/module/fortinet/firewall/test/event.log b/x-pack/filebeat/module/fortinet/firewall/test/event.log index f3baa713171a..923874bef3fe 100644 --- a/x-pack/filebeat/module/fortinet/firewall/test/event.log +++ b/x-pack/filebeat/module/fortinet/firewall/test/event.log @@ -25,3 +25,4 @@ <190>devname="firewall" devid="FG201EAB12CD34EF" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674900167367 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="(null)" addr="MAC_FCTEMS0000011111_AV-Running" msg="Updated tag MAC_FCTEMS0000011111_AV-Running." <190>devname="firewall" devid="FG201EAB12CD34EF" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674900749585 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="(null)" addr="FCTEMS0000011111_Connected-to-EMS" msg="Updated tag FCTEMS0000011111_Connected-to-EMS." <190>devname="firewall" devid="FG201EAB12CD34EF" vd="root" date=2021-05-07 time=08:31:14 eventtime=1620372674900961834 tz="+0100" logid="0112053203" type="event" subtype="connector" level="information" logdesc="Dynamic address updated" fctemssn="(null)" addr="MAC_FCTEMS0000011111_Connected-to-EMS" msg="Updated tag MAC_FCTEMS0000011111_Connected-to-EMS." +<190>date=2023-05-22 time=08:19:38 desc="Object update request from device of FortiClient received" msg="Send new version object to device (sn:FSAxxxxxxxxx, ip=127.0.0.1): objid=0000000000, curr_ver=00091.03310" diff --git a/x-pack/filebeat/module/fortinet/firewall/test/event.log-expected.json b/x-pack/filebeat/module/fortinet/firewall/test/event.log-expected.json index 784d0b289c4b..debdaf06adb5 100644 --- a/x-pack/filebeat/module/fortinet/firewall/test/event.log-expected.json +++ b/x-pack/filebeat/module/fortinet/firewall/test/event.log-expected.json @@ -1138,5 +1138,24 @@ "fortinet-firewall", "forwarded" ] + }, + { + "@timestamp": "2023-05-22T08:19:38.000-02:00", + "event.dataset": "fortinet.firewall", + "event.module": "fortinet", + "event.timezone": "-02:00", + "fileset.name": "firewall", + "fortinet.firewall.desc": "Object update request from device of FortiClient received", + "input.type": "log", + "log.offset": 11198, + "message": "Send new version object to device (sn:FSAxxxxxxxxx, ip=127.0.0.1): objid=0000000000, curr_ver=00091.03310", + "observer.product": "Fortigate", + "observer.type": "firewall", + "observer.vendor": "Fortinet", + "service.type": "fortinet", + "tags": [ + "fortinet-firewall", + "forwarded" + ] } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index 5d5941561ff1..7e34e24fdc2f 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -437,7 +437,7 @@ processors: - grok: field: url.original patterns: - - '(%{ANY:url.scheme}\:\/\/)?(%{USERNAME:url.username}(\:%{PASSWORD:url.password})?\@)?%{DOMAIN:url.domain}(\:%{POSINT:url.port})?(%{PATH:url.path})?(\?%{QUERY:url.query})?(\#%{ANY:url.fragment})?' + - '(%{URIPROTO:url.scheme}\:\/\/)?(%{USERNAME:url.username}(\:%{PASSWORD:url.password})?\@)?%{DOMAIN:url.domain}(\:%{POSINT:url.port})?(%{PATH:url.path})?(\?%{QUERY:url.query})?(\#%{ANY:url.fragment})?' ignore_missing: true pattern_definitions: USERNAME: '[^\:]*' diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log index fff6477c1e40..989fc3e8bd43 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log @@ -62,7 +62,7 @@ Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42: Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42:42,192.168.0.2,213.180.199.61,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:42,28932,1,59721,80,0,0,0x200000,tcp,block-url,"edw-melon.narod.ru/config.txt",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0, Mar 25 23:59:12 1,2013/03/25 23:59:12,01606001116,THREAT,url,1,2012/04/10 04:42:51,192.168.0.2,213.180.199.61,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:42:51,28953,1,59752,80,0,0,0x200000,tcp,block-url,"maximtushin.narod.ru/config.txt",(9999),malware-sites,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,Russian Federation,0, Mar 25 23:59:17 1,2013/03/25 23:59:17,01606001116,THREAT,file,1,2012/04/10 04:19:59,89.160.20.112,192.168.0.2,0.0.0.0,0.0.0.0,rule1,,crusher,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:20:05,64856,1,80,54431,0,0,0x200000,tcp,deny,"uLLGRaXP.exe",Windows Executable (EXE)(52020),any,low,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, -Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,THREAT,url,1,2012/04/10 04:09:01,192.168.0.2,67.43.156.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:09:01,55402,1,63183,80,0,0,0x200000,tcp,block-url,"marketingsoluchion.biz/fkn/config.bin",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, +Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,THREAT,url,1,2012/04/10 04:09:01,192.168.0.2,67.43.156.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:09:01,55402,1,63183,80,0,0,0x200000,tcp,block-url,"www.sportspar.de/widgets/index/refreshStatistic?requestPage=/&requestController=index&referer=https://www.google.com/",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:27,192.168.0.6,207.46.140.46,0.0.0.0,0.0.0.0,rule1,jordy,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:32,25217,1,1047,80,0,0,0x200000,tcp,alert,"default.aspx",PII(60000),any,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0, Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:29,81.2.69.143,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:34,25653,1,80,1039,0,0,0x200000,tcp,alert,"sck.aspx",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, Mar 25 23:59:32 1,2013/03/25 23:59:32,01606001116,THREAT,data,1,2012/04/09 08:18:32,81.2.69.143,192.168.0.6,0.0.0.0,0.0.0.0,rule1,,jordy,web-browsing,vsys1,untrust,trust,ethernet1/2,ethernet1/1,forwardAll,2012/04/09 08:18:37,25717,3,80,1064,0,0,0x200000,tcp,alert,"ADSAdClient31.dll",PII(60000),any,informational,server-to-client,0,0x0,United States,192.168.0.0-192.168.255.255,0, diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index 58ba2c93b7ce..9ec6337d6d0e 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -6010,7 +6010,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,THREAT,url,1,2012/04/10 04:09:01,192.168.0.2,67.43.156.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:09:01,55402,1,63183,80,0,0,0x200000,tcp,block-url,\"marketingsoluchion.biz/fkn/config.bin\",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", + "event.original": "Mar 25 23:59:22 1,2013/03/25 23:59:22,01606001116,THREAT,url,1,2012/04/10 04:09:01,192.168.0.2,67.43.156.12,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:09:01,55402,1,63183,80,0,0,0x200000,tcp,block-url,\"www.sportspar.de/widgets/index/refreshStatistic?requestPage=/&requestController=index&referer=https://www.google.com/\",(9999),unknown,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,", "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", @@ -6048,12 +6048,12 @@ "panw.panos.sub_type": "url", "panw.panos.threat.id": "9999", "panw.panos.threat.name": "URL-filtering", - "panw.panos.threat.resource": "marketingsoluchion.biz/fkn/config.bin", + "panw.panos.threat.resource": "www.sportspar.de/widgets/index/refreshStatistic?requestPage=/&requestController=index&referer=https://www.google.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "unknown", "panw.panos.virtual_sys": "vsys1", "related.hosts": [ - "marketingsoluchion.biz" + "www.sportspar.de" ], "related.ip": [ "0.0.0.0", @@ -6076,10 +6076,10 @@ "forwarded", "pan-os" ], - "url.domain": "marketingsoluchion.biz", - "url.extension": "bin", - "url.original": "marketingsoluchion.biz/fkn/config.bin", - "url.path": "/fkn/config.bin", + "url.domain": "www.sportspar.de", + "url.original": "www.sportspar.de/widgets/index/refreshStatistic?requestPage=/&requestController=index&referer=https://www.google.com/", + "url.path": "/widgets/index/refreshStatistic", + "url.query": "requestPage=/&requestController=index&referer=https://www.google.com/", "user.name": "crusher" }, { @@ -6113,7 +6113,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 26586, + "log.offset": 26666, "network.application": "web-browsing", "network.community_id": "1:KC3xpBK9CdouZqamG9S6Mjl6LIo=", "network.direction": "inbound", @@ -6198,7 +6198,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 26964, + "log.offset": 27044, "network.application": "web-browsing", "network.community_id": "1:oZUSrEMVr54enE9TsNjtdpJu0L8=", "network.direction": "outbound", @@ -6290,7 +6290,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 27336, + "log.offset": 27416, "network.application": "web-browsing", "network.community_id": "1:vpvx2rrEII2Wtti+NqSoe98K6s4=", "network.direction": "outbound", @@ -6382,7 +6382,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 27717, + "log.offset": 27797, "network.application": "web-browsing", "network.community_id": "1:MeB0cefg5kMN7f+LW+cirwH2nA8=", "network.direction": "inbound", @@ -6466,7 +6466,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 28086, + "log.offset": 28166, "network.application": "web-browsing", "network.community_id": "1:lI0hgoESF7/v82QAbsIMoPxInGQ=", "network.direction": "outbound", @@ -6560,7 +6560,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 28455, + "log.offset": 28535, "network.application": "pandora", "network.community_id": "1:c67I85z1uJV7VW6M9MR5Q8fjHQM=", "network.direction": "inbound", @@ -6644,7 +6644,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 28843, + "log.offset": 28923, "network.application": "google-maps", "network.community_id": "1:tsjbpnOPfE5+wHs/9MImDTjVjp8=", "network.direction": "outbound", @@ -6736,7 +6736,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "low", - "log.offset": 29215, + "log.offset": 29295, "network.application": "web-browsing", "network.community_id": "1:a/X3iTqQa+TxkHJgrAy4Npfe+ZM=", "network.direction": "outbound", @@ -6821,7 +6821,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 29590, + "log.offset": 29670, "network.application": "google-maps", "network.community_id": "1:Tc4KEUPBViPeku88f+PNN9tpeuc=", "network.direction": "outbound", @@ -6912,7 +6912,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 29962, + "log.offset": 30042, "network.application": "google-maps", "network.community_id": "1:OjvHxM13sIYbWzkV4RtvyxXDyVM=", "network.direction": "outbound", @@ -7004,7 +7004,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 30336, + "log.offset": 30416, "network.application": "google-maps", "network.community_id": "1:kYzGF0Llye+Lln7ejrGG5SI6mW8=", "network.direction": "outbound", @@ -7096,7 +7096,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 30710, + "log.offset": 30790, "network.application": "google-maps", "network.community_id": "1:AwfQlEV4j9qZjH7WG4q1qExon/o=", "network.direction": "outbound", @@ -7188,7 +7188,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 31082, + "log.offset": 31162, "network.application": "google-analytics", "network.community_id": "1:pRuFj5DzdmtFceU+OTawbYPhbJg=", "network.direction": "inbound", @@ -7272,7 +7272,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 31462, + "log.offset": 31542, "network.application": "google-maps", "network.community_id": "1:PFB0Gj5/utCZj8v3vJPCiBrGY3Y=", "network.direction": "outbound", @@ -7365,7 +7365,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 31836, + "log.offset": 31916, "network.application": "web-browsing", "network.community_id": "1:N/Bc1RgG30q1Owz0DWHR2yEwN44=", "network.direction": "outbound", @@ -7450,7 +7450,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 32215, + "log.offset": 32295, "network.application": "web-browsing", "network.community_id": "1:mSmmKo9krpIsh+2qFAZoA8nMDhg=", "network.direction": "outbound", @@ -7540,7 +7540,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 32600, + "log.offset": 32680, "network.application": "web-browsing", "network.community_id": "1:03rrdI/L+dbrLea/vrQULMTFqvU=", "network.direction": "outbound", @@ -7632,7 +7632,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 32974, + "log.offset": 33054, "network.application": "web-browsing", "network.community_id": "1:bJxw0tI76mNYOiv1ZJjBXdDpnTU=", "network.direction": "outbound", @@ -7721,7 +7721,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 33378, + "log.offset": 33458, "network.application": "google-maps", "network.community_id": "1:h4FhwHd9ztu4jpl3xgOaiB011a4=", "network.direction": "outbound", @@ -7812,7 +7812,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 33749, + "log.offset": 33829, "network.application": "google-maps", "network.community_id": "1:dULQBKOE61wtZ1QM6GKohdrM1GE=", "network.direction": "outbound", @@ -7904,7 +7904,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 34119, + "log.offset": 34199, "network.application": "rss", "network.community_id": "1:DLYH0WNYoXQ93i3rnp9QFsh63iM=", "network.direction": "outbound", @@ -7993,7 +7993,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 34486, + "log.offset": 34566, "network.application": "google-maps", "network.community_id": "1:jorKmgA/OY669gtX62Fasc1iKGc=", "network.direction": "outbound", @@ -8084,7 +8084,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 34858, + "log.offset": 34938, "network.application": "web-browsing", "network.community_id": "1:v/xhtv/qhJVgrOjMPvPqMWlrHXA=", "network.direction": "outbound", @@ -8170,7 +8170,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 35225, + "log.offset": 35305, "network.application": "web-browsing", "network.community_id": "1:lM6ErOc/Uj5ui7hk5LvnxpCB/K0=", "network.direction": "outbound", @@ -8261,7 +8261,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 35600, + "log.offset": 35680, "network.application": "google-maps", "network.community_id": "1:AFqpyz1JYwEsC+Bm2Q7fspI+r8Y=", "network.direction": "outbound", @@ -8363,7 +8363,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 35972, + "log.offset": 36052, "network.application": "google-analytics", "network.community_id": "1:8xEo6/LvOntD+xMHdXzKIXv9JxE=", "network.direction": "inbound", @@ -8447,7 +8447,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 36353, + "log.offset": 36433, "network.application": "google-maps", "network.community_id": "1:diAtdns9tWiH2bS++Pup9kMV+AI=", "network.direction": "outbound", @@ -8538,7 +8538,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 36725, + "log.offset": 36805, "network.application": "google-maps", "network.community_id": "1:cs7mutkQqIorGFAbWD2/09AnYXk=", "network.direction": "outbound", @@ -8630,7 +8630,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 37097, + "log.offset": 37177, "network.application": "pandora", "network.community_id": "1:PzMJQoALQDxnDaqwOEEz4zxyhHU=", "network.direction": "inbound", @@ -8714,7 +8714,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 37484, + "log.offset": 37564, "network.application": "google-maps", "network.community_id": "1:8xnlPG6iTh0CwnSMVwmWkniCAeM=", "network.direction": "outbound", @@ -8807,7 +8807,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 37857, + "log.offset": 37937, "network.application": "google-maps", "network.community_id": "1:SQGgi8ETBszNJv+EzlSRiGB/m5A=", "network.direction": "outbound", @@ -8900,7 +8900,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 38228, + "log.offset": 38308, "network.application": "google-maps", "network.community_id": "1:21uyYLV+/XbEeb+gCdBr5K1MWLU=", "network.direction": "outbound", @@ -8991,7 +8991,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 38597, + "log.offset": 38677, "network.application": "google-maps", "network.community_id": "1:QEEd+0of3hSmO6x9aRpIaHXdaUI=", "network.direction": "outbound", @@ -9083,7 +9083,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 38967, + "log.offset": 39047, "network.application": "google-analytics", "network.community_id": "1:BnyjuRL2HOxT/uRoNE3ra3neRSY=", "network.direction": "outbound", @@ -9174,7 +9174,7 @@ "input.type": "log", "labels.captive_portal": true, "log.level": "informational", - "log.offset": 39339, + "log.offset": 39419, "network.application": "google-maps", "network.community_id": "1:eGnclJrBulAHa+EiT+kLvValbJE=", "network.direction": "outbound", diff --git a/x-pack/filebeat/module/zoom/_meta/config.yml b/x-pack/filebeat/module/zoom/_meta/config.yml index a010f43f3a99..f996405689a1 100644 --- a/x-pack/filebeat/module/zoom/_meta/config.yml +++ b/x-pack/filebeat/module/zoom/_meta/config.yml @@ -15,5 +15,11 @@ # The header Zoom uses to send its secret token, defaults to "Authorization" #secret.header: Authorization - # The secret token value created by Zoom - #secret.value: ZOOMTOKEN + # The custom secret token value created when configuring the Zoom webhook + #secret.value: my-custom-value + + # Enable the CRC webhook validation + #crc.enabled: false + + # The secret token value provided by Zoom for CRC validation + #crc.secret: ZOOMSECRETTOKEN diff --git a/x-pack/filebeat/module/zoom/_meta/docs.asciidoc b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc index 4b3b0da5134d..28236e17140c 100644 --- a/x-pack/filebeat/module/zoom/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/zoom/_meta/docs.asciidoc @@ -22,9 +22,11 @@ include::../include/config-option-intro.asciidoc[] [float] ==== `webhook` fileset settings -When a webhook integration is created on Zoom, it will show a special token used to ensure that filebeat only handles HTTP requests from the correct source. +When a webhook integration is created on Zoom, you can create a custom header to verify webhook events. See https://developers.zoom.us/docs/api/rest/webhook-reference/#custom-header[Custom Header] for more information about this process. This is configured with the `secret.header` and `secret.value` settings as shown below. +On the other hand, Zoom also requires webhook validation for created or modified webhooks after October, 2022. This follows a challenge-response check (CRC) algorithm which is configured with the `crc.enabled` and `crc.secret` settings. Learn more about it at https://developers.zoom.us/docs/api/rest/webhook-reference/#validate-your-webhook-endpoint[Validate your webhook endpoint]. + Example config: [source,yaml] @@ -35,8 +37,10 @@ Example config: var.input: http_endpoint var.listen_address: 0.0.0.0 var.listen_port: 8080 - var.secret.header: Authorization - var.secret.value: ZOOMTOKEN + var.secret.header: x-my-custom-key + var.secret.value: my-custom-value + var.crc.enabled: true + var.crc.secret: ZOOMSECRETTOKEN ---- include::../include/var-paths.asciidoc[] diff --git a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml index 312ba2c208a6..d56dd9670d84 100644 --- a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml +++ b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml @@ -12,6 +12,11 @@ content_type: "{{ .content_type }}" secret: {{ .secret | tojson }} ssl: {{ .ssl | tojson }} +{{ if .crc.enabled }} +crc.provider: zoom +crc.secret: {{ .crc.secret }} +{{ end }} + {{ else if eq .input "file" }} type: log diff --git a/x-pack/filebeat/module/zoom/webhook/manifest.yml b/x-pack/filebeat/module/zoom/webhook/manifest.yml index 31f78e24e251..05a85691cfde 100644 --- a/x-pack/filebeat/module/zoom/webhook/manifest.yml +++ b/x-pack/filebeat/module/zoom/webhook/manifest.yml @@ -24,6 +24,10 @@ var: default: header: Authorization value: "" + - name: crc + default: + enabled: false + secret: "" - name: tags default: [zoom-webhook, forwarded] diff --git a/x-pack/filebeat/modules.d/activemq.yml.disabled b/x-pack/filebeat/modules.d/activemq.yml.disabled index e19824686aef..82c70b169479 100644 --- a/x-pack/filebeat/modules.d/activemq.yml.disabled +++ b/x-pack/filebeat/modules.d/activemq.yml.disabled @@ -1,5 +1,5 @@ # Module: activemq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-activemq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-activemq.html - module: activemq # Audit logs diff --git a/x-pack/filebeat/modules.d/aws.yml.disabled b/x-pack/filebeat/modules.d/aws.yml.disabled index c730b8aea074..6a49839c1160 100644 --- a/x-pack/filebeat/modules.d/aws.yml.disabled +++ b/x-pack/filebeat/modules.d/aws.yml.disabled @@ -1,5 +1,5 @@ # Module: aws -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-aws.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-aws.html - module: aws cloudtrail: diff --git a/x-pack/filebeat/modules.d/awsfargate.yml.disabled b/x-pack/filebeat/modules.d/awsfargate.yml.disabled index c2e96fd2f933..57a5e4191354 100644 --- a/x-pack/filebeat/modules.d/awsfargate.yml.disabled +++ b/x-pack/filebeat/modules.d/awsfargate.yml.disabled @@ -1,5 +1,5 @@ # Module: awsfargate -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-awsfargate.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-awsfargate.html - module: awsfargate log: diff --git a/x-pack/filebeat/modules.d/azure.yml.disabled b/x-pack/filebeat/modules.d/azure.yml.disabled index 97eb4b9e4612..04fe209e3f71 100644 --- a/x-pack/filebeat/modules.d/azure.yml.disabled +++ b/x-pack/filebeat/modules.d/azure.yml.disabled @@ -1,5 +1,5 @@ # Module: azure -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-azure.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-azure.html - module: azure # All logs diff --git a/x-pack/filebeat/modules.d/barracuda.yml.disabled b/x-pack/filebeat/modules.d/barracuda.yml.disabled index 3926a2fec960..6327b8d6a755 100644 --- a/x-pack/filebeat/modules.d/barracuda.yml.disabled +++ b/x-pack/filebeat/modules.d/barracuda.yml.disabled @@ -1,5 +1,5 @@ # Module: barracuda -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-barracuda.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-barracuda.html - module: barracuda waf: diff --git a/x-pack/filebeat/modules.d/bluecoat.yml.disabled b/x-pack/filebeat/modules.d/bluecoat.yml.disabled index 28badfd0def5..98a4cef099bb 100644 --- a/x-pack/filebeat/modules.d/bluecoat.yml.disabled +++ b/x-pack/filebeat/modules.d/bluecoat.yml.disabled @@ -1,5 +1,5 @@ # Module: bluecoat -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-bluecoat.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-bluecoat.html - module: bluecoat director: diff --git a/x-pack/filebeat/modules.d/cef.yml.disabled b/x-pack/filebeat/modules.d/cef.yml.disabled index 1834c8f4dbae..cda083f4a5eb 100644 --- a/x-pack/filebeat/modules.d/cef.yml.disabled +++ b/x-pack/filebeat/modules.d/cef.yml.disabled @@ -1,5 +1,5 @@ # Module: cef -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-cef.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-cef.html - module: cef log: diff --git a/x-pack/filebeat/modules.d/checkpoint.yml.disabled b/x-pack/filebeat/modules.d/checkpoint.yml.disabled index 595beccdbffd..62d30a992b7f 100644 --- a/x-pack/filebeat/modules.d/checkpoint.yml.disabled +++ b/x-pack/filebeat/modules.d/checkpoint.yml.disabled @@ -1,5 +1,5 @@ # Module: checkpoint -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-checkpoint.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-checkpoint.html - module: checkpoint firewall: diff --git a/x-pack/filebeat/modules.d/cisco.yml.disabled b/x-pack/filebeat/modules.d/cisco.yml.disabled index b2aca39798e6..6bc846f93f6a 100644 --- a/x-pack/filebeat/modules.d/cisco.yml.disabled +++ b/x-pack/filebeat/modules.d/cisco.yml.disabled @@ -1,5 +1,5 @@ # Module: cisco -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-cisco.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-cisco.html - module: cisco asa: diff --git a/x-pack/filebeat/modules.d/coredns.yml.disabled b/x-pack/filebeat/modules.d/coredns.yml.disabled index bfcc3bba412e..fb7e99951305 100644 --- a/x-pack/filebeat/modules.d/coredns.yml.disabled +++ b/x-pack/filebeat/modules.d/coredns.yml.disabled @@ -1,5 +1,5 @@ # Module: coredns -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-coredns.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-coredns.html - module: coredns # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/crowdstrike.yml.disabled b/x-pack/filebeat/modules.d/crowdstrike.yml.disabled index 8f30c4ed8995..aea362f2e403 100644 --- a/x-pack/filebeat/modules.d/crowdstrike.yml.disabled +++ b/x-pack/filebeat/modules.d/crowdstrike.yml.disabled @@ -1,5 +1,5 @@ # Module: crowdstrike -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-crowdstrike.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-crowdstrike.html - module: crowdstrike diff --git a/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled index 8b4ddf9b814c..f2168e9d4530 100644 --- a/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled +++ b/x-pack/filebeat/modules.d/cyberarkpas.yml.disabled @@ -1,5 +1,5 @@ # Module: cyberarkpas -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-cyberarkpas.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-cyberarkpas.html - module: cyberarkpas audit: diff --git a/x-pack/filebeat/modules.d/cylance.yml.disabled b/x-pack/filebeat/modules.d/cylance.yml.disabled index 48cbb166e829..164642f07382 100644 --- a/x-pack/filebeat/modules.d/cylance.yml.disabled +++ b/x-pack/filebeat/modules.d/cylance.yml.disabled @@ -1,5 +1,5 @@ # Module: cylance -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-cylance.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-cylance.html - module: cylance protect: diff --git a/x-pack/filebeat/modules.d/envoyproxy.yml.disabled b/x-pack/filebeat/modules.d/envoyproxy.yml.disabled index b06026cc061f..d95316b3c301 100644 --- a/x-pack/filebeat/modules.d/envoyproxy.yml.disabled +++ b/x-pack/filebeat/modules.d/envoyproxy.yml.disabled @@ -1,5 +1,5 @@ # Module: envoyproxy -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-envoyproxy.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-envoyproxy.html - module: envoyproxy # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/f5.yml.disabled b/x-pack/filebeat/modules.d/f5.yml.disabled index cb9399134fe8..4db5209693d3 100644 --- a/x-pack/filebeat/modules.d/f5.yml.disabled +++ b/x-pack/filebeat/modules.d/f5.yml.disabled @@ -1,5 +1,5 @@ # Module: f5 -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-f5.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-f5.html - module: f5 bigipapm: diff --git a/x-pack/filebeat/modules.d/fortinet.yml.disabled b/x-pack/filebeat/modules.d/fortinet.yml.disabled index a07a18bca93b..e31eb967d733 100644 --- a/x-pack/filebeat/modules.d/fortinet.yml.disabled +++ b/x-pack/filebeat/modules.d/fortinet.yml.disabled @@ -1,5 +1,5 @@ # Module: fortinet -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-fortinet.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-fortinet.html - module: fortinet firewall: diff --git a/x-pack/filebeat/modules.d/gcp.yml.disabled b/x-pack/filebeat/modules.d/gcp.yml.disabled index 601be53f69b5..b0b5f636b101 100644 --- a/x-pack/filebeat/modules.d/gcp.yml.disabled +++ b/x-pack/filebeat/modules.d/gcp.yml.disabled @@ -1,5 +1,5 @@ # Module: gcp -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-gcp.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-gcp.html - module: gcp vpcflow: diff --git a/x-pack/filebeat/modules.d/google_workspace.yml.disabled b/x-pack/filebeat/modules.d/google_workspace.yml.disabled index a079e429f846..85142dfcaf02 100644 --- a/x-pack/filebeat/modules.d/google_workspace.yml.disabled +++ b/x-pack/filebeat/modules.d/google_workspace.yml.disabled @@ -1,5 +1,5 @@ # Module: google_workspace -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-google_workspace.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-google_workspace.html - module: google_workspace saml: diff --git a/x-pack/filebeat/modules.d/ibmmq.yml.disabled b/x-pack/filebeat/modules.d/ibmmq.yml.disabled index fd19cafb3c92..4ad3209a90ec 100644 --- a/x-pack/filebeat/modules.d/ibmmq.yml.disabled +++ b/x-pack/filebeat/modules.d/ibmmq.yml.disabled @@ -1,5 +1,5 @@ # Module: ibmmq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-ibmmq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-ibmmq.html - module: ibmmq # All logs diff --git a/x-pack/filebeat/modules.d/imperva.yml.disabled b/x-pack/filebeat/modules.d/imperva.yml.disabled index e66163983033..cd864075960b 100644 --- a/x-pack/filebeat/modules.d/imperva.yml.disabled +++ b/x-pack/filebeat/modules.d/imperva.yml.disabled @@ -1,5 +1,5 @@ # Module: imperva -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-imperva.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-imperva.html - module: imperva securesphere: diff --git a/x-pack/filebeat/modules.d/infoblox.yml.disabled b/x-pack/filebeat/modules.d/infoblox.yml.disabled index 910a896d12a8..24d524d259d3 100644 --- a/x-pack/filebeat/modules.d/infoblox.yml.disabled +++ b/x-pack/filebeat/modules.d/infoblox.yml.disabled @@ -1,5 +1,5 @@ # Module: infoblox -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-infoblox.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-infoblox.html - module: infoblox nios: diff --git a/x-pack/filebeat/modules.d/iptables.yml.disabled b/x-pack/filebeat/modules.d/iptables.yml.disabled index a4c73b7a04a1..2d51c67f24e5 100644 --- a/x-pack/filebeat/modules.d/iptables.yml.disabled +++ b/x-pack/filebeat/modules.d/iptables.yml.disabled @@ -1,5 +1,5 @@ # Module: iptables -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-iptables.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-iptables.html - module: iptables log: diff --git a/x-pack/filebeat/modules.d/juniper.yml.disabled b/x-pack/filebeat/modules.d/juniper.yml.disabled index 5fb85afc302c..583f47bb7f73 100644 --- a/x-pack/filebeat/modules.d/juniper.yml.disabled +++ b/x-pack/filebeat/modules.d/juniper.yml.disabled @@ -1,5 +1,5 @@ # Module: juniper -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-juniper.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-juniper.html - module: juniper junos: diff --git a/x-pack/filebeat/modules.d/microsoft.yml.disabled b/x-pack/filebeat/modules.d/microsoft.yml.disabled index 4c5528f5b760..e4af73ad6ede 100644 --- a/x-pack/filebeat/modules.d/microsoft.yml.disabled +++ b/x-pack/filebeat/modules.d/microsoft.yml.disabled @@ -1,5 +1,5 @@ # Module: microsoft -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-microsoft.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-microsoft.html - module: microsoft # ATP configuration diff --git a/x-pack/filebeat/modules.d/misp.yml.disabled b/x-pack/filebeat/modules.d/misp.yml.disabled index 28ca66083678..4e405aaac70e 100644 --- a/x-pack/filebeat/modules.d/misp.yml.disabled +++ b/x-pack/filebeat/modules.d/misp.yml.disabled @@ -1,5 +1,5 @@ # Module: misp -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-misp.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-misp.html # Deprecated in 7.14.0: Recommended to migrate to the Threat Intel module. diff --git a/x-pack/filebeat/modules.d/mssql.yml.disabled b/x-pack/filebeat/modules.d/mssql.yml.disabled index ee3f225a9415..c8473c91dd5f 100644 --- a/x-pack/filebeat/modules.d/mssql.yml.disabled +++ b/x-pack/filebeat/modules.d/mssql.yml.disabled @@ -1,5 +1,5 @@ # Module: mssql -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mssql.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-mssql.html - module: mssql # Fileset for native deployment diff --git a/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled b/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled index 50e8860671f8..33c1731cd19d 100644 --- a/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled +++ b/x-pack/filebeat/modules.d/mysqlenterprise.yml.disabled @@ -1,5 +1,5 @@ # Module: mysqlenterprise -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-mysqlenterprise.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-mysqlenterprise.html - module: mysqlenterprise audit: diff --git a/x-pack/filebeat/modules.d/netflow.yml.disabled b/x-pack/filebeat/modules.d/netflow.yml.disabled index b2584b168906..7f365e90b436 100644 --- a/x-pack/filebeat/modules.d/netflow.yml.disabled +++ b/x-pack/filebeat/modules.d/netflow.yml.disabled @@ -1,5 +1,5 @@ # Module: netflow -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-netflow.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-netflow.html - module: netflow log: diff --git a/x-pack/filebeat/modules.d/netscout.yml.disabled b/x-pack/filebeat/modules.d/netscout.yml.disabled index 6a0e4c0dce6d..c6d5520629b8 100644 --- a/x-pack/filebeat/modules.d/netscout.yml.disabled +++ b/x-pack/filebeat/modules.d/netscout.yml.disabled @@ -1,5 +1,5 @@ # Module: netscout -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-netscout.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-netscout.html - module: netscout sightline: diff --git a/x-pack/filebeat/modules.d/o365.yml.disabled b/x-pack/filebeat/modules.d/o365.yml.disabled index 99724949b39b..ab61528d6f9d 100644 --- a/x-pack/filebeat/modules.d/o365.yml.disabled +++ b/x-pack/filebeat/modules.d/o365.yml.disabled @@ -1,5 +1,5 @@ # Module: o365 -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-o365.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-o365.html - module: o365 audit: diff --git a/x-pack/filebeat/modules.d/okta.yml.disabled b/x-pack/filebeat/modules.d/okta.yml.disabled index 13706b240d2b..062856ce4e4c 100644 --- a/x-pack/filebeat/modules.d/okta.yml.disabled +++ b/x-pack/filebeat/modules.d/okta.yml.disabled @@ -1,5 +1,5 @@ # Module: okta -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-okta.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-okta.html - module: okta system: diff --git a/x-pack/filebeat/modules.d/oracle.yml.disabled b/x-pack/filebeat/modules.d/oracle.yml.disabled index c74c5f889f83..aa24b1f67554 100644 --- a/x-pack/filebeat/modules.d/oracle.yml.disabled +++ b/x-pack/filebeat/modules.d/oracle.yml.disabled @@ -1,5 +1,5 @@ # Module: oracle -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-oracle.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-oracle.html - module: oracle database_audit: diff --git a/x-pack/filebeat/modules.d/panw.yml.disabled b/x-pack/filebeat/modules.d/panw.yml.disabled index 93b9a6836030..1a630f8fb4ee 100644 --- a/x-pack/filebeat/modules.d/panw.yml.disabled +++ b/x-pack/filebeat/modules.d/panw.yml.disabled @@ -1,5 +1,5 @@ # Module: panw -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-panw.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-panw.html - module: panw panos: diff --git a/x-pack/filebeat/modules.d/proofpoint.yml.disabled b/x-pack/filebeat/modules.d/proofpoint.yml.disabled index 2c5dfec92e57..34b31277086d 100644 --- a/x-pack/filebeat/modules.d/proofpoint.yml.disabled +++ b/x-pack/filebeat/modules.d/proofpoint.yml.disabled @@ -1,5 +1,5 @@ # Module: proofpoint -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-proofpoint.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-proofpoint.html - module: proofpoint emailsecurity: diff --git a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled index 2b2171f86d0d..437cf9a57219 100644 --- a/x-pack/filebeat/modules.d/rabbitmq.yml.disabled +++ b/x-pack/filebeat/modules.d/rabbitmq.yml.disabled @@ -1,5 +1,5 @@ # Module: rabbitmq -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-rabbitmq.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-rabbitmq.html - module: rabbitmq # All logs diff --git a/x-pack/filebeat/modules.d/radware.yml.disabled b/x-pack/filebeat/modules.d/radware.yml.disabled index fe39a7b805eb..553d84591276 100644 --- a/x-pack/filebeat/modules.d/radware.yml.disabled +++ b/x-pack/filebeat/modules.d/radware.yml.disabled @@ -1,5 +1,5 @@ # Module: radware -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-radware.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-radware.html - module: radware defensepro: diff --git a/x-pack/filebeat/modules.d/salesforce.yml.disabled b/x-pack/filebeat/modules.d/salesforce.yml.disabled index 8535b30f0060..93d04365a868 100644 --- a/x-pack/filebeat/modules.d/salesforce.yml.disabled +++ b/x-pack/filebeat/modules.d/salesforce.yml.disabled @@ -1,5 +1,5 @@ # Module: salesforce -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-salesforce.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-salesforce.html - module: salesforce diff --git a/x-pack/filebeat/modules.d/snort.yml.disabled b/x-pack/filebeat/modules.d/snort.yml.disabled index d8befbb7d7c4..89d25c4b5566 100644 --- a/x-pack/filebeat/modules.d/snort.yml.disabled +++ b/x-pack/filebeat/modules.d/snort.yml.disabled @@ -1,5 +1,5 @@ # Module: snort -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-snort.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-snort.html - module: snort log: diff --git a/x-pack/filebeat/modules.d/snyk.yml.disabled b/x-pack/filebeat/modules.d/snyk.yml.disabled index ab6b379f389d..f92cf1d71f06 100644 --- a/x-pack/filebeat/modules.d/snyk.yml.disabled +++ b/x-pack/filebeat/modules.d/snyk.yml.disabled @@ -1,5 +1,5 @@ # Module: snyk -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-snyk.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-snyk.html - module: snyk audit: diff --git a/x-pack/filebeat/modules.d/sonicwall.yml.disabled b/x-pack/filebeat/modules.d/sonicwall.yml.disabled index cf0706bdd81b..f267d355b370 100644 --- a/x-pack/filebeat/modules.d/sonicwall.yml.disabled +++ b/x-pack/filebeat/modules.d/sonicwall.yml.disabled @@ -1,5 +1,5 @@ # Module: sonicwall -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-sonicwall.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-sonicwall.html - module: sonicwall firewall: diff --git a/x-pack/filebeat/modules.d/sophos.yml.disabled b/x-pack/filebeat/modules.d/sophos.yml.disabled index 42aa513de7e8..e875354ad628 100644 --- a/x-pack/filebeat/modules.d/sophos.yml.disabled +++ b/x-pack/filebeat/modules.d/sophos.yml.disabled @@ -1,5 +1,5 @@ # Module: sophos -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-sophos.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-sophos.html - module: sophos xg: diff --git a/x-pack/filebeat/modules.d/squid.yml.disabled b/x-pack/filebeat/modules.d/squid.yml.disabled index bc34fdcb5a6e..81d5f6e0af03 100644 --- a/x-pack/filebeat/modules.d/squid.yml.disabled +++ b/x-pack/filebeat/modules.d/squid.yml.disabled @@ -1,5 +1,5 @@ # Module: squid -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-squid.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-squid.html - module: squid log: diff --git a/x-pack/filebeat/modules.d/suricata.yml.disabled b/x-pack/filebeat/modules.d/suricata.yml.disabled index 14b1855a0584..98e905fff23e 100644 --- a/x-pack/filebeat/modules.d/suricata.yml.disabled +++ b/x-pack/filebeat/modules.d/suricata.yml.disabled @@ -1,5 +1,5 @@ # Module: suricata -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-suricata.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-suricata.html - module: suricata # All logs diff --git a/x-pack/filebeat/modules.d/threatintel.yml.disabled b/x-pack/filebeat/modules.d/threatintel.yml.disabled index d5a0365f40cf..717de295f33b 100644 --- a/x-pack/filebeat/modules.d/threatintel.yml.disabled +++ b/x-pack/filebeat/modules.d/threatintel.yml.disabled @@ -1,5 +1,5 @@ # Module: threatintel -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-threatintel.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-threatintel.html - module: threatintel abuseurl: diff --git a/x-pack/filebeat/modules.d/tomcat.yml.disabled b/x-pack/filebeat/modules.d/tomcat.yml.disabled index 1fda24706e3b..dc7a8d7eadd4 100644 --- a/x-pack/filebeat/modules.d/tomcat.yml.disabled +++ b/x-pack/filebeat/modules.d/tomcat.yml.disabled @@ -1,5 +1,5 @@ # Module: tomcat -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-tomcat.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-tomcat.html - module: tomcat log: diff --git a/x-pack/filebeat/modules.d/zeek.yml.disabled b/x-pack/filebeat/modules.d/zeek.yml.disabled index 4017a6e39976..2ceeeea911da 100644 --- a/x-pack/filebeat/modules.d/zeek.yml.disabled +++ b/x-pack/filebeat/modules.d/zeek.yml.disabled @@ -1,5 +1,5 @@ # Module: zeek -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zeek.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zeek.html - module: zeek capture_loss: diff --git a/x-pack/filebeat/modules.d/zookeeper.yml.disabled b/x-pack/filebeat/modules.d/zookeeper.yml.disabled index a2cb2977935e..f632c0de9e70 100644 --- a/x-pack/filebeat/modules.d/zookeeper.yml.disabled +++ b/x-pack/filebeat/modules.d/zookeeper.yml.disabled @@ -1,5 +1,5 @@ # Module: zookeeper -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zookeeper.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zookeeper.html - module: zookeeper # All logs diff --git a/x-pack/filebeat/modules.d/zoom.yml.disabled b/x-pack/filebeat/modules.d/zoom.yml.disabled index 04e6613806b9..b7a5bc35a002 100644 --- a/x-pack/filebeat/modules.d/zoom.yml.disabled +++ b/x-pack/filebeat/modules.d/zoom.yml.disabled @@ -1,5 +1,5 @@ # Module: zoom -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zoom.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zoom.html - module: zoom webhook: @@ -18,5 +18,11 @@ # The header Zoom uses to send its secret token, defaults to "Authorization" #secret.header: Authorization - # The secret token value created by Zoom - #secret.value: ZOOMTOKEN + # The custom secret token value created when configuring the Zoom webhook + #secret.value: my-custom-value + + # Enable the CRC webhook validation + #crc.enabled: false + + # The secret token value provided by Zoom for CRC validation + #crc.secret: ZOOMSECRETTOKEN diff --git a/x-pack/filebeat/modules.d/zscaler.yml.disabled b/x-pack/filebeat/modules.d/zscaler.yml.disabled index 8ca0cea079cb..732a033073b6 100644 --- a/x-pack/filebeat/modules.d/zscaler.yml.disabled +++ b/x-pack/filebeat/modules.d/zscaler.yml.disabled @@ -1,5 +1,5 @@ # Module: zscaler -# Docs: https://www.elastic.co/guide/en/beats/filebeat/main/filebeat-module-zscaler.html +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-zscaler.html - module: zscaler zia: diff --git a/x-pack/filebeat/tests/integration/framework_test.go b/x-pack/filebeat/tests/integration/framework_test.go index 1a65eb96da8e..1d572c6cc002 100644 --- a/x-pack/filebeat/tests/integration/framework_test.go +++ b/x-pack/filebeat/tests/integration/framework_test.go @@ -134,3 +134,35 @@ func (b *BeatProc) openLogFile() *os.File { return f } + +// createTempDir creates a temporary directory that will be +// removed after the tests passes. +// +// If the test fails, the temporary directory is not removed. +// +// If the tests are run with -v, the temporary directory will +// be logged. +func createTempDir(t *testing.T) string { + tempDir, err := filepath.Abs(filepath.Join("../../build/integration-tests/", + fmt.Sprintf("%s-%d", t.Name(), time.Now().Unix()))) + if err != nil { + t.Fatal(err) + } + + if err := os.MkdirAll(tempDir, 0766); err != nil { + t.Fatalf("cannot create tmp dir: %s, msg: %s", err, err.Error()) + } + t.Logf("Temporary directory: %s", tempDir) + + cleanup := func() { + if !t.Failed() { + if err := os.RemoveAll(tempDir); err != nil { + t.Errorf("could not remove temp dir '%s': %s", tempDir, err) + } + t.Logf("Temporary directory '%s' removed", tempDir) + } + } + t.Cleanup(cleanup) + + return tempDir +} diff --git a/x-pack/filebeat/tests/integration/input_reload_test.go b/x-pack/filebeat/tests/integration/managerV2_test.go similarity index 79% rename from x-pack/filebeat/tests/integration/input_reload_test.go rename to x-pack/filebeat/tests/integration/managerV2_test.go index cab3b273a9bf..d0d0eea6e30d 100644 --- a/x-pack/filebeat/tests/integration/input_reload_test.go +++ b/x-pack/filebeat/tests/integration/managerV2_test.go @@ -46,28 +46,7 @@ func TestInputReloadUnderElasticAgent(t *testing.T) { // We create our own temp dir so the files can be persisted // in case the test fails. This will help debugging issues // locally and on CI. - // - // testSucceeded will be set to 'true' as the very last thing on this test, - // it allows us to use t.CleanUp to remove the temporary files - testSucceeded := false - tempDir, err := filepath.Abs(filepath.Join("../../build/integration-tests/", - fmt.Sprintf("%s-%d", t.Name(), time.Now().Unix()))) - if err != nil { - t.Fatal(err) - } - - if err := os.MkdirAll(tempDir, 0766); err != nil { - t.Fatalf("cannot create tmp dir: %s, msg: %s", err, err.Error()) - } - t.Logf("Temporary directory: %s", tempDir) - t.Cleanup(func() { - if testSucceeded { - if err := os.RemoveAll(tempDir); err != nil { - t.Fatalf("could not remove temp dir '%s': %s", tempDir, err) - } - t.Logf("Temporary directory '%s' removed", tempDir) - } - }) + tempDir := createTempDir(t) logFilePath := filepath.Join(tempDir, "flog.log") generateLogFile(t, logFilePath) @@ -273,9 +252,101 @@ func TestInputReloadUnderElasticAgent(t *testing.T) { return filebeat.LogContains("ForceReload set to FALSE") }, waitDeadlineOr5Min(), 100*time.Millisecond, "String 'ForceReload set to FALSE' not found on Filebeat logs") +} + +// TestFailedOutputReportsUnhealthy ensures that if an output +// fails to start and returns an error, the manager will set it +// as failed and the inputs will not be started, which means +// staying on the started state. +func TestFailedOutputReportsUnhealthy(t *testing.T) { + // First things first, ensure ES is running and we can connect to it. + // If ES is not running, the test will timeout and the only way to know + // what caused it is going through Filebeat's logs. + ensureESIsRunning(t) + + tempDir := createTempDir(t) + finalStateReached := false - // Set it to true, so the temporary directory is removed - testSucceeded = true + var units = []*proto.UnitExpected{ + { + Id: "output-unit-borken", + Type: proto.UnitType_OUTPUT, + ConfigStateIdx: 1, + State: proto.State_FAILED, + LogLevel: proto.UnitLogLevel_DEBUG, + Config: &proto.UnitExpectedConfig{ + Id: "default", + Type: "logstash", + Name: "logstash", + Source: requireNewStruct(t, + map[string]interface{}{ + "type": "logstash", + "invalid": "configuration", + }), + }, + }, + // Also add an input unit to make sure it never leaves the + // starting state + { + Id: "input-unit", + Type: proto.UnitType_INPUT, + ConfigStateIdx: 1, + State: proto.State_STARTING, + LogLevel: proto.UnitLogLevel_DEBUG, + Config: &proto.UnitExpectedConfig{ + Id: "log-input", + Type: "log", + Name: "log", + Streams: []*proto.Stream{ + { + Id: "log-input", + Source: requireNewStruct(t, map[string]interface{}{ + "enabled": true, + "type": "log", + "paths": "/tmp/foo", + }), + }, + }, + }, + }, + } + + server := &mock.StubServerV2{ + // The Beat will call the check-in function multiple times: + // - At least once at startup + // - At every state change (starting, configuring, healthy, etc) + // for every Unit. + // + // So we wait until the state matches the desired state + CheckinV2Impl: func(observed *proto.CheckinObserved) *proto.CheckinExpected { + if management.DoesStateMatch(observed, units, 0) { + finalStateReached = true + } + + return &proto.CheckinExpected{ + Units: units, + } + }, + ActionImpl: func(response *proto.ActionResponse) error { return nil }, + } + + require.NoError(t, server.Start()) + + filebeat := NewBeat( + t, + "../../filebeat.test", + tempDir, + "-E", fmt.Sprintf(`management.insecure_grpc_url_for_testing="localhost:%d"`, server.Port), + "-E", "management.enabled=true", + ) + + filebeat.Start() + + require.Eventually(t, func() bool { + return finalStateReached + }, 30*time.Second, 100*time.Millisecond, "Output unit did not report unhealthy") + + t.Cleanup(server.Stop) } func requireNewStruct(t *testing.T, v map[string]interface{}) *structpb.Struct { diff --git a/x-pack/functionbeat/Dockerfile b/x-pack/functionbeat/Dockerfile index be8433ce5ba6..de1ff7155978 100644 --- a/x-pack/functionbeat/Dockerfile +++ b/x-pack/functionbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.19.9 +FROM golang:1.19.10 RUN \ apt-get update \ diff --git a/x-pack/libbeat/common/aws/credentials.go b/x-pack/libbeat/common/aws/credentials.go index ec0c68874e53..b4961fbd6cc5 100644 --- a/x-pack/libbeat/common/aws/credentials.go +++ b/x-pack/libbeat/common/aws/credentials.go @@ -156,7 +156,7 @@ func addAssumeRoleProviderToAwsConfig(config ConfigAWS, awsConfig *awssdk.Config // addStaticCredentialsProviderToAwsConfig adds a static credentials provider to the current AWS config by using the keys stored in Beats config func addStaticCredentialsProviderToAwsConfig(beatsConfig ConfigAWS, awsConfig *awssdk.Config) { logger := logp.NewLogger("addStaticCredentialsProviderToAwsConfig") - logger.Debug("Switching credentials provider to AssumeRoleProvider") + logger.Debug("Switching credentials provider to StaticCredentialsProvider") staticCredentialsProvider := credentials.NewStaticCredentialsProvider( beatsConfig.AccessKeyID, beatsConfig.SecretAccessKey, diff --git a/x-pack/libbeat/management/managerV2.go b/x-pack/libbeat/management/managerV2.go index 70db3fd88b08..55a6f57fe238 100644 --- a/x-pack/libbeat/management/managerV2.go +++ b/x-pack/libbeat/management/managerV2.go @@ -34,6 +34,23 @@ import ( "github.com/elastic/beats/v7/libbeat/version" ) +// diagnosticHandler is a wrapper type that's a bit of a hack, the compiler won't let us send the raw unit struct, +// since there's a type disagreement with the `client.DiagnosticHook` argument, and due to licensing issues we can't import the agent client types into the reloader +type diagnosticHandler struct { + log *logp.Logger + client *client.Unit +} + +func (handler diagnosticHandler) Register(name string, description string, filename string, contentType string, callback func() []byte) { + handler.log.Infof("registering callback with %s", name) + // paranoid checking + if handler.client != nil { + handler.client.RegisterDiagnosticHook(name, description, filename, contentType, callback) + } else { + handler.log.Warnf("client handler for diag callback %s is nil", name) + } +} + // unitKey is used to identify a unique unit in a map // the `ID` of a unit in itself is not unique without its type, only `Type` + `ID` is unique type unitKey struct { @@ -573,7 +590,25 @@ func (cm *BeatV2Manager) reload(units map[unitKey]*client.Unit) { // reload the output configuration if err := cm.reloadOutput(outputUnit); err != nil { - errs = append(errs, err) + // Output creation failed, there is no point in going any further + // because there is no output read the events. + // + // Trying to start inputs will eventually lead them to deadlock + // waiting for the output. Log input will deadlock when starting, + // effectively blocking this manager. + err = fmt.Errorf("could not start output: %w", err) + outputUnit.UpdateState(client.UnitStateFailed, err.Error(), nil) + cm.status = lbmanagement.Failed + cm.message = err.Error() + + // If there are any other errors, set the status accordingly. + // If len(errs), then the there were no previous and the only + // error has been reported already. + if len(errs) > 0 { + errs = append(errs, err) + cm.message = fmt.Sprintf("%s", errs) + } + return } // compute the input configuration @@ -689,6 +724,11 @@ func (cm *BeatV2Manager) reloadInputs(inputUnits []*client.Unit) error { if err != nil { return fmt.Errorf("failed to generate configuration for unit %s: %w", unit.ID(), err) } + // add diag callbacks for unit + // we want to add the diagnostic handler that's specific to the unit, and not the gobal diagnostic handler + for _, in := range inputCfg { + in.DiagCallback = diagnosticHandler{client: unit, log: cm.logger.Named("diagnostic-manager")} + } inputCfgs[unit.ID()] = expected.Config inputBeatCfgs = append(inputBeatCfgs, inputCfg...) } diff --git a/x-pack/libbeat/management/managerV2_test.go b/x-pack/libbeat/management/managerV2_test.go index 538dd0c58023..aa84bb9f8f0a 100644 --- a/x-pack/libbeat/management/managerV2_test.go +++ b/x-pack/libbeat/management/managerV2_test.go @@ -5,6 +5,7 @@ package management import ( + "errors" "fmt" "sync" "testing" @@ -220,6 +221,133 @@ func TestManagerV2(t *testing.T) { }, 15*time.Second, 300*time.Millisecond) } +func TestOutputError(t *testing.T) { + // Uncomment the line below to see the debug logs for this test + // logp.DevelopmentSetup(logp.WithLevel(logp.DebugLevel), logp.WithSelectors("*")) + r := reload.NewRegistry() + + output := &mockOutput{ + ReloadFn: func(config *reload.ConfigWithMeta) error { + return errors.New("any kind of error will do") + }, + } + r.MustRegisterOutput(output) + inputs := &mockReloadable{ + ReloadFn: func(configs []*reload.ConfigWithMeta) error { + err := errors.New("Inputs should not be reloaded if the output fails") + t.Fatal(err) + return err + }, + } + r.MustRegisterInput(inputs) + + stateReached := false + units := []*proto.UnitExpected{ + { + Id: "output-unit", + Type: proto.UnitType_OUTPUT, + State: proto.State_HEALTHY, + ConfigStateIdx: 1, + LogLevel: proto.UnitLogLevel_DEBUG, + Config: &proto.UnitExpectedConfig{ + Id: "default", + Type: "mock", + Name: "mock", + Source: requireNewStruct(t, + map[string]interface{}{ + "Is": "this", + "required?": "Yes!", + }), + }, + }, + { + Id: "input-unit", + Type: proto.UnitType_INPUT, + State: proto.State_HEALTHY, + ConfigStateIdx: 1, + LogLevel: proto.UnitLogLevel_DEBUG, + }, + } + + desiredState := []*proto.UnitExpected{ + { + Id: "output-unit", + Type: proto.UnitType_OUTPUT, + State: proto.State_FAILED, + ConfigStateIdx: 1, + LogLevel: proto.UnitLogLevel_DEBUG, + Config: &proto.UnitExpectedConfig{ + Id: "default", + Type: "mock", + Name: "mock", + Source: requireNewStruct(t, + map[string]interface{}{ + "this": "is", + "required": true, + }), + }, + }, + { + Id: "input-unit", + Type: proto.UnitType_INPUT, + State: proto.State_STARTING, + ConfigStateIdx: 1, + LogLevel: proto.UnitLogLevel_DEBUG, + }, + } + + server := &mock.StubServerV2{ + CheckinV2Impl: func(observed *proto.CheckinObserved) *proto.CheckinExpected { + if DoesStateMatch(observed, desiredState, 0) { + stateReached = true + } + return &proto.CheckinExpected{ + Units: units, + } + }, + ActionImpl: func(response *proto.ActionResponse) error { return nil }, + } + + if err := server.Start(); err != nil { + t.Fatalf("could not start mock Elastic-Agent server: %s", err) + } + defer server.Stop() + + client := client.NewV2( + fmt.Sprintf(":%d", server.Port), + "", + client.VersionInfo{}, + grpc.WithTransportCredentials(insecure.NewCredentials())) + + m, err := NewV2AgentManagerWithClient( + &Config{ + Enabled: true, + }, + r, + client, + ) + if err != nil { + t.Fatalf("could not instantiate ManagerV2: %s", err) + } + + mm, ok := m.(*BeatV2Manager) + if !ok { + t.Fatalf("unexpected type for BeatV2Manager: %T", m) + } + + mm.changeDebounce = 10 * time.Millisecond + mm.forceReloadDebounce = 100 * time.Millisecond + + if err := m.Start(); err != nil { + t.Fatalf("could not start ManagerV2: %s", err) + } + defer m.Stop() + + require.Eventually(t, func() bool { + return stateReached + }, 10*time.Second, 100*time.Millisecond, "desired state, output failed, was not reached") +} + func mockSrv( units [][]*proto.UnitExpected, featuresIdxs []uint64, @@ -308,3 +436,53 @@ func (r *reloadableList) Configs() []*reload.ConfigWithMeta { defer r.mx.Unlock() return r.configs } + +type mockOutput struct { + mutex sync.Mutex + ReloadFn func(config *reload.ConfigWithMeta) error + ConfigFn func() *reload.ConfigWithMeta + ConfigsFn func() []*reload.ConfigWithMeta +} + +func (m *mockOutput) Reload(config *reload.ConfigWithMeta) error { + m.mutex.Lock() + defer m.mutex.Unlock() + return m.ReloadFn(config) +} + +func (m *mockOutput) Config() *reload.ConfigWithMeta { + m.mutex.Lock() + defer m.mutex.Unlock() + return m.ConfigFn() +} + +func (m *mockOutput) Configs() []*reload.ConfigWithMeta { + m.mutex.Lock() + defer m.mutex.Unlock() + return m.ConfigsFn() +} + +type mockReloadable struct { + mutex sync.Mutex + ReloadFn func(configs []*reload.ConfigWithMeta) error + ConfigFn func() *reload.ConfigWithMeta + ConfigsFn func() []*reload.ConfigWithMeta +} + +func (m *mockReloadable) Reload(configs []*reload.ConfigWithMeta) error { + m.mutex.Lock() + defer m.mutex.Unlock() + return m.ReloadFn(configs) +} + +func (m *mockReloadable) Config() *reload.ConfigWithMeta { + m.mutex.Lock() + defer m.mutex.Unlock() + return m.ConfigFn() +} + +func (m *mockReloadable) Configs() []*reload.ConfigWithMeta { + m.mutex.Lock() + defer m.mutex.Unlock() + return m.ConfigsFn() +} diff --git a/x-pack/libbeat/reader/parquet/parquet.go b/x-pack/libbeat/reader/parquet/parquet.go index c9089457a13a..2d91f778f334 100644 --- a/x-pack/libbeat/reader/parquet/parquet.go +++ b/x-pack/libbeat/reader/parquet/parquet.go @@ -10,10 +10,10 @@ import ( "fmt" "io" - "github.com/apache/arrow/go/v11/arrow/memory" - "github.com/apache/arrow/go/v11/parquet" - "github.com/apache/arrow/go/v11/parquet/file" - "github.com/apache/arrow/go/v11/parquet/pqarrow" + "github.com/apache/arrow/go/v12/arrow/memory" + "github.com/apache/arrow/go/v12/parquet" + "github.com/apache/arrow/go/v12/parquet/file" + "github.com/apache/arrow/go/v12/parquet/pqarrow" ) // BufferedReader parses parquet inputs from io streams. diff --git a/x-pack/libbeat/reader/parquet/parquet_test.go b/x-pack/libbeat/reader/parquet/parquet_test.go index 1f89bd6628c0..1163156e65d3 100644 --- a/x-pack/libbeat/reader/parquet/parquet_test.go +++ b/x-pack/libbeat/reader/parquet/parquet_test.go @@ -5,7 +5,6 @@ package parquet import ( - "bufio" "bytes" "encoding/json" "fmt" @@ -15,10 +14,10 @@ import ( "path/filepath" "testing" - "github.com/apache/arrow/go/v11/arrow" - "github.com/apache/arrow/go/v11/arrow/array" - "github.com/apache/arrow/go/v11/arrow/memory" - "github.com/apache/arrow/go/v11/parquet/pqarrow" + "github.com/apache/arrow/go/v12/arrow" + "github.com/apache/arrow/go/v12/arrow/array" + "github.com/apache/arrow/go/v12/arrow/memory" + "github.com/apache/arrow/go/v12/parquet/pqarrow" "github.com/stretchr/testify/assert" ) @@ -171,20 +170,22 @@ func createRandomParquet(t testing.TB, fname string, numCols int, numRows int) m func TestParquetWithFiles(t *testing.T) { testCases := []struct { - parquetFile string - jsonFile string + parquetFile string + jsonFile string + maxRowsToCompare int }{ - { - parquetFile: "vpc_flow.gz.parquet", - jsonFile: "vpc_flow.ndjson", - }, { parquetFile: "cloudtrail.parquet", - jsonFile: "cloudtrail.ndjson", + jsonFile: "cloudtrail.json", }, { parquetFile: "route53.parquet", - jsonFile: "route53.ndjson", + jsonFile: "route53.json", + }, + { + parquetFile: "vpc_flow.gz.parquet", + jsonFile: "vpc_flow.json", + maxRowsToCompare: 4, }, } @@ -198,43 +199,38 @@ func TestParquetWithFiles(t *testing.T) { } defer parquetFile.Close() - jsonFile, err := os.Open(filepath.Join(testDataPath, tc.jsonFile)) - if err != nil { - t.Fatalf("Failed to open json test file: %v", err) - } - defer jsonFile.Close() - - orderedJSON, rows := readJSONFromFile(t, jsonFile) + orderedJSON, rows := readJSONFromFile(t, filepath.Join(testDataPath, tc.jsonFile)) cfg := &Config{ // we set ProcessParallel to true as this always has the best performance ProcessParallel: true, // batch size is set to 1 because we need to compare individual records one by one BatchSize: 1, } - readAndCompareParquetFile(t, cfg, parquetFile, orderedJSON, rows) + readAndCompareParquetFile(t, cfg, parquetFile, orderedJSON, rows, tc.maxRowsToCompare) }) } } // readJSONFromFile reads the json file and returns the data as an ordered map (row number -> json string) // along with the number of rows in the file -func readJSONFromFile(t *testing.T, file *os.File) (map[int]string, int) { +func readJSONFromFile(t *testing.T, filepath string) (map[int]string, int) { + fileBytes, err := os.ReadFile(filepath) + assert.NoError(t, err) + var rawMessages []json.RawMessage + err = json.Unmarshal(fileBytes, &rawMessages) + assert.NoError(t, err) data := make(map[int]string) - scanner := bufio.NewScanner(file) - row := 0 - for scanner.Scan() { - data[row] = scanner.Text() + var row int + for _, rawMsg := range rawMessages { + data[row] = string(rawMsg) row++ } - if err := scanner.Err(); err != nil { - t.Fatalf("failed to read ndjson file: %v", err) - } return data, row } // readAndCompareParquetFile reads the parquet file and compares the data with the input data -func readAndCompareParquetFile(t *testing.T, cfg *Config, file *os.File, data map[int]string, rows int) { +func readAndCompareParquetFile(t *testing.T, cfg *Config, file *os.File, data map[int]string, rows int, maxRowsToCompare int) { sReader, err := NewBufferedReader(file, cfg) if err != nil { t.Fatalf("failed to init stream reader: %v", err) @@ -248,9 +244,17 @@ func readAndCompareParquetFile(t *testing.T, cfg *Config, file *os.File, data ma if val != nil { rowCount = readAndCompareParquetJSON(t, bytes.NewReader(val), data, rowCount) } + if maxRowsToCompare > 0 && rowCount == maxRowsToCompare { + break + } + } + // if maxRowsToCompare == 0 then we compare the row count + if maxRowsToCompare == 0 { + // asserts of number of rows read is the same as the number of rows from the input file + assert.Equal(t, rows, rowCount) + } else { + assert.EqualValues(t, rowCount, maxRowsToCompare) } - // asserts of number of rows read is the same as the number of rows from the input file - assert.Equal(t, rows, rowCount) // closes the stream reader and asserts that there are no errors err = sReader.Close() assert.NoError(t, err) diff --git a/x-pack/libbeat/reader/parquet/testdata/cloudtrail.json b/x-pack/libbeat/reader/parquet/testdata/cloudtrail.json new file mode 100644 index 000000000000..979f14428f33 --- /dev/null +++ b/x-pack/libbeat/reader/parquet/testdata/cloudtrail.json @@ -0,0 +1,96 @@ +[ + { + "activity_id": 1, + "activity_name": "Create", + "actor": { + "idp": { + "name": null + }, + "invoked_by": null, + "session": { + "created_time": null, + "issuer": null, + "mfa": null + }, + "user": { + "account_uid": "123456789012", + "credential_uid": "AKIAIOSFODNN7EXAMPLE", + "name": "Alice", + "type": "IAMUser", + "uid": "123456789012", + "uuid": "arn:aws:iam::123456789012:user/Alice" + } + }, + "api": { + "operation": "CreateLoadBalancer", + "request": { + "uid": "b9960276-b9b2-11e3-8a13-f1ef1EXAMPLE" + }, + "response": { + "error": null, + "message": null + }, + "service": { + "name": "elasticloadbalancing.amazonaws.com" + }, + "version": "2015-12-01" + }, + "category_name": "Audit Activity", + "category_uid": 3, + "class_name": "API Activity", + "class_uid": 3005, + "cloud": { + "provider": "AWS", + "region": "us-west-2" + }, + "http_request": { + "user_agent": "aws-cli/1.10.10 Python/2.7.9 Windows/7 botocore/1.4.1" + }, + "metadata": { + "product": { + "feature": { + "name": "Management, Data, and Insights" + }, + "name": "CloudTrail", + "vendor_name": "AWS", + "version": "1.03" + }, + "profiles": [ + "cloud" + ], + "uid": "6f4ab5bd-2daa-4d00-be14-d92efEXAMPLE", + "version": "1.0.0-rc.2" + }, + "resources": null, + "severity": "Informational", + "severity_id": 1, + "src_endpoint": { + "domain": null, + "ip": "198.51.100.1", + "uid": null + }, + "status": "Success", + "status_id": 1, + "time": 1459524708000, + "type_name": "API Activity: Create", + "type_uid": 300501, + "unmapped": [ + { + "key": "responseElements", + "value": "{\"loadBalancers\":[{\"type\":\"application\",\"loadBalancerName\":\"my-load-balancer\",\"vpcId\":\"vpc-3ac0fb5f\",\"securityGroups\":[\"sg-5943793c\"],\"state\":{\"code\":\"provisioning\"},\"availabilityZones\":[{\"subnetId\":\"subnet-8360a9e7\",\"zoneName\":\"us-west-2a\"},{\"subnetId\":\"subnet-b7d581c0\",\"zoneName\":\"us-west-2b\"}],\"dNSName\":\"my-load-balancer-1836718677.us-west-2.elb.amazonaws.com\",\"canonicalHostedZoneId\":\"Z2P70J7HTTTPLU\",\"createdTime\":\"Apr 11, 2016 5:23:50 PM\",\"loadBalancerArn\":\"arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/ffcddace1759e1d0\",\"scheme\":\"internet-facing\"}]}" + }, + { + "key": "requestParameters", + "value": "{\"subnets\":[\"subnet-8360a9e7\",\"subnet-b7d581c0\"],\"securityGroups\":[\"sg-5943793c\"],\"name\":\"my-load-balancer\",\"scheme\":\"internet-facing\"}" + }, + { + "key": "recipientAccountId", + "value": "123456789012" + }, + { + "key": "eventType", + "value": "AwsApiCall" + } + ] + } +] \ No newline at end of file diff --git a/x-pack/libbeat/reader/parquet/testdata/cloudtrail.ndjson b/x-pack/libbeat/reader/parquet/testdata/cloudtrail.ndjson deleted file mode 100644 index de3a2bd3ee09..000000000000 --- a/x-pack/libbeat/reader/parquet/testdata/cloudtrail.ndjson +++ /dev/null @@ -1 +0,0 @@ -{"activity_id":1,"activity_name":"Create","actor":{"idp":{"name":null},"invoked_by":null,"session":{"created_time":null,"issuer":null,"mfa":null},"user":{"account_uid":"123456789012","credential_uid":"AKIAIOSFODNN7EXAMPLE","name":"Alice","type":"IAMUser","uid":"123456789012","uuid":"arn:aws:iam::123456789012:user/Alice"}},"api":{"operation":"CreateLoadBalancer","request":{"uid":"b9960276-b9b2-11e3-8a13-f1ef1EXAMPLE"},"response":{"error":null,"message":null},"service":{"name":"elasticloadbalancing.amazonaws.com"},"version":"2015-12-01"},"category_name":"Audit Activity","category_uid":3,"class_name":"API Activity","class_uid":3005,"cloud":{"provider":"AWS","region":"us-west-2"},"http_request":{"user_agent":"aws-cli/1.10.10 Python/2.7.9 Windows/7 botocore/1.4.1"},"metadata":{"product":{"feature":{"name":"Management, Data, and Insights"},"name":"CloudTrail","vendor_name":"AWS","version":"1.03"},"profiles":["cloud"],"uid":"6f4ab5bd-2daa-4d00-be14-d92efEXAMPLE","version":"1.0.0-rc.2"},"resources":null,"severity":"Informational","severity_id":1,"src_endpoint":{"domain":null,"ip":"198.51.100.1","uid":null},"status":"Success","status_id":1,"time":1459524708000,"type_name":"API Activity: Create","type_uid":300501,"unmapped":[{"key":"responseElements","value":"{\"loadBalancers\":[{\"type\":\"application\",\"loadBalancerName\":\"my-load-balancer\",\"vpcId\":\"vpc-3ac0fb5f\",\"securityGroups\":[\"sg-5943793c\"],\"state\":{\"code\":\"provisioning\"},\"availabilityZones\":[{\"subnetId\":\"subnet-8360a9e7\",\"zoneName\":\"us-west-2a\"},{\"subnetId\":\"subnet-b7d581c0\",\"zoneName\":\"us-west-2b\"}],\"dNSName\":\"my-load-balancer-1836718677.us-west-2.elb.amazonaws.com\",\"canonicalHostedZoneId\":\"Z2P70J7HTTTPLU\",\"createdTime\":\"Apr 11, 2016 5:23:50 PM\",\"loadBalancerArn\":\"arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/ffcddace1759e1d0\",\"scheme\":\"internet-facing\"}]}"},{"key":"requestParameters","value":"{\"subnets\":[\"subnet-8360a9e7\",\"subnet-b7d581c0\"],\"securityGroups\":[\"sg-5943793c\"],\"name\":\"my-load-balancer\",\"scheme\":\"internet-facing\"}"},{"key":"recipientAccountId","value":"123456789012"},{"key":"eventType","value":"AwsApiCall"}]} diff --git a/x-pack/libbeat/reader/parquet/testdata/route53.json b/x-pack/libbeat/reader/parquet/testdata/route53.json new file mode 100644 index 000000000000..90fd9d5cc80f --- /dev/null +++ b/x-pack/libbeat/reader/parquet/testdata/route53.json @@ -0,0 +1,76 @@ +[ + { + "activity_id": 2, + "activity_name": "Response", + "answers": [ + { + "class": "IN", + "rdata": "127.0.0.62", + "type": "A" + } + ], + "category_name": "Network Activity", + "category_uid": 4, + "class_name": "DNS Activity", + "class_uid": 4003, + "cloud": { + "account_uid": "123456789012", + "provider": "AWS", + "region": "us-east-1" + }, + "connection_info": { + "direction": "Unknown", + "direction_id": 0, + "protocol_name": "UDP" + }, + "disposition": "No Action", + "disposition_id": 16, + "dst_endpoint": { + "instance_uid": "rslvr-in-0000000000000000", + "interface_uid": "rni-0000000000000000" + }, + "metadata": { + "product": { + "feature": { + "name": "Resolver Query Logs" + }, + "name": "Route 53", + "vendor_name": "AWS", + "version": "1.100000" + }, + "profiles": [ + "cloud", + "security_control" + ], + "version": "1.0.0-rc.2" + }, + "query": { + "class": "IN", + "hostname": "ip-127-0-0-62.alert.firewall.canary.", + "type": "A" + }, + "rcode": "NoError", + "rcode_id": 0, + "severity": "Informational", + "severity_id": 1, + "src_endpoint": { + "instance_uid": null, + "ip": "10.200.21.100", + "port": 15083, + "vpc_uid": "vpc-00000000000000000" + }, + "time": 1665694956000, + "type_name": "DNS Activity: Response", + "type_uid": 400302, + "unmapped": [ + { + "key": "firewall_rule_group_id", + "value": "rslvr-frg-000000000000000" + }, + { + "key": "firewall_domain_list_id", + "value": "rslvr-fdl-0000000000000" + } + ] + } +] \ No newline at end of file diff --git a/x-pack/libbeat/reader/parquet/testdata/route53.ndjson b/x-pack/libbeat/reader/parquet/testdata/route53.ndjson deleted file mode 100644 index 63a75e64cb77..000000000000 --- a/x-pack/libbeat/reader/parquet/testdata/route53.ndjson +++ /dev/null @@ -1 +0,0 @@ -{"activity_id":2,"activity_name":"Response","answers":["A"],"category_name":"Network Activity","category_uid":4,"class_name":"DNS Activity","class_uid":4003,"cloud":{"account_uid":"123456789012","provider":"AWS","region":"us-east-1"},"connection_info":{"direction":"Unknown","direction_id":0,"protocol_name":"UDP"},"disposition":"No Action","disposition_id":16,"dst_endpoint":{"instance_uid":"rslvr-in-0000000000000000","interface_uid":"rni-0000000000000000"},"metadata":{"product":{"feature":{"name":"Resolver Query Logs"},"name":"Route 53","vendor_name":"AWS","version":"1.100000"},"profiles":["cloud","security_control"],"version":"1.0.0-rc.2"},"query":{"class":"IN","hostname":"ip-127-0-0-62.alert.firewall.canary.","type":"A"},"rcode":"NoError","rcode_id":0,"severity":"Informational","severity_id":1,"src_endpoint":{"instance_uid":null,"ip":"10.200.21.100","port":15083,"vpc_uid":"vpc-00000000000000000"},"time":1665694956000,"type_name":"DNS Activity: Response","type_uid":400302,"unmapped":[{"key":"firewall_rule_group_id","value":"rslvr-frg-000000000000000"},{"key":"firewall_domain_list_id","value":"rslvr-fdl-0000000000000"}]} diff --git a/x-pack/libbeat/reader/parquet/testdata/vpc_flow.json b/x-pack/libbeat/reader/parquet/testdata/vpc_flow.json new file mode 100644 index 000000000000..f50fef9d0ea8 --- /dev/null +++ b/x-pack/libbeat/reader/parquet/testdata/vpc_flow.json @@ -0,0 +1,330 @@ +[ + { + "activity_id": 0, + "activity_name": "", + "category_name": "Network Activity", + "category_uid": 4, + "class_name": "Network Activity", + "class_uid": 4001, + "cloud": { + "account_uid": "unknown", + "provider": "AWS", + "region": "us-east-1", + "zone": "use1-az3" + }, + "connection_info": { + "boundary": "Unknown", + "boundary_id": 0, + "direction": "-", + "direction_id": 0, + "protocol_num": null, + "protocol_ver": "-", + "tcp_flags": null + }, + "dst_endpoint": { + "instance_uid": null, + "interface_uid": null, + "intermediate_ips": null, + "ip": "-", + "port": null, + "subnet_uid": null, + "svc_name": "-", + "vpc_uid": null + }, + "end_time": 1680171303000, + "metadata": { + "product": { + "feature": { + "name": "Flowlogs" + }, + "name": "Amazon VPC", + "vendor_name": "AWS", + "version": "5" + }, + "profiles": [ + "cloud" + ], + "version": "0.39.0" + }, + "severity": "Other", + "severity_id": -1, + "src_endpoint": { + "instance_uid": "-", + "interface_uid": "eni-0a5df14ccfec68e31", + "intermediate_ips": null, + "ip": "-", + "port": null, + "subnet_uid": "subnet-73bd7642", + "svc_name": "-", + "vpc_uid": "vpc-d514c4a8" + }, + "start_time": 1680171259000, + "time": 1680171259000, + "traffic": { + "bytes": null, + "packets": null + }, + "type_name": "Network Activity: Unknown", + "type_uid": 400100, + "unmapped": [ + { + "key": "log_status", + "value": "NODATA" + }, + { + "key": "sublocation_id", + "value": "-" + }, + { + "key": "sublocation_type", + "value": "-" + } + ] + }, + { + "activity_id": 0, + "activity_name": "", + "category_name": "Network Activity", + "category_uid": 4, + "class_name": "Network Activity", + "class_uid": 4001, + "cloud": { + "account_uid": "unknown", + "provider": "AWS", + "region": "us-east-1", + "zone": "use1-az5" + }, + "connection_info": { + "boundary": "Unknown", + "boundary_id": 0, + "direction": "-", + "direction_id": 0, + "protocol_num": null, + "protocol_ver": "-", + "tcp_flags": null + }, + "dst_endpoint": { + "instance_uid": null, + "interface_uid": null, + "intermediate_ips": null, + "ip": "-", + "port": null, + "subnet_uid": null, + "svc_name": "-", + "vpc_uid": null + }, + "end_time": 1680171323000, + "metadata": { + "product": { + "feature": { + "name": "Flowlogs" + }, + "name": "Amazon VPC", + "vendor_name": "AWS", + "version": "5" + }, + "profiles": [ + "cloud" + ], + "version": "0.39.0" + }, + "severity": "Other", + "severity_id": -1, + "src_endpoint": { + "instance_uid": "-", + "interface_uid": "eni-04ec237a893668df7", + "intermediate_ips": null, + "ip": "-", + "port": null, + "subnet_uid": "subnet-89dda387", + "svc_name": "-", + "vpc_uid": "vpc-d514c4a8" + }, + "start_time": 1680171291000, + "time": 1680171291000, + "traffic": { + "bytes": null, + "packets": null + }, + "type_name": "Network Activity: Unknown", + "type_uid": 400100, + "unmapped": [ + { + "key": "log_status", + "value": "NODATA" + }, + { + "key": "sublocation_id", + "value": "-" + }, + { + "key": "sublocation_type", + "value": "-" + } + ] + }, + { + "activity_id": 0, + "activity_name": "", + "category_name": "Network Activity", + "category_uid": 4, + "class_name": "Network Activity", + "class_uid": 4001, + "cloud": { + "account_uid": "unknown", + "provider": "AWS", + "region": "us-east-1", + "zone": "use1-az4" + }, + "connection_info": { + "boundary": "Unknown", + "boundary_id": 0, + "direction": "-", + "direction_id": 0, + "protocol_num": null, + "protocol_ver": "-", + "tcp_flags": null + }, + "dst_endpoint": { + "instance_uid": null, + "interface_uid": null, + "intermediate_ips": null, + "ip": "-", + "port": null, + "subnet_uid": null, + "svc_name": "-", + "vpc_uid": null + }, + "end_time": 1680171314000, + "metadata": { + "product": { + "feature": { + "name": "Flowlogs" + }, + "name": "Amazon VPC", + "vendor_name": "AWS", + "version": "5" + }, + "profiles": [ + "cloud" + ], + "version": "0.39.0" + }, + "severity": "Other", + "severity_id": -1, + "src_endpoint": { + "instance_uid": "-", + "interface_uid": "eni-08bb1f5c30966d3bf", + "intermediate_ips": null, + "ip": "-", + "port": null, + "subnet_uid": "subnet-bae9bdf7", + "svc_name": "-", + "vpc_uid": "vpc-d514c4a8" + }, + "start_time": 1680171294000, + "time": 1680171294000, + "traffic": { + "bytes": null, + "packets": null + }, + "type_name": "Network Activity: Unknown", + "type_uid": 400100, + "unmapped": [ + { + "key": "log_status", + "value": "NODATA" + }, + { + "key": "sublocation_id", + "value": "-" + }, + { + "key": "sublocation_type", + "value": "-" + } + ] + }, + { + "activity_id": 0, + "activity_name": "", + "category_name": "Network Activity", + "category_uid": 4, + "class_name": "Network Activity", + "class_uid": 4001, + "cloud": { + "account_uid": "unknown", + "provider": "AWS", + "region": "us-east-1", + "zone": "use1-az3" + }, + "connection_info": { + "boundary": "Unknown", + "boundary_id": 0, + "direction": "-", + "direction_id": 0, + "protocol_num": null, + "protocol_ver": "-", + "tcp_flags": null + }, + "dst_endpoint": { + "instance_uid": null, + "interface_uid": null, + "intermediate_ips": null, + "ip": "-", + "port": null, + "subnet_uid": null, + "svc_name": "-", + "vpc_uid": null + }, + "end_time": 1680171363000, + "metadata": { + "product": { + "feature": { + "name": "Flowlogs" + }, + "name": "Amazon VPC", + "vendor_name": "AWS", + "version": "5" + }, + "profiles": [ + "cloud" + ], + "version": "0.39.0" + }, + "severity": "Other", + "severity_id": -1, + "src_endpoint": { + "instance_uid": "-", + "interface_uid": "eni-0a5df14ccfec68e31", + "intermediate_ips": null, + "ip": "-", + "port": null, + "subnet_uid": "subnet-73bd7642", + "svc_name": "-", + "vpc_uid": "vpc-d514c4a8" + }, + "start_time": 1680171319000, + "time": 1680171319000, + "traffic": { + "bytes": null, + "packets": null + }, + "type_name": "Network Activity: Unknown", + "type_uid": 400100, + "unmapped": [ + { + "key": "log_status", + "value": "NODATA" + }, + { + "key": "sublocation_id", + "value": "-" + }, + { + "key": "sublocation_type", + "value": "-" + } + ] + } +] \ No newline at end of file diff --git a/x-pack/libbeat/reader/parquet/testdata/vpc_flow.ndjson b/x-pack/libbeat/reader/parquet/testdata/vpc_flow.ndjson deleted file mode 100644 index 9f8573d86df7..000000000000 --- a/x-pack/libbeat/reader/parquet/testdata/vpc_flow.ndjson +++ /dev/null @@ -1,1304 +0,0 @@ -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171303000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171259000,"time":1680171259000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171323000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171291000,"time":1680171291000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171314000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171294000,"time":1680171294000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171363000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171319000,"time":1680171319000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171390000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171341000,"time":1680171341000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171383000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171351000,"time":1680171351000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171374000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171354000,"time":1680171354000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171415000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171359000,"time":1680171359000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171423000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171379000,"time":1680171379000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171450000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171401000,"time":1680171401000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171433000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171404000,"time":1680171404000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171443000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171411000,"time":1680171411000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171434000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171414000,"time":1680171414000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171475000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171419000,"time":1680171419000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171483000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171439000,"time":1680171439000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171480000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171453000,"time":1680171453000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171510000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":64121,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":12186,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":22121,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":45990,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":1},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":20558,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":524,"packets":4},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":32522,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":52217,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":44852,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":56516,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":37340,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":49038,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35533,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":52791,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":44852,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11167,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19145,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19145,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35533,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":12186,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":52791,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":34059,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":49038,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":52217,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35247,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":23567,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":34059,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19958,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":51644,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":64121,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":51644,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":37340,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19958,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":1},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":20558,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":605,"packets":5},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":51912,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":22121,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":26702,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":23567,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":51912,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40510,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":45105,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":32522,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":59841,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19579,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35247,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40510,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":56516,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":26702,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19579,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":45105,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":45990,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":59841,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11167,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171519000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171461000,"time":1680171461000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171482000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171462000,"time":1680171462000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171493000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171464000,"time":1680171464000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171486000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171467000,"time":1680171467000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171503000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171471000,"time":1680171471000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171544000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171473000,"time":1680171473000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171494000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171474000,"time":1680171474000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171533000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171475000,"time":1680171475000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171535000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171479000,"time":1680171479000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171543000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171499000,"time":1680171499000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171540000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171513000,"time":1680171513000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171560000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171517000,"time":1680171517000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171570000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21304,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19739,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":1175,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":22031,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34685,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":23551,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":64727,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":39093,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":24539,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":49412,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40652,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":16342,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":22031,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":37231,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13495,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34685,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":43731,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":63988,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":58098,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":23688,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":41940,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":26430,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47342,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34654,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":23688,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":63988,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":50875,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":32234,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":24539,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":47283,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34654,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":5000,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35272,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":23343,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47102,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":23343,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21304,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":1175,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":27392,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":38456,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47102,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":38456,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":41940,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":16342,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":5000,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":62840,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":26430,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":14958,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":47283,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":43731,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19739,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":20419,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":39093,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":32234,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":15655,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":62840,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":23551,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":37231,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11271,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":42205,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":58098,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":50875,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35272,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":42205,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":7687,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":28511,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40652,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":49412,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":18012,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":14958,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11271,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47342,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":28511,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":20419,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":27392,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":7687,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":15655,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13495,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":18012,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171579000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":64727,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171521000,"time":1680171521000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171542000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171522000,"time":1680171522000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171553000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171524000,"time":1680171524000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171546000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171527000,"time":1680171527000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171563000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171531000,"time":1680171531000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171544000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171531000,"time":1680171531000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171554000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171534000,"time":1680171534000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171593000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171535000,"time":1680171535000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171595000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171539000,"time":1680171539000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171603000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171559000,"time":1680171559000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171583000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171570000,"time":1680171570000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171600000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171573000,"time":1680171573000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171620000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171577000,"time":1680171577000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":17254,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":64801,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":1428,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":8607,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":19843,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":13099,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":49207,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":18015,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":23506,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":53005,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":2726,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40759,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":20671,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":9013,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":54340,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":10614,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34637,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":20671,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":2726,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":17400,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":13085,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":49207,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":1428,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":25453,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34637,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":37132,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":3379,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":36909,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":55128,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":29133,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":13588,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11038,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47680,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":54340,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":10614,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":9013,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":9334,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40759,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":50564,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":11434,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":26995,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":64801,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":29133,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":56082,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":17254,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6544,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":9766,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":25980,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":17865,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":19843,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":14679,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":64473,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":55128,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":23506,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":25878,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":37132,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":13099,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":25453,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":3379,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":9334,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":17400,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":14679,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":8607,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":26995,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":53005,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":13085,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":36909,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":64473,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":25878,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":50564,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11038,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1620,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":11434,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":4914,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47680,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":17865,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":56082,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":18015,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":13588,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":4914,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":9766,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171639000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":25980,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":4728,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":4728,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171579000,"time":1680171579000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171630000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171581000,"time":1680171581000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171602000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171582000,"time":1680171582000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171613000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171584000,"time":1680171584000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171606000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171587000,"time":1680171587000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171623000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171591000,"time":1680171591000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171604000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171591000,"time":1680171591000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171664000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171593000,"time":1680171593000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171614000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171594000,"time":1680171594000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171653000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171595000,"time":1680171595000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171655000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171599000,"time":1680171599000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171622000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171600000,"time":1680171600000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171663000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171619000,"time":1680171619000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171643000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171630000,"time":1680171630000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171660000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171633000,"time":1680171633000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171680000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171637000,"time":1680171637000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":50891,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63522,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63915,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":32753,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":46830,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34182,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":43935,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":10108,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":36571,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":50644,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":4344,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35673,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":26080,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":16676,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":50644,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1764,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":59654,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1764,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12894,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34559,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":15875,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":59654,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11126,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":30221,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27600,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":30221,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63522,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":10108,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":55208,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1764,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":1829,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":36571,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":59914,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63915,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12894,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":33533,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":27029,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6544,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":2392,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27698,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":4344,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":16676,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":7335,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27698,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":12190,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":7335,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":43963,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":8913,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":43935,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":55208,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27600,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":43963,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":26080,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":8913,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":15875,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":12190,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":65249,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":65249,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":40259,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":46830,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":33533,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":40259,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":55429,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11126,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":27029,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":2392,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34182,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":1829,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":50891,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":55429,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":59914,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34559,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35673,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":32753,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171699000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171639000,"time":1680171639000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171690000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171641000,"time":1680171641000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171662000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171642000,"time":1680171642000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171673000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171644000,"time":1680171644000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171726000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171647000,"time":1680171647000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171683000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171651000,"time":1680171651000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171664000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171651000,"time":1680171651000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171674000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171654000,"time":1680171654000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171713000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171655000,"time":1680171655000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171715000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171659000,"time":1680171659000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171723000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171679000,"time":1680171679000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171721000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171693000,"time":1680171693000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171740000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171697000,"time":1680171697000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":61883,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13150,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1620,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":26502,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63379,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12018,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":27847,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57834,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21599,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57874,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":4850,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":45658,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":36598,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47571,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":48131,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":9146,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":61883,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":4099,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":42605,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":35434,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":35324,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":36598,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":9634,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":48131,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":53159,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":51005,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":41038,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":42347,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57874,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":8550,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6647,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":6345,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34823,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":15676,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":16533,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34823,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47036,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":48282,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":14512,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":9542,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":64844,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47571,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":49524,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":62456,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":26502,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":64844,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":53159,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":25604,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":51005,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12018,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":36071,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":45767,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":62119,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":4642,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":37884,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":56288,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":8550,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1620,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":54463,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":9634,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":9146,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21599,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":49360,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":33819,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":48282,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":55995,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":42605,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":34597,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63756,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":27847,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47036,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":45658,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":36071,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":29840,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":4099,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":27539,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63379,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":16332,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":5776,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13592,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":41038,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":5776,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":62456,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":6345,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":9542,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":56288,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13150,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":25604,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63756,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":18973,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":45767,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":35434,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":2785,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13592,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":18973,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":49524,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":29840,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21132,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":62818,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":27539,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":42347,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":14512,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":62818,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":49360,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":34597,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":54463,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21132,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":22972,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":16332,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":33819,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":16533,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":22972,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":4642,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":55995,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":35324,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":15676,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":2785,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":4850,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":37884,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57834,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171759000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":62119,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":65299,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":65299,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171699000,"time":1680171699000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171750000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171701000,"time":1680171701000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171722000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171702000,"time":1680171702000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171733000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171704000,"time":1680171704000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171743000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171711000,"time":1680171711000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171724000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171711000,"time":1680171711000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171724000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171713000,"time":1680171713000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171734000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171714000,"time":1680171714000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171773000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171715000,"time":1680171715000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171775000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171719000,"time":1680171719000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171783000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171739000,"time":1680171739000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171763000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171750000,"time":1680171750000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171781000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171753000,"time":1680171753000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171801000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171757000,"time":1680171757000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27569,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":48630,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":51752,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":29343,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":14029,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13388,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":40906,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":29470,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":40906,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":15951,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":45883,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40008,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":52090,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":39316,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6544,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":42840,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":45883,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":59751,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":22736,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":56576,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":45874,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":39316,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":31864,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":61141,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":8212,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":62676,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":10916,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":50449,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27133,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":57135,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":29343,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":56576,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":7441,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27133,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":55553,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":15951,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":14029,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":16657,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":51752,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":22736,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":31864,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":16657,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27569,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":59751,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40008,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":48630,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":12711,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":12711,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":61141,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":60229,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":49202,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":56776,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":29470,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":7441,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":63151,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":57135,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":65450,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1556,"packets":11},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":63151,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":8212,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":10916,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":42840,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47770,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":45874,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":52090,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":50449,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":60229,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13883,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47770,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":56776,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":49202,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":65450,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6544,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13883,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":55553,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":62676,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171819000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13388,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34335,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":34335,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":32985,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47120,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47120,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":32985,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171760000,"time":1680171760000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171811000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171761000,"time":1680171761000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171782000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171762000,"time":1680171762000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171793000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171764000,"time":1680171764000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171786000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171767000,"time":1680171767000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171803000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171771000,"time":1680171771000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171844000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171771000,"time":1680171771000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171844000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171773000,"time":1680171773000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171795000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171774000,"time":1680171774000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171805000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171775000,"time":1680171775000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171833000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171775000,"time":1680171775000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171835000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171779000,"time":1680171779000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171843000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171799000,"time":1680171799000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171841000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171813000,"time":1680171813000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171846000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171815000,"time":1680171815000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171861000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171817000,"time":1680171817000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171850000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171819000,"time":1680171819000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":23971,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":34954,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":52931,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":18288,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12621,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":6839,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":24458,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":10411,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":62020,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":16562,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":6839,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":18288,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":61932,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":47727,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63231,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":59930,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":34954,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11291,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12621,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":24458,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":52931,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":29695,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":46468,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":54466,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":51950,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":23971,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":29771,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":45146,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":41933,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":28186,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":59930,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":62612,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":21230,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":61932,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":45146,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11291,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":29695,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":42968,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":22074,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":28186,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":46442,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":25318,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":42968,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":62020,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":11510,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":17441,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":25318,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":29771,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":51950,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":46468,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12217,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":44496,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":17426,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":54466,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12217,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":47727,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":44496,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":3002,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":46442,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":21230,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":22074,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":11510,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":16562,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":3002,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":41933,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":17426,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63231,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":10411,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":44845,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":17441,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":62612,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":44845,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":46937,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":46937,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171820000,"time":1680171820000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171871000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171821000,"time":1680171821000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171842000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171822000,"time":1680171822000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171853000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171824000,"time":1680171824000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171846000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171827000,"time":1680171827000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":34335,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171830000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171828000,"time":1680171828000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171830000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":34335,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171828000,"time":1680171828000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":29695,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171840000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171828000,"time":1680171828000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":62612,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171840000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171828000,"time":1680171828000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171840000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":62612,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171828000,"time":1680171828000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171840000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":27133,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171828000,"time":1680171828000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171840000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":29695,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171828000,"time":1680171828000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":27133,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171840000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171828000,"time":1680171828000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171858000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06549ab89f11eea12","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171828000,"time":1680171828000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":63151,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171837000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171829000,"time":1680171829000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171837000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":63151,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171829000,"time":1680171829000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171837000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":61932,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171829000,"time":1680171829000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":61932,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171837000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171829000,"time":1680171829000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":62020,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171837000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171829000,"time":1680171829000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171837000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":62020,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171829000,"time":1680171829000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171863000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171831000,"time":1680171831000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171855000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171834000,"time":1680171834000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171865000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171834000,"time":1680171834000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171836000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":22074,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171834000,"time":1680171834000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":23971,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171836000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171834000,"time":1680171834000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":22074,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171836000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171834000,"time":1680171834000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171836000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":23971,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171834000,"time":1680171834000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171893000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171835000,"time":1680171835000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":54466,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171844000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171836000,"time":1680171836000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":58204,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171844000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171836000,"time":1680171836000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":24458,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171844000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171836000,"time":1680171836000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171844000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":24458,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171836000,"time":1680171836000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171844000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":54466,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171836000,"time":1680171836000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171844000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":58204,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171836000,"time":1680171836000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171895000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171839000,"time":1680171839000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171847000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":18288,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171846000,"time":1680171846000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":18288,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171847000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171846000,"time":1680171846000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":46657,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171862000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171852000,"time":1680171852000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":51950,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171862000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171852000,"time":1680171852000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171862000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":17426,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171852000,"time":1680171852000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171862000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":51950,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171852000,"time":1680171852000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":17426,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171862000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171852000,"time":1680171852000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171862000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":46657,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171852000,"time":1680171852000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":52931,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171869000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171852000,"time":1680171852000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171869000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":23035,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171852000,"time":1680171852000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171869000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":52931,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171852000,"time":1680171852000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":23035,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171869000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171852000,"time":1680171852000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171863000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":12217,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171853000,"time":1680171853000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171863000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":11510,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171853000,"time":1680171853000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":10553,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171863000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171853000,"time":1680171853000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":11510,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171863000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171853000,"time":1680171853000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171863000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":10553,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171853000,"time":1680171853000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":12217,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171863000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171853000,"time":1680171853000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":1604,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171872000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"94.102.61.27","port":44743,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171854000,"time":1680171854000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":110,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171872000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"27.47.27.95","port":58914,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171854000,"time":1680171854000,"traffic":{"bytes":44,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":3840,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171872000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"193.163.125.185","port":39322,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171854000,"time":1680171854000,"traffic":{"bytes":44,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":5252,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171872000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"94.102.61.49","port":33922,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171854000,"time":1680171854000,"traffic":{"bytes":44,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":17,"protocol_ver":"IPv4","tcp_flags":0},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":5353,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171872000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"94.102.61.31","port":57148,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171854000,"time":1680171854000,"traffic":{"bytes":74,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":44496,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171860000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171855000,"time":1680171855000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171860000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":40862,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171855000,"time":1680171855000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":40862,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171860000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171855000,"time":1680171855000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171860000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":44496,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171855000,"time":1680171855000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171879000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171859000,"time":1680171859000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171890000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08ba8b44461eb2885","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171860000,"time":1680171860000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":44114,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171871000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171863000,"time":1680171863000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":44845,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171871000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171863000,"time":1680171863000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171871000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":44845,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171863000,"time":1680171863000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171871000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":42968,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171863000,"time":1680171863000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171871000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":44114,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171863000,"time":1680171863000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":42968,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171871000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171863000,"time":1680171863000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":27178,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171888000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171866000,"time":1680171866000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171888000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":59930,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171866000,"time":1680171866000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":59930,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171888000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171866000,"time":1680171866000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171888000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":27178,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171866000,"time":1680171866000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":23005,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171893000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171871000,"time":1680171871000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":21230,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171893000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171871000,"time":1680171871000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":23894,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171893000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171871000,"time":1680171871000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171893000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":21230,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171871000,"time":1680171871000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171893000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":25963,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171871000,"time":1680171871000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171893000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":23005,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171871000,"time":1680171871000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":25963,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171893000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171871000,"time":1680171871000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171893000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":23894,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171871000,"time":1680171871000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171901000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171873000,"time":1680171873000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171906000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171875000,"time":1680171875000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":35225,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171876000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171876000,"time":1680171876000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171876000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":35225,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171876000,"time":1680171876000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171921000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171877000,"time":1680171877000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171892000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":19737,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171878000,"time":1680171878000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":46511,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171892000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171878000,"time":1680171878000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171892000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":46511,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171878000,"time":1680171878000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":19737,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171892000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171878000,"time":1680171878000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171910000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171879000,"time":1680171879000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171891000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":11596,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171891000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":12318,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":11596,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171891000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":12318,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171891000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171931000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":58204,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":58204,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":25963,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":41846,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12154,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":9887,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6647,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":11596,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":48992,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21369,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":50704,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40862,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":37996,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":59736,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12318,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":8237,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":26187,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":41846,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27178,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":9887,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1568,"packets":11},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40862,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":23005,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":47543,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":10553,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":46223,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11063,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1556,"packets":11},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":23894,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":38452,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":1394,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":1394,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":51267,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":26187,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21369,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":48992,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":23894,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35225,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":22915,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":22915,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":19707,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":23005,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":46511,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21425,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":44114,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":60225,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":11063,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6544,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":51267,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35225,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12154,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":47944,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21425,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":59736,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13234,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":50704,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":11596,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":46657,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":8237,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":12318,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":46511,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":30779,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":30779,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":14467,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":38452,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":19707,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":13234,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":23035,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":65024,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":46223,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":65024,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":23035,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19737,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":44114,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":47944,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":46657,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19737,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":37996,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":10553,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27178,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":47543,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":14467,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":60225,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":25963,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171939000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171881000,"time":1680171881000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171902000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171882000,"time":1680171882000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171913000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171884000,"time":1680171884000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171906000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171887000,"time":1680171887000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":47543,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171888000,"time":1680171888000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":46468,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171888000,"time":1680171888000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":14467,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171888000,"time":1680171888000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":14467,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171888000,"time":1680171888000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":46468,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171888000,"time":1680171888000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":47543,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171888000,"time":1680171888000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171918000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06549ab89f11eea12","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171888000,"time":1680171888000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":7446,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171912000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"89.248.163.175","port":43256,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171890000,"time":1680171890000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":43788,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171912000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"89.248.165.22","port":41749,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171890000,"time":1680171890000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171904000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171891000,"time":1680171891000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":60225,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171892000,"time":1680171892000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":65024,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171892000,"time":1680171892000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":60225,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171892000,"time":1680171892000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":65024,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171892000,"time":1680171892000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171964000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171893000,"time":1680171893000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171925000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171894000,"time":1680171894000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171953000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171895000,"time":1680171895000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171955000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08bb1f5c30966d3bf","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171899000,"time":1680171899000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":59736,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171900000,"time":1680171900000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":28186,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171900000,"time":1680171900000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":28186,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171900000,"time":1680171900000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":59736,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171900000,"time":1680171900000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171902000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":46937,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171902000,"time":1680171902000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":46937,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171902000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171902000,"time":1680171902000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171910000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":26187,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171904000,"time":1680171904000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171910000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":21425,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171904000,"time":1680171904000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171910000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":21369,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171904000,"time":1680171904000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":21425,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171910000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171904000,"time":1680171904000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":21369,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171910000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171904000,"time":1680171904000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":26187,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171910000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171904000,"time":1680171904000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":46116,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171929000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171905000,"time":1680171905000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":8237,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171929000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171905000,"time":1680171905000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171929000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":8237,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171905000,"time":1680171905000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171929000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":46116,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171905000,"time":1680171905000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":1394,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171906000,"time":1680171906000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":1394,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171906000,"time":1680171906000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":37161,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171907000,"time":1680171907000,"traffic":{"bytes":112,"packets":2},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":18},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":37161,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171907000,"time":1680171907000,"traffic":{"bytes":60,"packets":1},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":37996,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171907000,"time":1680171907000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171908000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":37996,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171907000,"time":1680171907000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":22915,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171911000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171910000,"time":1680171910000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171911000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":22915,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171910000,"time":1680171910000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":11063,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171916000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171914000,"time":1680171914000,"traffic":{"bytes":6544,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171916000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":11063,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171914000,"time":1680171914000,"traffic":{"bytes":1556,"packets":11},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171925000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":47944,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171914000,"time":1680171914000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":50704,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171925000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171914000,"time":1680171914000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171925000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":50704,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171914000,"time":1680171914000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":51267,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171925000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171914000,"time":1680171914000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171925000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":51267,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171914000,"time":1680171914000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":47944,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171925000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171914000,"time":1680171914000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":19707,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171925000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171914000,"time":1680171914000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171925000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":19707,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171914000,"time":1680171914000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171936000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171917000,"time":1680171917000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171942000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":30779,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171918000,"time":1680171918000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":59521,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171942000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171918000,"time":1680171918000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171942000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":59521,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171918000,"time":1680171918000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":30779,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171942000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171918000,"time":1680171918000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171950000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08ba8b44461eb2885","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171920000,"time":1680171920000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171924000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":21378,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171922000,"time":1680171922000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":21378,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171924000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171922000,"time":1680171922000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171940000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":38452,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171924000,"time":1680171924000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":2340,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171940000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171924000,"time":1680171924000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171940000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":2340,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171924000,"time":1680171924000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":38452,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171940000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171924000,"time":1680171924000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":1,"protocol_ver":"IPv4","tcp_flags":0},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":0,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171941000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"208.115.230.98","port":0,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171928000,"time":1680171928000,"traffic":{"bytes":34,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":3389,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171941000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"180.214.239.113","port":57147,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171928000,"time":1680171928000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171943000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171930000,"time":1680171930000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":13234,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171935000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171931000,"time":1680171931000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171935000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":41846,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171931000,"time":1680171931000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":12154,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171935000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171931000,"time":1680171931000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":41846,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171935000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171931000,"time":1680171931000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171935000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":12154,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171931000,"time":1680171931000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171935000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":13234,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171931000,"time":1680171931000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171962000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171931000,"time":1680171931000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171961000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171933000,"time":1680171933000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171966000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171935000,"time":1680171935000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":48992,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171938000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171936000,"time":1680171936000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171938000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":48992,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171936000,"time":1680171936000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171981000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171937000,"time":1680171937000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":20943,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":54321,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":50476,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":59521,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":46116,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":39312,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":37161,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":14990,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":50476,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19894,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":64734,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57574,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6709,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":59390,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":6354,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":14990,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":63666,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1764,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":1441,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":56897,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":59390,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":2340,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":5488,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":41922,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":2340,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":30456,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35441,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":20943,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21378,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":5488,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":41922,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":39312,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":16494,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":64734,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":35441,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":21378,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":4752,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":37161,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":19030,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":29844,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19894,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":30622,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":9420,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":30622,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":63666,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":56897,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":1441,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":30456,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":54321,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":29844,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":47421,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":6354,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":16494,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":9420,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":4752,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57574,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":46116,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":59521,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":47421,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171999000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":19030,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171939000,"time":1680171939000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171962000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171942000,"time":1680171942000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":47421,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171953000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171943000,"time":1680171943000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171953000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":46223,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171943000,"time":1680171943000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171953000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":47421,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171943000,"time":1680171943000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":46223,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171953000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171943000,"time":1680171943000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171973000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":18},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":55190,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"162.19.170.45","port":25565,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":52623,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"45.227.253.110","port":56413,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":52527,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"185.156.73.107","port":52137,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":3289,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"176.111.174.80","port":40040,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":7090,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"94.102.61.39","port":59554,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":53999,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"45.227.253.110","port":56413,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":8089,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"185.56.80.40","port":37078,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":20943,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":56897,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":56897,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":54321,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":54321,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":20943,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171944000,"time":1680171944000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171966000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171947000,"time":1680171947000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171978000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06549ab89f11eea12","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171948000,"time":1680171948000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171964000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171951000,"time":1680171951000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171984000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171953000,"time":1680171953000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171985000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171953000,"time":1680171953000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172013000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171955000,"time":1680171955000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171960000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":59390,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171956000,"time":1680171956000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171960000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":64734,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171956000,"time":1680171956000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":64734,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171960000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171956000,"time":1680171956000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":59390,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171960000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171956000,"time":1680171956000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171958000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":63666,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171957000,"time":1680171957000,"traffic":{"bytes":1764,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":63666,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171958000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171957000,"time":1680171957000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":5488,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171962000,"time":1680171962000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":4796,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171962000,"time":1680171962000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":5488,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171962000,"time":1680171962000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171970000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":4796,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171962000,"time":1680171962000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171978000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":39312,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171966000,"time":1680171966000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":6861,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171978000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171966000,"time":1680171966000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":1},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171978000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":37161,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171966000,"time":1680171966000,"traffic":{"bytes":1548,"packets":11},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171978000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":1441,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171966000,"time":1680171966000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":39312,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171978000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171966000,"time":1680171966000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":1},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":37161,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171978000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171966000,"time":1680171966000,"traffic":{"bytes":6536,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":35441,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171978000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171966000,"time":1680171966000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171978000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":6861,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171966000,"time":1680171966000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":1441,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171978000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171966000,"time":1680171966000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171978000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":35441,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171966000,"time":1680171966000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":9420,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171971000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171969000,"time":1680171969000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171971000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":9420,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171969000,"time":1680171969000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":50476,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171993000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171969000,"time":1680171969000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171993000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":50476,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171969000,"time":1680171969000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":19030,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171993000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171969000,"time":1680171969000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":14990,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171993000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171969000,"time":1680171969000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171993000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":19030,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171969000,"time":1680171969000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171993000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":14990,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171969000,"time":1680171969000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":41922,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171974000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171972000,"time":1680171972000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171974000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":41922,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171972000,"time":1680171972000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171991000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171972000,"time":1680171972000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":16494,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171976000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171974000,"time":1680171974000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171976000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":16494,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171974000,"time":1680171974000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":9146,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171996000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"162.142.125.189","port":5769,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171976000,"time":1680171976000,"traffic":{"bytes":44,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":9302,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171996000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"162.142.125.187","port":23767,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171976000,"time":1680171976000,"traffic":{"bytes":44,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":83,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171996000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"170.187.165.139","port":44738,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171976000,"time":1680171976000,"traffic":{"bytes":44,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":18},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":30411,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171996000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"162.19.170.56","port":25565,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171976000,"time":1680171976000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":7169,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171996000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"94.102.61.39","port":33177,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171976000,"time":1680171976000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":18},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":28768,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171994000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171978000,"time":1680171978000,"traffic":{"bytes":60,"packets":1},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171994000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":33210,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171978000,"time":1680171978000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":30622,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171994000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171978000,"time":1680171978000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":33210,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680171994000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171978000,"time":1680171978000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171994000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":30622,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171978000,"time":1680171978000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680171994000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":28768,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171978000,"time":1680171978000,"traffic":{"bytes":112,"packets":2},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172010000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08ba8b44461eb2885","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171980000,"time":1680171980000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172004000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":30456,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171987000,"time":1680171987000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":29844,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172004000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171987000,"time":1680171987000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":30456,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172004000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171987000,"time":1680171987000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172004000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":29844,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171987000,"time":1680171987000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172003000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171990000,"time":1680171990000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172022000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171991000,"time":1680171991000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":19894,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172008000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171992000,"time":1680171992000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172008000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":19230,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171992000,"time":1680171992000,"traffic":{"bytes":1556,"packets":11},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172008000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":19894,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171992000,"time":1680171992000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":14606,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172008000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171992000,"time":1680171992000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172008000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":14606,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171992000,"time":1680171992000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":18},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":19230,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172008000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171992000,"time":1680171992000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172021000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171993000,"time":1680171993000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172026000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171995000,"time":1680171995000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172041000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171997000,"time":1680171997000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172030000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57218,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40136,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57381,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":59875,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":7789,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":14606,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":61869,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19230,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":4796,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":46019,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":18719,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":30760,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1620,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":41771,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":6861,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":37026,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":32247,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63589,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":63007,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":46019,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":31487,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":4796,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40136,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":43573,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27824,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":33210,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":54238,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57200,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":32969,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63589,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":41771,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":27824,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":30760,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63460,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":32247,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57200,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":31602,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":6861,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":31602,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":61869,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":18719,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":59875,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":63007,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":54238,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":7750,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":32969,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":19230,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":37026,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47616,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":22255,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":22255,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":44323,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57381,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":44323,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":36704,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":31487,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":42294,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":36704,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":7750,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1764,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":7789,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":43573,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40369,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":63460,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":28768,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":33210,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":14606,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":28768,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.24.114","port":40369,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":42294,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":47616,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.32.136","port":57218,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172060000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-00b6881aa296e8f39","intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680171999000,"time":1680171999000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172030000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172000000,"time":1680172000000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172022000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172002000,"time":1680172002000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172028000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":36704,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172004000,"time":1680172004000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172028000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":6354,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172004000,"time":1680172004000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172028000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":4752,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172004000,"time":1680172004000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":4752,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172028000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172004000,"time":1680172004000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":37026,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172028000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172004000,"time":1680172004000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":36704,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172028000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172004000,"time":1680172004000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172028000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":37026,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172004000,"time":1680172004000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":6354,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172028000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172004000,"time":1680172004000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":3301,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172031000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"185.234.216.10","port":54412,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172004000,"time":1680172004000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":6105,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172031000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"89.248.163.175","port":43256,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172004000,"time":1680172004000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az3"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172026000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0a5df14ccfec68e31","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-73bd7642","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172007000,"time":1680172007000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172014000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":43573,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172008000,"time":1680172008000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172014000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":42294,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172008000,"time":1680172008000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":43573,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172014000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172008000,"time":1680172008000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":42294,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172014000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172008000,"time":1680172008000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":57218,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172011000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172008000,"time":1680172008000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172011000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":57218,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172008000,"time":1680172008000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172011000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":54238,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172008000,"time":1680172008000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":54238,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172011000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172008000,"time":1680172008000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":40369,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172010000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172008000,"time":1680172008000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172010000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":40369,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172008000,"time":1680172008000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06549ab89f11eea12","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172008000,"time":1680172008000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":7789,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172039000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172011000,"time":1680172011000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172039000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":7750,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172011000,"time":1680172011000,"traffic":{"bytes":1764,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172039000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":7789,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172011000,"time":1680172011000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":7750,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172039000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172011000,"time":1680172011000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172025000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172011000,"time":1680172011000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172024000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0fa968b39d58a2738","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172013000,"time":1680172013000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172045000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172014000,"time":1680172014000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az2"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172073000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-036d745e6b865b1f9","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-17dc5e36","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172015000,"time":1680172015000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":59875,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":31487,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":59875,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":27824,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":27824,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":32969,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":31487,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":61869,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":61869,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":63589,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":63589,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":32969,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172038000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172018000,"time":1680172018000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":64848,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172037000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172024000,"time":1680172024000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172037000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":64848,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172024000,"time":1680172024000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":63007,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172037000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172024000,"time":1680172024000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172037000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":63007,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172024000,"time":1680172024000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172036000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":57574,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172025000,"time":1680172025000,"traffic":{"bytes":1776,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172036000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":57381,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172025000,"time":1680172025000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":57381,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172036000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172025000,"time":1680172025000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":57574,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172036000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172025000,"time":1680172025000,"traffic":{"bytes":6709,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172042000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":18719,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172025000,"time":1680172025000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":47616,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172042000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172025000,"time":1680172025000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172042000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":47616,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172025000,"time":1680172025000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":18719,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172042000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172025000,"time":1680172025000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":9000,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172062000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"198.199.114.128","port":35591,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172034000,"time":1680172034000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":2017,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172062000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"185.234.216.16","port":54502,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172034000,"time":1680172034000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172037000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":7741,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172035000,"time":1680172035000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":7741,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172037000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172035000,"time":1680172035000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172070000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08ba8b44461eb2885","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172040000,"time":1680172040000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":31602,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172054000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172046000,"time":1680172046000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":63728,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172054000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172046000,"time":1680172046000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172054000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":63728,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172046000,"time":1680172046000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":1},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":28768,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172054000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172046000,"time":1680172046000,"traffic":{"bytes":6691,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":1},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172054000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":28768,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172046000,"time":1680172046000,"traffic":{"bytes":1560,"packets":11},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172054000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":31602,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172046000,"time":1680172046000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":63460,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172054000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172046000,"time":1680172046000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172054000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":63460,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172046000,"time":1680172046000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172069000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172047000,"time":1680172047000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172063000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":40136,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172048000,"time":1680172048000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172063000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":46019,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172048000,"time":1680172048000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":46019,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172063000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172048000,"time":1680172048000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":40136,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172063000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172048000,"time":1680172048000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172086000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172055000,"time":1680172055000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172101000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172057000,"time":1680172057000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172090000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172059000,"time":1680172059000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":44323,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172067000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172061000,"time":1680172061000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172067000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":41771,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172061000,"time":1680172061000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172067000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":44323,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172061000,"time":1680172061000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":41771,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172067000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172061000,"time":1680172061000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":27413,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172063000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172062000,"time":1680172062000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172063000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":27413,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172062000,"time":1680172062000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":17,"protocol_ver":"IPv4","tcp_flags":0},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":1604,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172068000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"80.82.77.139","port":20133,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172062000,"time":1680172062000,"traffic":{"bytes":70,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":88,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172068000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"74.82.47.27","port":49969,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172062000,"time":1680172062000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172078000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":34285,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172063000,"time":1680172063000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":6698,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172078000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172063000,"time":1680172063000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172078000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":6698,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172063000,"time":1680172063000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":34285,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172078000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172063000,"time":1680172063000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":1},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":19230,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172071000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172067000,"time":1680172067000,"traffic":{"bytes":52,"packets":1},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":15327,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172071000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172067000,"time":1680172067000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":1},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172071000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":19230,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172067000,"time":1680172067000,"traffic":{"bytes":104,"packets":2},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172071000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":15327,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172067000,"time":1680172067000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":32247,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172092000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172068000,"time":1680172068000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172092000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":65104,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172068000,"time":1680172068000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":59805,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172092000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172068000,"time":1680172068000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172092000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":32247,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172068000,"time":1680172068000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":65104,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172092000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172068000,"time":1680172068000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172092000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":59805,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172068000,"time":1680172068000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172098000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06549ab89f11eea12","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172068000,"time":1680172068000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172090000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":51361,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172069000,"time":1680172069000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":51361,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172090000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172069000,"time":1680172069000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":48536,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172090000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172069000,"time":1680172069000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172090000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":48536,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172069000,"time":1680172069000,"traffic":{"bytes":1764,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":17839,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172090000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172069000,"time":1680172069000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172090000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":17839,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172069000,"time":1680172069000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172072000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":22563,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172071000,"time":1680172071000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":22563,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172072000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172071000,"time":1680172071000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"unknown","provider":"AWS","region":"us-east-1","zone":"use1-az1"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172085000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-06b8365d2ee14ba40","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-4067e326","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172071000,"time":1680172071000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172105000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172073000,"time":1680172073000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":55192,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172094000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172074000,"time":1680172074000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172094000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":53941,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172074000,"time":1680172074000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":57200,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172094000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172074000,"time":1680172074000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":53941,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172094000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172074000,"time":1680172074000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172094000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":57200,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172074000,"time":1680172074000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172094000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":55192,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172074000,"time":1680172074000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":30760,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172076000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172074000,"time":1680172074000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172076000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":30760,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172074000,"time":1680172074000,"traffic":{"bytes":1620,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172078000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":6004,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172076000,"time":1680172076000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":6004,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172078000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172076000,"time":1680172076000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172084000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":22255,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172076000,"time":1680172076000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":52875,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172084000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172076000,"time":1680172076000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172084000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":52875,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172076000,"time":1680172076000,"traffic":{"bytes":1764,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":22255,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172084000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172076000,"time":1680172076000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":48647,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172077000,"time":1680172077000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":19498,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172077000,"time":1680172077000,"traffic":{"bytes":1620,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":15391,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172077000,"time":1680172077000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":19498,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172077000,"time":1680172077000,"traffic":{"bytes":6699,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":51948,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172077000,"time":1680172077000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":47677,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172077000,"time":1680172077000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":15391,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172077000,"time":1680172077000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":47677,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172077000,"time":1680172077000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":48647,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172077000,"time":1680172077000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":51948,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172077000,"time":1680172077000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":9500,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172080000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172079000,"time":1680172079000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172080000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":9500,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172079000,"time":1680172079000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172111000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172090000,"time":1680172090000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":18391,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172109000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172092000,"time":1680172092000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":17237,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172109000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172092000,"time":1680172092000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172109000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":17237,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172092000,"time":1680172092000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172109000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":18391,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172092000,"time":1680172092000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172104000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":35725,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172095000,"time":1680172095000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":35725,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172104000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172095000,"time":1680172095000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":34361,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172104000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172095000,"time":1680172095000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172104000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":34361,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172095000,"time":1680172095000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":43305,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172098000,"time":1680172098000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":43305,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172099000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172098000,"time":1680172098000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":443,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172118000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"143.42.227.66","port":61000,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172098000,"time":1680172098000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":89,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172118000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"216.218.206.108","port":59135,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172098000,"time":1680172098000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":5,"activity_name":"Refused","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":2},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-006041a786af4cf00","intermediate_ips":null,"ip":"172.31.79.14","port":20155,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172118000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"91.240.118.77","port":48788,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172098000,"time":1680172098000,"traffic":{"bytes":40,"packets":1},"type_name":"Network Activity: Refused","type_uid":400106,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172130000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-08ba8b44461eb2885","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172100000,"time":1680172100000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":16350,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172122000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172104000,"time":1680172104000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":17648,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172122000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172104000,"time":1680172104000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172122000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":16350,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172104000,"time":1680172104000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172122000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":17648,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172104000,"time":1680172104000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172122000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":17962,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172104000,"time":1680172104000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":17962,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172122000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172104000,"time":1680172104000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172122000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":50414,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172104000,"time":1680172104000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":50414,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172122000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172104000,"time":1680172104000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172109000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":42688,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172107000,"time":1680172107000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":42688,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172109000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172107000,"time":1680172107000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172116000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":36804,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172114000,"time":1680172114000,"traffic":{"bytes":1672,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":36804,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172116000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172114000,"time":1680172114000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":0,"activity_name":"","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az5"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"-","direction_id":0,"protocol_num":null,"protocol_ver":"-","tcp_flags":null},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"-","port":null,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172146000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04ec237a893668df7","intermediate_ips":null,"ip":"-","port":null,"subnet_uid":"subnet-89dda387","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172115000,"time":1680172115000,"traffic":{"bytes":null,"packets":null},"type_name":"Network Activity: Unknown","type_uid":400100,"unmapped":[{"key":"log_status","value":"NODATA"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172118000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":27835,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172118000,"time":1680172118000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":27835,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172118000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172118000,"time":1680172118000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":43726,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172138000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172118000,"time":1680172118000,"traffic":{"bytes":6751,"packets":16},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":43004,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172138000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172118000,"time":1680172118000,"traffic":{"bytes":6544,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172138000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":43726,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172118000,"time":1680172118000,"traffic":{"bytes":1724,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az6"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172138000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-0b2b98aac7015fe65","intermediate_ips":null,"ip":"172.31.32.136","port":43004,"subnet_uid":"subnet-482baa17","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172118000,"time":1680172118000,"traffic":{"bytes":1608,"packets":12},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172129000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":36052,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172118000,"time":1680172118000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":6710,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172129000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172118000,"time":1680172118000,"traffic":{"bytes":6596,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":36052,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172129000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172118000,"time":1680172118000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172129000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":6710,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172118000,"time":1680172118000,"traffic":{"bytes":1660,"packets":13},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Unknown","boundary_id":0,"direction":"ingress","direction_id":1,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":19},"dst_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":15999,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"end_time":1680172138000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"start_time":1680172138000,"time":1680172138000,"traffic":{"bytes":6648,"packets":15},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} -{"activity_id":1,"activity_name":"Established","category_name":"Network Activity","category_uid":4,"class_name":"Network Activity","class_uid":4001,"cloud":{"account_uid":"422354213072","provider":"AWS","region":"us-east-1","zone":"use1-az4"},"connection_info":{"boundary":"Same VPC","boundary_id":4,"direction":"egress","direction_id":2,"protocol_num":6,"protocol_ver":"IPv4","tcp_flags":3},"dst_endpoint":{"instance_uid":null,"interface_uid":null,"intermediate_ips":null,"ip":"172.31.23.137","port":443,"subnet_uid":null,"svc_name":"-","vpc_uid":null},"end_time":1680172138000,"metadata":{"product":{"feature":{"name":"Flowlogs"},"name":"Amazon VPC","vendor_name":"AWS","version":"5"},"profiles":["cloud"],"version":"0.39.0"},"severity":"Other","severity_id":-1,"src_endpoint":{"instance_uid":"-","interface_uid":"eni-04194a5466552c319","intermediate_ips":null,"ip":"172.31.24.114","port":15999,"subnet_uid":"subnet-bae9bdf7","svc_name":"-","vpc_uid":"vpc-d514c4a8"},"start_time":1680172138000,"time":1680172138000,"traffic":{"bytes":1712,"packets":14},"type_name":"Network Activity: Established","type_uid":400101,"unmapped":[{"key":"log_status","value":"OK"},{"key":"sublocation_id","value":"-"},{"key":"sublocation_type","value":"-"}]} diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index 3a275347ff00..dfd6edc07260 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -237,6 +237,12 @@ metricbeat.modules: - transitgateway - usage - vpn +- module: aws + period: 1m + latency: 5m + include_linked_accounts: false + metricsets: + - s3_request #----------------------------- AWS Fargate Module ----------------------------- - module: awsfargate diff --git a/x-pack/metricbeat/module/aws/_meta/config.reference.yml b/x-pack/metricbeat/module/aws/_meta/config.reference.yml index de3f9f1ed347..12866939b98b 100644 --- a/x-pack/metricbeat/module/aws/_meta/config.reference.yml +++ b/x-pack/metricbeat/module/aws/_meta/config.reference.yml @@ -51,3 +51,9 @@ - transitgateway - usage - vpn +- module: aws + period: 1m + latency: 5m + include_linked_accounts: false + metricsets: + - s3_request diff --git a/x-pack/metricbeat/module/aws/_meta/config.yml b/x-pack/metricbeat/module/aws/_meta/config.yml index 68293513b027..6adf3af2fcd5 100644 --- a/x-pack/metricbeat/module/aws/_meta/config.yml +++ b/x-pack/metricbeat/module/aws/_meta/config.yml @@ -49,5 +49,6 @@ - module: aws period: 1m latency: 5m + include_linked_accounts: false metricsets: - s3_request diff --git a/x-pack/metricbeat/module/aws/_meta/docs.asciidoc b/x-pack/metricbeat/module/aws/_meta/docs.asciidoc index c19e80d5db3f..08ac6918d9e1 100644 --- a/x-pack/metricbeat/module/aws/_meta/docs.asciidoc +++ b/x-pack/metricbeat/module/aws/_meta/docs.asciidoc @@ -61,7 +61,20 @@ services do not include a region. In `aws` module, `endpoint` config is to set the `endpoint-code` part, such as `amazonaws.com`, `amazonaws.com.cn`, `c2s.ic.gov`, `sc2s.sgov.gov`. -If endpoint is specified, `regions` config becomes required. For example: +If endpoint is specified, `regions` config becomes required. + +* *include_linked_accounts* + +The `include_linked_accounts` parameter is used to enable the inclusion of metrics from different accounts linked to a +main monitoring account. By setting this parameter to true, users can gather metrics from multiple AWS accounts that are +linked through the https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html[CloudWatch cross-account observability]. +By default, the `include_linked_accounts` parameter is set to true, meaning that only metrics from the main monitoring +account and all linked accounts are all collected. When set to false, the parameter allows the CloudWatch service to +only retrieve metrics from the monitoring account. + +*_Note_:* Users should ensure that the necessary IAM roles and policies are properly set up in order to link the monitoring +account and source accounts together. +Please see https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account-Setup.html#CloudWatch-Unified-Cross-Account-Setup-permissions[Link monitoring accounts with source accounts] for more details. * *tags_filter* diff --git a/x-pack/metricbeat/module/aws/aws.go b/x-pack/metricbeat/module/aws/aws.go index 70934dd0f407..90569f9edb00 100644 --- a/x-pack/metricbeat/module/aws/aws.go +++ b/x-pack/metricbeat/module/aws/aws.go @@ -29,26 +29,28 @@ type describeRegionsClient interface { // Config defines all required and optional parameters for aws metricsets type Config struct { - Period time.Duration `config:"period" validate:"nonzero,required"` - DataGranularity time.Duration `config:"data_granularity"` - Regions []string `config:"regions"` - Latency time.Duration `config:"latency"` - AWSConfig awscommon.ConfigAWS `config:",inline"` - TagsFilter []Tag `config:"tags_filter"` + Period time.Duration `config:"period" validate:"nonzero,required"` + DataGranularity time.Duration `config:"data_granularity"` + Regions []string `config:"regions"` + Latency time.Duration `config:"latency"` + AWSConfig awscommon.ConfigAWS `config:",inline"` + TagsFilter []Tag `config:"tags_filter"` + IncludeLinkedAccounts *bool `config:"include_linked_accounts"` } // MetricSet is the base metricset for all aws metricsets type MetricSet struct { mb.BaseMetricSet - RegionsList []string - Endpoint string - Period time.Duration - DataGranularity time.Duration - Latency time.Duration - AwsConfig *awssdk.Config - AccountName string - AccountID string - TagsFilter []Tag + RegionsList []string + Endpoint string + Period time.Duration + DataGranularity time.Duration + Latency time.Duration + AwsConfig *awssdk.Config + MonitoringAccountName string + MonitoringAccountID string + TagsFilter []Tag + IncludeLinkedAccounts bool } // Tag holds a configuration specific for ec2 and cloudwatch metricset. @@ -60,6 +62,39 @@ type Tag struct { // ModuleName is the name of this module. const ModuleName = "aws" +// IncludeLinkedAccountsDefault defines if we should include metrics from linked AWS accounts or not. Default is true. +// More information about cross-account Cloudwatch monitoring can be found at +// https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html +const IncludeLinkedAccountsDefault = true + +type LabelConstants struct { + AccountIdIdx int + AccountLabelIdx int + MetricNameIdx int + NamespaceIdx int + StatisticIdx int + IdentifierNameIdx int + IdentifierValueIdx int + LabelLengthTotal int + LabelSeparator string + AccountLabel string + BillingDimensionStartIdx int +} + +var LabelConst = LabelConstants{ + AccountIdIdx: 0, + AccountLabelIdx: 1, + MetricNameIdx: 2, + NamespaceIdx: 3, + StatisticIdx: 4, + IdentifierNameIdx: 5, + IdentifierValueIdx: 6, + LabelLengthTotal: 7, + LabelSeparator: "|", + AccountLabel: "${PROP('AccountLabel')}", + BillingDimensionStartIdx: 3, +} + func init() { if err := mb.Registry.AddModule(ModuleName, newModule); err != nil { panic(err) @@ -112,10 +147,16 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) { Endpoint: config.AWSConfig.Endpoint, } + metricSet.IncludeLinkedAccounts = IncludeLinkedAccountsDefault + if config.IncludeLinkedAccounts != nil { + metricSet.IncludeLinkedAccounts = *config.IncludeLinkedAccounts + } + base.Logger().Debug("Metricset level config for period: ", metricSet.Period) base.Logger().Debug("Metricset level config for data granularity: ", metricSet.DataGranularity) base.Logger().Debug("Metricset level config for tags filter: ", metricSet.TagsFilter) base.Logger().Warn("extra charges on AWS API requests will be generated by this metricset") + base.Logger().Debug("Metricset level config for including linked accounts: ", metricSet.IncludeLinkedAccounts) // If regions in config is not empty, then overwrite the awsConfig.Region if len(config.Regions) > 0 { @@ -134,8 +175,8 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) { if err != nil { base.Logger().Warn("failed to get caller identity, please check permission setting: ", err) } else { - metricSet.AccountID = *outputIdentity.Account - base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID) + metricSet.MonitoringAccountID = *outputIdentity.Account + base.Logger().Debug("AWS Credentials belong to monitoring account ID: ", metricSet.MonitoringAccountID) } // Get account name/alias svcIam := iam.NewFromConfig(awsConfig, func(o *iam.Options) { @@ -144,7 +185,7 @@ func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) { } }) - metricSet.AccountName = getAccountName(svcIam, base, metricSet) + metricSet.MonitoringAccountName = getAccountName(svcIam, base, metricSet) // Construct MetricSet with a full regions list if config.Regions == nil { @@ -188,7 +229,7 @@ func getAccountName(svc *iam.Client, base mb.BaseMetricSet, metricSet MetricSet) defer cancel() output, err := svc.ListAccountAliases(ctx, &iam.ListAccountAliasesInput{}) - accountName := metricSet.AccountID + accountName := metricSet.MonitoringAccountID if err != nil { base.Logger().Warn("failed to list account aliases, please check permission setting: ", err) return accountName @@ -196,15 +237,15 @@ func getAccountName(svc *iam.Client, base mb.BaseMetricSet, metricSet MetricSet) // When there is no account alias, account ID will be used as cloud.account.name if len(output.AccountAliases) == 0 { - accountName = metricSet.AccountID - base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.AccountID) + accountName = metricSet.MonitoringAccountID + base.Logger().Debug("AWS Credentials belong to account ID: ", metricSet.MonitoringAccountID) return accountName } // There can be more than one aliases for each account, for now we are only // collecting the first one. accountName = output.AccountAliases[0] - base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.AccountName) + base.Logger().Debug("AWS Credentials belong to account name: ", metricSet.MonitoringAccountName) return accountName } diff --git a/x-pack/metricbeat/module/aws/billing/billing.go b/x-pack/metricbeat/module/aws/billing/billing.go index c5d3d368dc63..75b500839ef5 100644 --- a/x-pack/metricbeat/module/aws/billing/billing.go +++ b/x-pack/metricbeat/module/aws/billing/billing.go @@ -28,9 +28,8 @@ import ( ) var ( - metricsetName = "billing" - regionName = "us-east-1" - labelSeparator = "|" + metricsetName = "billing" + regionName = "us-east-1" // This list is from https://github.com/aws/aws-sdk-go-v2/blob/master/service/costexplorer/api_enums.go#L60-L90 supportedDimensionKeys = []string{ @@ -42,11 +41,7 @@ var ( "RESERVATION_ID", } - dateLayout = "2006-01-02" - accountIdIdx = 0 - accountLabelIdx = 1 - metricDataValueIdx = 2 - dimensionStartIdx = 3 + dateLayout = "2006-01-02" ) // init registers the MetricSet with the central registry as soon as the program @@ -175,7 +170,7 @@ func (m *MetricSet) getCloudWatchBillingMetrics( endTime time.Time) []mb.Event { var events []mb.Event namespace := "AWS/Billing" - listMetricsOutput, err := aws.GetListMetricsOutput(namespace, regionName, m.Period, svcCloudwatch) + listMetricsOutput, err := aws.GetListMetricsOutput(namespace, regionName, m.Period, m.IncludeLinkedAccounts, m.MonitoringAccountID, svcCloudwatch) if err != nil { m.Logger().Error(err.Error()) return nil @@ -198,17 +193,17 @@ func (m *MetricSet) getCloudWatchBillingMetrics( continue } for valI, metricDataResultValue := range output.Values { - labels := strings.Split(*output.Label, labelSeparator) + labels := strings.Split(*output.Label, aws.LabelConst.LabelSeparator) event := mb.Event{} - if labels[accountIdIdx] != "" { - event = aws.InitEvent("", labels[accountLabelIdx], labels[accountIdIdx], output.Timestamps[valI]) + if labels[aws.LabelConst.AccountIdIdx] != "" { + event = aws.InitEvent("", labels[aws.LabelConst.AccountLabelIdx], labels[aws.LabelConst.AccountIdIdx], output.Timestamps[valI]) } else { - event = aws.InitEvent("", m.AccountName, m.AccountID, output.Timestamps[valI]) + event = aws.InitEvent("", m.MonitoringAccountName, m.MonitoringAccountID, output.Timestamps[valI]) } - _, _ = event.MetricSetFields.Put(labels[metricDataValueIdx], metricDataResultValue) + _, _ = event.MetricSetFields.Put(labels[aws.LabelConst.MetricNameIdx], metricDataResultValue) - i := dimensionStartIdx + i := aws.LabelConst.BillingDimensionStartIdx for i < len(labels)-1 { _, _ = event.MetricSetFields.Put(labels[i], labels[i+1]) i += 2 @@ -318,7 +313,7 @@ func (m *MetricSet) getCostGroupBy(svcCostExplorer *costexplorer.Client, groupBy } func (m *MetricSet) addCostMetrics(metrics map[string]costexplorertypes.MetricValue, groupDefinition costexplorertypes.GroupDefinition, startDate string, endDate string) mb.Event { - event := aws.InitEvent("", m.AccountName, m.AccountID, time.Now()) + event := aws.InitEvent("", m.MonitoringAccountName, m.MonitoringAccountID, time.Now()) // add group definition _, _ = event.MetricSetFields.Put("group_definition", mapstr.M{ @@ -367,9 +362,9 @@ func createMetricDataQuery(metric aws.MetricWithID, index int, dataGranularity t metricDims := metric.Metric.Dimensions metricName := *metric.Metric.MetricName - label := metric.AccountID + labelSeparator + "${PROP('AccountLabel')}" + labelSeparator + metricName + labelSeparator + label := strings.Join([]string{metric.AccountID, aws.LabelConst.AccountLabel, metricName}, aws.LabelConst.LabelSeparator) for _, dim := range metricDims { - label += *dim.Name + labelSeparator + *dim.Value + labelSeparator + label += aws.LabelConst.LabelSeparator + *dim.Name + aws.LabelConst.LabelSeparator + *dim.Value } metricDataQuery := types.MetricDataQuery{ diff --git a/x-pack/metricbeat/module/aws/billing/billing_integration_test.go b/x-pack/metricbeat/module/aws/billing/billing_integration_test.go index d01c6378a88e..6da4437f788f 100644 --- a/x-pack/metricbeat/module/aws/billing/billing_integration_test.go +++ b/x-pack/metricbeat/module/aws/billing/billing_integration_test.go @@ -24,6 +24,7 @@ func TestFetch(t *testing.T) { metricSet := mbtest.NewReportingMetricSetV2Error(t, config) events, errs := mbtest.ReportingFetchV2Error(metricSet) + fmt.Println("events = ", events) if len(errs) > 0 { t.Fatalf("Expected 0 error, had %d. %v\n", len(errs), errs) } diff --git a/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch.go b/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch.go index b0bf1dd229f5..e25ea2d37434 100644 --- a/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch.go +++ b/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch.go @@ -25,18 +25,9 @@ import ( var ( metricsetName = "cloudwatch" - accountIdIdx = 0 - accountLabelIdx = 1 - metricNameIdx = 2 - namespaceIdx = 3 - statisticIdx = 4 - identifierNameIdx = 5 - identifierValueIdx = 6 defaultStatistics = []string{"Average", "Maximum", "Minimum", "Sum", "SampleCount"} - labelSeparator = "|" dimensionSeparator = "," dimensionValueWildcard = "*" - labelLengthTotal = 7 ) // init registers the MetricSet with the central registry as soon as the program @@ -51,7 +42,7 @@ func init() { // MetricSet holds any configuration or state information. It must implement // the mb.MetricSet interface. And this is best achieved by embedding -// mb.BaseMetricSet because it implements all of the required mb.MetricSet +// mb.BaseMetricSet because it implements all the required mb.MetricSet // interface methods except for Fetch. type MetricSet struct { *aws.MetricSet @@ -186,7 +177,7 @@ func (m *MetricSet) Fetch(report mb.ReporterV2) error { } // retrieve all the details for all the metrics available in the current region - listMetricsOutput, err := aws.GetListMetricsOutput("*", regionName, m.Period, svcCloudwatch) + listMetricsOutput, err := aws.GetListMetricsOutput("*", regionName, m.Period, m.IncludeLinkedAccounts, m.MonitoringAccountID, svcCloudwatch) if err != nil { m.Logger().Errorf("Error while retrieving the list of metrics for region %s: %w", regionName, err) } @@ -327,17 +318,17 @@ func (m *MetricSet) readCloudwatchConfig() (listMetricWithDetail, map[string][]n !configDimensionValueContainsWildcard(config.Dimensions) { namespace := config.Namespace for i := range config.MetricName { - cwMetric := aws.MetricWithID{ - Metric: types.Metric{ - Namespace: &namespace, - MetricName: &config.MetricName[i], - Dimensions: cloudwatchDimensions, - }, + metric := types.Metric{ + Namespace: &namespace, + MetricName: &config.MetricName[i], + Dimensions: cloudwatchDimensions, } metricsWithStats := metricsWithStatistics{ - cloudwatchMetric: cwMetric, - statistic: config.Statistic, + cloudwatchMetric: aws.MetricWithID{ + Metric: metric, + }, + statistic: config.Statistic, } metricsWithStatsTotal = append(metricsWithStatsTotal, metricsWithStats) @@ -396,7 +387,7 @@ func createMetricDataQueries(listMetricsTotal []metricsWithStatistics, dataGranu func constructLabel(metric aws.MetricWithID, statistic string) string { // label = accountID + accountLabel + metricName + namespace + statistic + dimKeys + dimValues - label := strings.Join([]string{metric.AccountID, "${PROP('AccountLabel')}", *metric.Metric.MetricName, *metric.Metric.Namespace, statistic}, labelSeparator) + label := strings.Join([]string{metric.AccountID, aws.LabelConst.AccountLabel, *metric.Metric.MetricName, *metric.Metric.Namespace, statistic}, aws.LabelConst.LabelSeparator) dimNames := "" dimValues := "" for i, dim := range metric.Metric.Dimensions { @@ -409,8 +400,8 @@ func constructLabel(metric aws.MetricWithID, statistic string) string { } if dimNames != "" && dimValues != "" { - label += labelSeparator + dimNames - label += labelSeparator + dimValues + label += aws.LabelConst.LabelSeparator + dimNames + label += aws.LabelConst.LabelSeparator + dimValues } return label } @@ -432,12 +423,12 @@ func statisticLookup(stat string) (string, bool) { } func generateFieldName(namespace string, labels []string) string { - stat := labels[statisticIdx] + stat := labels[aws.LabelConst.StatisticIdx] // Check if statistic method is one of Sum, SampleCount, Minimum, Maximum, Average // With checkStatistics function, no need to check bool return value here statMethod, _ := statisticLookup(stat) // By default, replace dot "." using underscore "_" for metric names - return "aws." + stripNamespace(namespace) + ".metrics." + common.DeDot(labels[metricNameIdx]) + "." + statMethod + return "aws." + stripNamespace(namespace) + ".metrics." + common.DeDot(labels[aws.LabelConst.MetricNameIdx]) + "." + statMethod } // stripNamespace converts Cloudwatch namespace into the root field we will use for metrics @@ -448,15 +439,15 @@ func stripNamespace(namespace string) string { } func insertRootFields(event mb.Event, metricValue float64, labels []string) mb.Event { - namespace := labels[namespaceIdx] + namespace := labels[aws.LabelConst.NamespaceIdx] _, _ = event.RootFields.Put(generateFieldName(namespace, labels), metricValue) _, _ = event.RootFields.Put("aws.cloudwatch.namespace", namespace) - if len(labels) != labelLengthTotal { + if len(labels) != aws.LabelConst.LabelLengthTotal { return event } - dimNames := strings.Split(labels[identifierNameIdx], ",") - dimValues := strings.Split(labels[identifierValueIdx], ",") + dimNames := strings.Split(labels[aws.LabelConst.IdentifierNameIdx], ",") + dimValues := strings.Split(labels[aws.LabelConst.IdentifierValueIdx], ",") for i := 0; i < len(dimNames); i++ { _, _ = event.RootFields.Put("aws.dimensions."+dimNames[i], dimValues[i]) } @@ -487,25 +478,25 @@ func (m *MetricSet) createEvents(svcCloudwatch cloudwatch.GetMetricDataAPIClient if len(metricDataResult.Values) == 0 { continue } - labels := strings.Split(*metricDataResult.Label, labelSeparator) + labels := strings.Split(*metricDataResult.Label, aws.LabelConst.LabelSeparator) for valI, metricDataResultValue := range metricDataResult.Values { - if len(labels) != labelLengthTotal { + if len(labels) != aws.LabelConst.LabelLengthTotal { // when there is no identifier value in label, use id+label+region+accountID+namespace+index instead - identifier := labels[accountIdIdx] + labels[accountLabelIdx] + regionName + m.AccountID + labels[namespaceIdx] + fmt.Sprint("-", valI) + identifier := labels[aws.LabelConst.AccountIdIdx] + labels[aws.LabelConst.AccountLabelIdx] + regionName + m.MonitoringAccountID + labels[aws.LabelConst.NamespaceIdx] + fmt.Sprint("-", valI) if _, ok := events[identifier]; !ok { - if labels[accountIdIdx] != "" { - events[identifier] = aws.InitEvent(regionName, labels[accountLabelIdx], labels[accountIdIdx], metricDataResult.Timestamps[valI]) + if labels[aws.LabelConst.AccountIdIdx] != "" { + events[identifier] = aws.InitEvent(regionName, labels[aws.LabelConst.AccountLabelIdx], labels[aws.LabelConst.AccountIdIdx], metricDataResult.Timestamps[valI]) } else { - events[identifier] = aws.InitEvent(regionName, m.AccountName, m.AccountID, metricDataResult.Timestamps[valI]) + events[identifier] = aws.InitEvent(regionName, m.MonitoringAccountName, m.MonitoringAccountID, metricDataResult.Timestamps[valI]) } } events[identifier] = insertRootFields(events[identifier], metricDataResultValue, labels) continue } - identifierValue := labels[identifierValueIdx] + fmt.Sprint("-", valI) + identifierValue := labels[aws.LabelConst.IdentifierValueIdx] + fmt.Sprint("-", valI) if _, ok := events[identifierValue]; !ok { - events[identifierValue] = aws.InitEvent(regionName, labels[accountLabelIdx], labels[accountIdIdx], metricDataResult.Timestamps[valI]) + events[identifierValue] = aws.InitEvent(regionName, labels[aws.LabelConst.AccountLabelIdx], labels[aws.LabelConst.AccountIdIdx], metricDataResult.Timestamps[valI]) } events[identifierValue] = insertRootFields(events[identifierValue], metricDataResultValue, labels) } @@ -542,7 +533,7 @@ func (m *MetricSet) createEvents(svcCloudwatch cloudwatch.GetMetricDataAPIClient continue } - labels := strings.Split(*output.Label, labelSeparator) + labels := strings.Split(*output.Label, aws.LabelConst.LabelSeparator) for valI, metricDataResultValue := range output.Values { if len(labels) != 7 { // if there is no tag in labels but there is a tagsFilter, then no event should be reported. @@ -551,19 +542,19 @@ func (m *MetricSet) createEvents(svcCloudwatch cloudwatch.GetMetricDataAPIClient } // when there is no identifier value in label, use id+label+region+accountID+namespace+index instead - identifier := labels[accountIdIdx] + labels[accountLabelIdx] + regionName + m.AccountID + labels[namespaceIdx] + fmt.Sprint("-", valI) + identifier := labels[aws.LabelConst.AccountIdIdx] + labels[aws.LabelConst.AccountLabelIdx] + regionName + m.MonitoringAccountID + labels[aws.LabelConst.NamespaceIdx] + fmt.Sprint("-", valI) if _, ok := events[identifier]; !ok { - if labels[accountIdIdx] != "" { - events[identifier] = aws.InitEvent(regionName, labels[accountLabelIdx], labels[accountIdIdx], output.Timestamps[valI]) + if labels[aws.LabelConst.AccountIdIdx] != "" { + events[identifier] = aws.InitEvent(regionName, labels[aws.LabelConst.AccountLabelIdx], labels[aws.LabelConst.AccountIdIdx], output.Timestamps[valI]) } else { - events[identifier] = aws.InitEvent(regionName, m.AccountName, m.AccountID, output.Timestamps[valI]) + events[identifier] = aws.InitEvent(regionName, m.MonitoringAccountName, m.MonitoringAccountID, output.Timestamps[valI]) } } events[identifier] = insertRootFields(events[identifier], metricDataResultValue, labels) continue } - identifierValue := labels[identifierValueIdx] + identifierValue := labels[aws.LabelConst.IdentifierValueIdx] uniqueIdentifierValue := identifierValue + fmt.Sprint("-", valI) // add tags to event based on identifierValue @@ -580,7 +571,7 @@ func (m *MetricSet) createEvents(svcCloudwatch cloudwatch.GetMetricDataAPIClient if len(tagsFilter) != 0 && resourceTagMap[subIdentifier] == nil { continue } - events[uniqueIdentifierValue] = aws.InitEvent(regionName, labels[accountLabelIdx], labels[accountIdIdx], output.Timestamps[valI]) + events[uniqueIdentifierValue] = aws.InitEvent(regionName, labels[aws.LabelConst.AccountLabelIdx], labels[aws.LabelConst.AccountIdIdx], output.Timestamps[valI]) } events[uniqueIdentifierValue] = insertRootFields(events[uniqueIdentifierValue], metricDataResultValue, labels) insertTags(events, uniqueIdentifierValue, subIdentifier, resourceTagMap) diff --git a/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch_test.go b/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch_test.go index 6550b85cdf97..054e9d8d55a2 100644 --- a/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch_test.go +++ b/x-pack/metricbeat/module/aws/cloudwatch/cloudwatch_test.go @@ -775,7 +775,7 @@ func TestGenerateFieldName(t *testing.T) { for _, c := range cases { t.Run(c.title, func(t *testing.T) { - fieldName := generateFieldName(c.label[namespaceIdx], c.label) + fieldName := generateFieldName(c.label[aws.LabelConst.NamespaceIdx], c.label) assert.Equal(t, c.expectedFieldName, fieldName) }) } @@ -1287,7 +1287,7 @@ func TestCreateEventsWithIdentifier(t *testing.T) { func TestCreateEventsWithoutIdentifier(t *testing.T) { m := MetricSet{} m.CloudwatchConfigs = []Config{{Statistic: []string{"Average"}}} - m.MetricSet = &aws.MetricSet{Period: 5, AccountID: accountID} + m.MetricSet = &aws.MetricSet{Period: 5, MonitoringAccountID: accountID} m.logger = logp.NewLogger("test") mockTaggingSvc := &MockResourceGroupsTaggingClient{} @@ -1332,7 +1332,7 @@ func TestCreateEventsWithoutIdentifier(t *testing.T) { func TestCreateEventsWithDataGranularity(t *testing.T) { m := MetricSet{} m.CloudwatchConfigs = []Config{{Statistic: []string{"Average"}}} - m.MetricSet = &aws.MetricSet{Period: 10, AccountID: accountID, DataGranularity: 5} + m.MetricSet = &aws.MetricSet{Period: 10, MonitoringAccountID: accountID, DataGranularity: 5} m.logger = logp.NewLogger("test") mockTaggingSvc := &MockResourceGroupsTaggingClient{} @@ -1373,7 +1373,7 @@ func TestCreateEventsWithDataGranularity(t *testing.T) { func TestCreateEventsWithTagsFilter(t *testing.T) { m := MetricSet{} m.CloudwatchConfigs = []Config{{Statistic: []string{"Average"}}} - m.MetricSet = &aws.MetricSet{Period: 5, AccountID: accountID} + m.MetricSet = &aws.MetricSet{Period: 5, MonitoringAccountID: accountID} m.logger = logp.NewLogger("test") mockTaggingSvc := &MockResourceGroupsTaggingClient{} @@ -1534,7 +1534,7 @@ func TestCreateEventsTimestamp(t *testing.T) { m := MetricSet{ logger: logp.NewLogger("test"), CloudwatchConfigs: []Config{{Statistic: []string{"Average"}}}, - MetricSet: &aws.MetricSet{Period: 5, AccountID: accountID}, + MetricSet: &aws.MetricSet{Period: 5, MonitoringAccountID: accountID}, } listMetricWithStatsTotal := []metricsWithStatistics{ diff --git a/x-pack/metricbeat/module/aws/utils.go b/x-pack/metricbeat/module/aws/utils.go index e0bc5289c478..caf695f1cb9f 100644 --- a/x-pack/metricbeat/module/aws/utils.go +++ b/x-pack/metricbeat/module/aws/utils.go @@ -51,13 +51,13 @@ type MetricWithID struct { // API call per metric name and set of dimensions. This will increase API cost. // IncludeLinkedAccounts is set to true for ListMetrics API to include metrics from source accounts in addition to the // monitoring account. -func GetListMetricsOutput(namespace string, regionName string, period time.Duration, svcCloudwatch cloudwatch.ListMetricsAPIClient) ([]MetricWithID, error) { +func GetListMetricsOutput(namespace string, regionName string, period time.Duration, includeLinkedAccounts bool, monitoringAccountID string, svcCloudwatch cloudwatch.ListMetricsAPIClient) ([]MetricWithID, error) { var metricWithAccountID []MetricWithID var nextToken *string listMetricsInput := &cloudwatch.ListMetricsInput{ NextToken: nextToken, - IncludeLinkedAccounts: true, + IncludeLinkedAccounts: includeLinkedAccounts, } // To filter the results to show only metrics that have had data points published @@ -80,6 +80,14 @@ func GetListMetricsOutput(namespace string, regionName string, period time.Durat return metricWithAccountID, fmt.Errorf("error ListMetrics with Paginator, skipping region %s: %w", regionName, err) } + // when IncludeLinkedAccounts is set to false, ListMetrics API does not return any OwningAccounts + if page.OwningAccounts == nil { + for _, metric := range page.Metrics { + metricWithAccountID = append(metricWithAccountID, MetricWithID{metric, monitoringAccountID}) + } + return metricWithAccountID, nil + } + for i, metric := range page.Metrics { metricWithAccountID = append(metricWithAccountID, MetricWithID{metric, page.OwningAccounts[i]}) } diff --git a/x-pack/metricbeat/module/aws/utils_test.go b/x-pack/metricbeat/module/aws/utils_test.go index 3d082858b414..5fe62b5c80cc 100644 --- a/x-pack/metricbeat/module/aws/utils_test.go +++ b/x-pack/metricbeat/module/aws/utils_test.go @@ -123,9 +123,6 @@ func (m *MockCloudWatchClient) ListMetrics(context.Context, *cloudwatch.ListMetr Dimensions: []cloudwatchtypes.Dimension{dim1}, }, }, - OwningAccounts: []string{ - "1234", - }, NextToken: awssdk.String(""), }, nil } @@ -201,7 +198,7 @@ func (m *MockResourceGroupsTaggingClient) GetResources(_ context.Context, _ *res func TestGetListMetricsOutput(t *testing.T) { svcCloudwatch := &MockCloudWatchClient{} - listMetricsOutput, err := GetListMetricsOutput("AWS/EC2", "us-west-1", time.Minute*5, svcCloudwatch) + listMetricsOutput, err := GetListMetricsOutput("AWS/EC2", "us-west-1", time.Minute*5, false, "123", svcCloudwatch) assert.NoError(t, err) assert.Equal(t, 1, len(listMetricsOutput)) assert.Equal(t, namespace, *listMetricsOutput[0].Metric.Namespace) @@ -213,7 +210,7 @@ func TestGetListMetricsOutput(t *testing.T) { func TestGetListMetricsCrossAccountsOutput(t *testing.T) { svcCloudwatch := &MockCloudwatchClientCrossAccounts{} - listMetricsOutput, err := GetListMetricsOutput("AWS/EC2", "us-west-1", time.Minute*5, svcCloudwatch) + listMetricsOutput, err := GetListMetricsOutput("AWS/EC2", "us-west-1", time.Minute*5, true, "123", svcCloudwatch) assert.NoError(t, err) assert.Equal(t, 2, len(listMetricsOutput)) assert.Equal(t, namespace, *listMetricsOutput[0].Metric.Namespace) @@ -226,7 +223,7 @@ func TestGetListMetricsCrossAccountsOutput(t *testing.T) { func TestGetListMetricsOutputWithWildcard(t *testing.T) { svcCloudwatch := &MockCloudWatchClient{} - listMetricsOutput, err := GetListMetricsOutput("*", "us-west-1", time.Minute*5, svcCloudwatch) + listMetricsOutput, err := GetListMetricsOutput("*", "us-west-1", time.Minute*5, false, "123", svcCloudwatch) assert.NoError(t, err) assert.Equal(t, 1, len(listMetricsOutput)) assert.Equal(t, namespace, *listMetricsOutput[0].Metric.Namespace) diff --git a/x-pack/metricbeat/module/azure/_meta/docs.asciidoc b/x-pack/metricbeat/module/azure/_meta/docs.asciidoc index 2ba2cf7a96d5..827b13c0c950 100644 --- a/x-pack/metricbeat/module/azure/_meta/docs.asciidoc +++ b/x-pack/metricbeat/module/azure/_meta/docs.asciidoc @@ -87,6 +87,15 @@ https://login.microsoftonline.us for azure GermanCloud https://login.chinacloudapi.cn for azure PublicCloud https://login.microsoftonline.de for azure USGovernmentCloud +`resource_manager_audience` :: +_string_ +Optional, by default we are using the azure public environment, to override, users can provide a specific resource manager audience in order to use a different azure environment. +Ex: +https://management.chinacloudapi.cn/ for azure ChinaCloud +https://management.microsoftazure.de/ for azure GermanCloud +https://management.azure.com/ for azure PublicCloud +https://management.usgovcloudapi.net/ for azure USGovernmentCloud +Users can also use this in case of a Hybrid Cloud model, where one may define their own audiences. [float] == Metricsets diff --git a/x-pack/metricbeat/module/azure/billing/client.go b/x-pack/metricbeat/module/azure/billing/client.go index 798b29d7eded..b15463e39d2c 100644 --- a/x-pack/metricbeat/module/azure/billing/client.go +++ b/x-pack/metricbeat/module/azure/billing/client.go @@ -5,12 +5,12 @@ package billing import ( - "context" "fmt" "time" - "github.com/Azure/azure-sdk-for-go/services/consumption/mgmt/2019-10-01/consumption" - "github.com/Azure/azure-sdk-for-go/services/costmanagement/mgmt/2019-11-01/costmanagement" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption" + + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement" "github.com/elastic/beats/v7/x-pack/metricbeat/module/azure" "github.com/elastic/elastic-agent-libs/logp" @@ -25,8 +25,8 @@ type Client struct { // Usage contains the usage details and forecast values. type Usage struct { - UsageDetails []consumption.BasicUsageDetail - Forecasts costmanagement.QueryResult + UsageDetails []armconsumption.UsageDetailClassification + Forecasts armcostmanagement.QueryResult } // NewClient builds a new client for the azure billing service @@ -74,13 +74,11 @@ func (client *Client) GetMetrics(timeOpts TimeIntervalOptions) (Usage, error) { timeOpts.usageEnd.Format(time.RFC3339Nano), ) - paginator, err := client.BillingService.GetUsageDetails( + result, err := client.BillingService.GetUsageDetails( scope, "properties/meterDetails", filter, - "", // skipToken, used for paging, not required on the first call. - nil, // result page size, defaults to ? - consumption.MetrictypeActualCostMetricType, + armconsumption.MetrictypeActualCostMetricType, timeOpts.usageStart.Format("2006-01-02"), // startDate timeOpts.usageEnd.Format("2006-01-02"), // endDate ) @@ -88,12 +86,7 @@ func (client *Client) GetMetrics(timeOpts TimeIntervalOptions) (Usage, error) { return usage, fmt.Errorf("retrieving usage details failed in client: %w", err) } - for paginator.NotDone() { - usage.UsageDetails = append(usage.UsageDetails, paginator.Values()...) - if err := paginator.NextWithContext(context.Background()); err != nil { - return usage, fmt.Errorf("retrieving usage details failed in client: %w", err) - } - } + usage.UsageDetails = append(usage.UsageDetails, result.Value...) // // Fetch the Forecast diff --git a/x-pack/metricbeat/module/azure/billing/client_test.go b/x-pack/metricbeat/module/azure/billing/client_test.go index d5a0c3343548..dd750dfa08ab 100644 --- a/x-pack/metricbeat/module/azure/billing/client_test.go +++ b/x-pack/metricbeat/module/azure/billing/client_test.go @@ -12,8 +12,8 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "github.com/Azure/azure-sdk-for-go/services/consumption/mgmt/2019-10-01/consumption" - "github.com/Azure/azure-sdk-for-go/services/costmanagement/mgmt/2019-11-01/costmanagement" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement" "github.com/elastic/beats/v7/x-pack/metricbeat/module/azure" ) @@ -36,8 +36,8 @@ func TestClient(t *testing.T) { client := NewMockClient() client.Config = config m := &MockService{} - m.On("GetForecast", mock.Anything, mock.Anything, mock.Anything).Return(costmanagement.QueryResult{}, errors.New("invalid query")) - m.On("GetUsageDetails", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(consumption.UsageDetailsListResultPage{}, nil) + m.On("GetForecast", mock.Anything, mock.Anything, mock.Anything).Return(armcostmanagement.QueryResult{}, errors.New("invalid query")) + m.On("GetUsageDetails", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(armconsumption.UsageDetailsListResult{}, nil) client.BillingService = m _, err := client.GetMetrics(opts) assert.Error(t, err) @@ -50,9 +50,9 @@ func TestClient(t *testing.T) { client := NewMockClient() client.Config = config m := &MockService{} - forecasts := costmanagement.QueryResult{} + forecasts := armcostmanagement.QueryResult{} m.On("GetForecast", mock.Anything, mock.Anything, mock.Anything).Return(forecasts, nil) - m.On("GetUsageDetails", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(consumption.UsageDetailsListResultPage{}, nil) + m.On("GetUsageDetails", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(armconsumption.UsageDetailsListResult{}, nil) client.BillingService = m _, err := client.GetMetrics(opts) assert.NoError(t, err) diff --git a/x-pack/metricbeat/module/azure/billing/data.go b/x-pack/metricbeat/module/azure/billing/data.go index df15261b7da2..73d2da05dd2b 100644 --- a/x-pack/metricbeat/module/azure/billing/data.go +++ b/x-pack/metricbeat/module/azure/billing/data.go @@ -10,7 +10,8 @@ import ( "strings" "time" - "github.com/Azure/azure-sdk-for-go/services/costmanagement/mgmt/2019-11-01/costmanagement" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement" "errors" @@ -21,7 +22,12 @@ import ( // EventsMapping maps the usage details and forecast data to a list of metricbeat events to // send to Elasticsearch. -func EventsMapping(subscriptionId string, results Usage, timeOpts TimeIntervalOptions, logger *logp.Logger) ([]mb.Event, error) { +func EventsMapping( + subscriptionId string, + results Usage, + timeOpts TimeIntervalOptions, + logger *logp.Logger, +) ([]mb.Event, error) { events := make([]mb.Event, 0, len(results.UsageDetails)) // @@ -37,81 +43,78 @@ func EventsMapping(subscriptionId string, results Usage, timeOpts TimeIntervalOp "cloud.provider": "azure", } - if legacy, isLegacy := ud.AsLegacyUsageDetail(); isLegacy { - + switch usageDetails := ud.(type) { + case *armconsumption.LegacyUsageDetail: // // legacy data format // + legacy := usageDetails + event.ModuleFields = mapstr.M{ - "subscription_id": legacy.SubscriptionID, - "subscription_name": legacy.SubscriptionName, + "subscription_id": legacy.Properties.SubscriptionID, + "subscription_name": legacy.Properties.SubscriptionName, "resource": mapstr.M{ - "name": legacy.ResourceName, - "type": legacy.ConsumedService, - "group": legacy.ResourceGroup, + "name": legacy.Properties.ResourceName, + "type": legacy.Properties.ConsumedService, + "group": legacy.Properties.ResourceGroup, }, } event.MetricSetFields = mapstr.M{ // original fields "billing_period_id": legacy.ID, - "product": legacy.Product, - "pretax_cost": legacy.Cost, - "currency": legacy.BillingCurrency, - "department_name": legacy.InvoiceSection, - "account_name": legacy.BillingAccountName, + "product": legacy.Properties.Product, + "pretax_cost": legacy.Properties.Cost, + "currency": legacy.Properties.BillingCurrency, + "department_name": legacy.Properties.InvoiceSection, + "account_name": legacy.Properties.BillingAccountName, "usage_start": timeOpts.usageStart, "usage_end": timeOpts.usageEnd, // additional fields - "usage_date": legacy.Date, // Date for the usage record. - "account_id": legacy.BillingAccountID, - "unit_price": legacy.UnitPrice, - "quantity": legacy.Quantity, + "usage_date": legacy.Properties.Date, // Date for the usage record. + "account_id": legacy.Properties.BillingAccountID, + "unit_price": legacy.Properties.UnitPrice, + "quantity": legacy.Properties.Quantity, } - _, _ = event.RootFields.Put("cloud.region", legacy.ResourceLocation) - _, _ = event.RootFields.Put("cloud.instance.name", legacy.ResourceName) - _, _ = event.RootFields.Put("cloud.instance.id", legacy.ResourceID) - - } else if modern, isModern := ud.AsModernUsageDetail(); isModern { - + _, _ = event.RootFields.Put("cloud.region", legacy.Properties.ResourceLocation) + _, _ = event.RootFields.Put("cloud.instance.name", legacy.Properties.ResourceName) + _, _ = event.RootFields.Put("cloud.instance.id", legacy.Properties.ResourceID) + case *armconsumption.ModernUsageDetail: // // modern data format // + modern := usageDetails + event.ModuleFields = mapstr.M{ - "subscription_id": modern.SubscriptionGUID, - "subscription_name": modern.SubscriptionName, + "subscription_id": modern.Properties.SubscriptionGUID, + "subscription_name": modern.Properties.SubscriptionName, "resource": mapstr.M{ - "name": getResourceNameFromPath(*modern.InstanceName), - "type": modern.ConsumedService, - "group": strings.ToLower(*modern.ResourceGroup), + "name": getResourceNameFromPath(*modern.Properties.InstanceName), + "type": modern.Properties.ConsumedService, + "group": strings.ToLower(*modern.Properties.ResourceGroup), }, } event.MetricSetFields = mapstr.M{ // original fields "billing_period_id": modern.ID, - "product": modern.Product, - "pretax_cost": modern.CostInBillingCurrency, - "currency": modern.BillingCurrencyCode, - "department_name": modern.InvoiceSectionName, - "account_name": modern.BillingAccountName, + "product": modern.Properties.Product, + "pretax_cost": modern.Properties.CostInBillingCurrency, + "currency": modern.Properties.BillingCurrencyCode, + "department_name": modern.Properties.InvoiceSectionName, + "account_name": modern.Properties.BillingAccountName, "usage_start": timeOpts.usageStart, "usage_end": timeOpts.usageEnd, // additional fields - "usage_date": modern.Date, // Date for the usage record. - "account_id": modern.BillingAccountID, - "unit_price": modern.UnitPrice, - "quantity": modern.Quantity, + "usage_date": modern.Properties.Date, // Date for the usage record. + "account_id": modern.Properties.BillingAccountID, + "unit_price": modern.Properties.UnitPrice, + "quantity": modern.Properties.Quantity, } - _, _ = event.RootFields.Put("cloud.region", modern.ResourceLocation) - - } else { - - // - // Unsupported data format - // + _, _ = event.RootFields.Put("cloud.region", modern.Properties.ResourceLocation) + default: return events, errors.New("unsupported usage details format: not legacy nor modern") } @@ -159,27 +162,27 @@ func getResourceNameFromPath(path string) string { // .Rows: // 0: []interface {}{0.11, 2.0200807e+07, "Actual", "USD"} // 1: []interface {}{0.11, 2.0200808e+07, "Forecast", "USD"} -func getEventsFromQueryResult(result costmanagement.QueryResult, subscriptionID string, logger *logp.Logger) ([]mb.Event, error) { +func getEventsFromQueryResult(result armcostmanagement.QueryResult, subscriptionID string, logger *logp.Logger) ([]mb.Event, error) { // The number of columns expected in the QueryResult supported by this input. // The structure of the QueryResult is determined by the value we set in // the `costmanagement.ForecastDefinition` struct at query time. const expectedNumberOfColumns = 4 - if result.QueryProperties == nil || result.Columns == nil { + if result.Properties == nil || result.Properties.Columns == nil { return []mb.Event{}, errors.New("unsupported forecasts QueryResult format: no columns") } - if len(*result.Columns) != expectedNumberOfColumns { - return []mb.Event{}, fmt.Errorf("unsupported forecasts QueryResult format: got %d columns instead of %d", len(*result.Columns), expectedNumberOfColumns) + if len(result.Properties.Columns) != expectedNumberOfColumns { + return []mb.Event{}, fmt.Errorf("unsupported forecasts QueryResult format: got %d columns instead of %d", len(result.Properties.Columns), expectedNumberOfColumns) } - if result.Rows == nil { + if result.Properties.Rows == nil { logger.Warn("no rows in forecasts QueryResult") return []mb.Event{}, nil } - events := make([]mb.Event, 0, len(*result.Rows)) - for _, row := range *result.Rows { + events := make([]mb.Event, 0, len(result.Properties.Rows)) + for _, row := range result.Properties.Rows { var cost float64 var currency string var costStatus string @@ -250,6 +253,9 @@ func getEventsFromQueryResult(result costmanagement.QueryResult, subscriptionID continue } + // test: trying to make the linter happy + _ = costFieldName + event := mb.Event{ RootFields: mapstr.M{ "cloud.provider": "azure", diff --git a/x-pack/metricbeat/module/azure/billing/data_test.go b/x-pack/metricbeat/module/azure/billing/data_test.go index 9632d5df68ce..49a16fcd617d 100644 --- a/x-pack/metricbeat/module/azure/billing/data_test.go +++ b/x-pack/metricbeat/module/azure/billing/data_test.go @@ -8,10 +8,8 @@ import ( "testing" "time" - "github.com/Azure/azure-sdk-for-go/services/consumption/mgmt/2019-10-01/consumption" - "github.com/Azure/azure-sdk-for-go/services/costmanagement/mgmt/2019-11-01/costmanagement" - "github.com/Azure/go-autorest/autorest/date" - "github.com/shopspring/decimal" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement" "github.com/stretchr/testify/assert" "github.com/elastic/beats/v7/metricbeat/mb" @@ -23,16 +21,20 @@ func TestEventMapping(t *testing.T) { logger := logp.NewLogger("TestEventMapping") ID := "ID" - kind := "legacy" + kind := armconsumption.UsageDetailsKindLegacy name := "test" billingAccountId := "123" - startDate := date.Time{} + startDate := time.Time{} // // Usage Details // - var charge = decimal.NewFromFloat(8.123456) - var props = consumption.LegacyUsageDetailProperties{ + + charge := 8.123456 + unitPrice := 1.25 + quantity := 12.5 + + var props = armconsumption.LegacyUsageDetailProperties{ BillingAccountID: &billingAccountId, BillingAccountName: &name, BillingPeriodStartDate: &startDate, @@ -40,11 +42,13 @@ func TestEventMapping(t *testing.T) { Cost: &charge, InvoiceSection: &name, Product: &name, + UnitPrice: &unitPrice, + Quantity: &quantity, } - var legacy = consumption.LegacyUsageDetail{ - ID: &ID, - Kind: consumption.Kind(kind), - LegacyUsageDetailProperties: &props, + var legacy = &armconsumption.LegacyUsageDetail{ + ID: &ID, + Kind: &kind, + Properties: &props, } // @@ -61,20 +65,20 @@ func TestEventMapping(t *testing.T) { {forecastCost, forecastUsageDate, "Forecast", "USD"}, } - var forecastQueryResult = costmanagement.QueryResult{ - QueryProperties: &costmanagement.QueryProperties{ - Columns: &[]costmanagement.QueryColumn{ + var forecastQueryResult = armcostmanagement.QueryResult{ + Properties: &armcostmanagement.QueryProperties{ + Columns: []*armcostmanagement.QueryColumn{ column("Cost", "Number"), column("UsageDate", "Number"), column("CostStatus", "String"), column("Currency", "String"), }, - Rows: &rows, + Rows: rows, }, } var usage = Usage{ - UsageDetails: []consumption.BasicUsageDetail{legacy}, + UsageDetails: []armconsumption.UsageDetailClassification{legacy}, Forecasts: forecastQueryResult, } @@ -139,7 +143,7 @@ func TestGetEventsFromQueryResult(t *testing.T) { logger := logp.NewLogger("TestGetEventsFromQueryResult") subscriptionID := "sub" - columns := []costmanagement.QueryColumn{ + columns := []*armcostmanagement.QueryColumn{ column("Cost", "Number"), column("UsageDate", "Number"), column("CostStatus", "String"), @@ -147,7 +151,7 @@ func TestGetEventsFromQueryResult(t *testing.T) { } t.Run("no columns", func(t *testing.T) { - queryResult := costmanagement.QueryResult{} + queryResult := armcostmanagement.QueryResult{} events, err := getEventsFromQueryResult(queryResult, subscriptionID, logger) assert.Equal(t, []mb.Event{}, events) @@ -155,16 +159,16 @@ func TestGetEventsFromQueryResult(t *testing.T) { }) t.Run("wrong number of column", func(t *testing.T) { - badColumns := []costmanagement.QueryColumn{ + badColumns := []*armcostmanagement.QueryColumn{ column("Cost", "Number"), column("UsageDate", "Number"), column("CostStatus", "String"), column("Currency", "String"), column("UnexpectedColumn", "String"), } - queryResult := costmanagement.QueryResult{ - QueryProperties: &costmanagement.QueryProperties{ - Columns: &badColumns, + queryResult := armcostmanagement.QueryResult{ + Properties: &armcostmanagement.QueryProperties{ + Columns: badColumns, Rows: nil, }, } @@ -175,9 +179,9 @@ func TestGetEventsFromQueryResult(t *testing.T) { }) t.Run("no rows", func(t *testing.T) { - queryResult := costmanagement.QueryResult{ - QueryProperties: &costmanagement.QueryProperties{ - Columns: &columns, + queryResult := armcostmanagement.QueryResult{ + Properties: &armcostmanagement.QueryProperties{ + Columns: columns, Rows: nil, }, } @@ -191,10 +195,10 @@ func TestGetEventsFromQueryResult(t *testing.T) { rows := [][]interface{}{ {float64(1), float64(2), "Actual", "USD", "UnexpectedValue"}, } - queryResult := costmanagement.QueryResult{ - QueryProperties: &costmanagement.QueryProperties{ - Columns: &columns, - Rows: &rows, + queryResult := armcostmanagement.QueryResult{ + Properties: &armcostmanagement.QueryProperties{ + Columns: columns, + Rows: rows, }, } @@ -211,10 +215,10 @@ func TestGetEventsFromQueryResult(t *testing.T) { {float64(1), float64(20220818), 42, "USD"}, // wrong cost status type {float64(1), float64(20220818), "Actual", 42}, // wrong currency type } - queryResult := costmanagement.QueryResult{ - QueryProperties: &costmanagement.QueryProperties{ - Columns: &columns, - Rows: &rows, + queryResult := armcostmanagement.QueryResult{ + Properties: &armcostmanagement.QueryProperties{ + Columns: columns, + Rows: rows, }, } @@ -224,6 +228,6 @@ func TestGetEventsFromQueryResult(t *testing.T) { }) } -func column(name, type_ string) costmanagement.QueryColumn { - return costmanagement.QueryColumn{Name: &name, Type: &type_} +func column(name, type_ string) *armcostmanagement.QueryColumn { + return &armcostmanagement.QueryColumn{Name: &name, Type: &type_} } diff --git a/x-pack/metricbeat/module/azure/billing/mock_service.go b/x-pack/metricbeat/module/azure/billing/mock_service.go index 180b277dfbf1..6e9cb6688608 100644 --- a/x-pack/metricbeat/module/azure/billing/mock_service.go +++ b/x-pack/metricbeat/module/azure/billing/mock_service.go @@ -9,8 +9,8 @@ import ( "github.com/stretchr/testify/mock" - "github.com/Azure/azure-sdk-for-go/services/consumption/mgmt/2019-10-01/consumption" - "github.com/Azure/azure-sdk-for-go/services/costmanagement/mgmt/2019-11-01/costmanagement" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement" "github.com/elastic/beats/v7/x-pack/metricbeat/module/azure" "github.com/elastic/elastic-agent-libs/logp" @@ -31,13 +31,24 @@ func NewMockClient() *Client { } // GetForecast is a mock function for the billing service -func (service *MockService) GetForecast(scope string, startTime, endTime time.Time) (costmanagement.QueryResult, error) { +func (service *MockService) GetForecast( + scope string, + startTime, + endTime time.Time, +) (armcostmanagement.QueryResult, error) { args := service.Called(scope, startTime, endTime) - return args.Get(0).(costmanagement.QueryResult), args.Error(1) + return args.Get(0).(armcostmanagement.QueryResult), args.Error(1) } // GetUsageDetails is a mock function for the billing service -func (service *MockService) GetUsageDetails(scope string, expand string, filter string, skiptoken string, top *int32, metricType consumption.Metrictype, startDate string, endDate string) (consumption.UsageDetailsListResultPage, error) { - args := service.Called(scope, expand, filter, skiptoken, top, metricType, startDate, endDate) - return args.Get(0).(consumption.UsageDetailsListResultPage), args.Error(1) +func (service *MockService) GetUsageDetails( + scope string, + expand string, + filter string, + metricType armconsumption.Metrictype, + startDate string, + endDate string, +) (armconsumption.UsageDetailsListResult, error) { + args := service.Called(scope, expand, filter, metricType, startDate, endDate) + return args.Get(0).(armconsumption.UsageDetailsListResult), args.Error(1) } diff --git a/x-pack/metricbeat/module/azure/billing/service.go b/x-pack/metricbeat/module/azure/billing/service.go index 4766993c0724..2f09321efbac 100644 --- a/x-pack/metricbeat/module/azure/billing/service.go +++ b/x-pack/metricbeat/module/azure/billing/service.go @@ -6,61 +6,92 @@ package billing import ( "context" + "fmt" "time" - "github.com/Azure/go-autorest/autorest/date" - - "github.com/Azure/azure-sdk-for-go/services/consumption/mgmt/2019-10-01/consumption" - //"github.com/Azure/azure-sdk-for-go/services/costmanagement/mgmt/2019-11-01/costmanagement" - "github.com/Azure/go-autorest/autorest/azure/auth" - "github.com/elastic/beats/v7/x-pack/metricbeat/module/azure" "github.com/elastic/elastic-agent-libs/logp" - "github.com/Azure/azure-sdk-for-go/services/costmanagement/mgmt/2019-11-01/costmanagement" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/consumption/armconsumption" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/costmanagement/armcostmanagement" ) // Service offers access to Azure Usage Details and Forecast data. type Service interface { - GetForecast(scope string, startTime, endTime time.Time) (costmanagement.QueryResult, error) + GetForecast( + scope string, + startTime, + endTime time.Time, + ) (armcostmanagement.QueryResult, error) GetUsageDetails( scope string, expand string, filter string, - skipToken string, - top *int32, - metricType consumption.Metrictype, + metricType armconsumption.Metrictype, startDate string, - endDate string) (consumption.UsageDetailsListResultPage, error) + endDate string, + ) (armconsumption.UsageDetailsListResult, error) } // UsageService is a thin wrapper to the Usage Details API and the Forecast API from the Azure SDK for Go. type UsageService struct { - usageDetailsClient *consumption.UsageDetailsClient - forecastClient *costmanagement.ForecastClient + usageDetailsClient *armconsumption.UsageDetailsClient + forecastClient *armcostmanagement.ForecastClient context context.Context log *logp.Logger } // NewService builds a new UsageService using the given config. func NewService(config azure.Config) (*UsageService, error) { - clientConfig := auth.NewClientCredentialsConfig(config.ClientId, config.ClientSecret, config.TenantId) - clientConfig.AADEndpoint = config.ActiveDirectoryEndpoint - clientConfig.Resource = config.ResourceManagerEndpoint - authorizer, err := clientConfig.Authorizer() + cloudServicesConfig := cloud.AzurePublic.Services + + resourceManagerConfig := cloudServicesConfig[cloud.ResourceManager] + + if config.ResourceManagerEndpoint != "" && config.ResourceManagerEndpoint != azure.DefaultBaseURI { + resourceManagerConfig.Endpoint = config.ResourceManagerEndpoint + } + + if config.ResourceManagerAudience != "" { + resourceManagerConfig.Audience = config.ResourceManagerAudience + } + + cloudServicesConfig[cloud.ResourceManager] = resourceManagerConfig + + clientOptions := policy.ClientOptions{ + Cloud: cloud.Configuration{ + Services: cloudServicesConfig, + ActiveDirectoryAuthorityHost: config.ActiveDirectoryEndpoint, + }, + } + + credential, err := azidentity.NewClientSecretCredential(config.TenantId, config.ClientId, config.ClientSecret, &azidentity.ClientSecretCredentialOptions{ + ClientOptions: clientOptions, + }) if err != nil { - return nil, err + return nil, fmt.Errorf("couldn't create client credentials: %w", err) } - usageDetailsClient := consumption.NewUsageDetailsClientWithBaseURI(config.ResourceManagerEndpoint, config.SubscriptionId) - forecastsClient := costmanagement.NewForecastClientWithBaseURI(config.ResourceManagerEndpoint, config.SubscriptionId) + usageDetailsClient, err := armconsumption.NewUsageDetailsClient(credential, &arm.ClientOptions{ + ClientOptions: clientOptions, + }) + if err != nil { + return nil, fmt.Errorf("couldn't create usage details client: %w", err) + } - usageDetailsClient.Authorizer = authorizer - forecastsClient.Authorizer = authorizer + forecastsClient, err := armcostmanagement.NewForecastClient(credential, &arm.ClientOptions{ + ClientOptions: clientOptions, + }) + if err != nil { + return nil, fmt.Errorf("couldn't create forecast client: %w", err) + } service := UsageService{ - usageDetailsClient: &usageDetailsClient, - forecastClient: &forecastsClient, + usageDetailsClient: usageDetailsClient, + forecastClient: forecastsClient, context: context.Background(), log: logp.NewLogger("azure billing service"), } @@ -69,7 +100,11 @@ func NewService(config azure.Config) (*UsageService, error) { } // GetForecast fetches the forecast for the given scope and time interval. -func (service *UsageService) GetForecast(scope string, startTime, endTime time.Time) (costmanagement.QueryResult, error) { +func (service *UsageService) GetForecast( + scope string, + startTime, + endTime time.Time, +) (armcostmanagement.QueryResult, error) { // With this flag, the Forecast API will also return actual usage data // for the given time interval (usually the current month). // @@ -85,30 +120,35 @@ func (service *UsageService) GetForecast(scope string, startTime, endTime time.T // The aggregation is performed by the "sum" of "cost" for each day. aggregationName := "Cost" - aggregationFunction := costmanagement.FunctionTypeSum + aggregationFunction := armcostmanagement.FunctionTypeSum + + granularityDaily := armcostmanagement.GranularityTypeDaily + + forecastTimeframeCustom := armcostmanagement.ForecastTimeframeTypeCustom + forecastTypeActualCost := armcostmanagement.ForecastTypeActualCost - forecastDefinition := costmanagement.ForecastDefinition{ - Dataset: &costmanagement.QueryDataset{ - Aggregation: map[string]*costmanagement.QueryAggregation{ + forecastDefinition := armcostmanagement.ForecastDefinition{ + Dataset: &armcostmanagement.ForecastDataset{ + Aggregation: map[string]*armcostmanagement.QueryAggregation{ "totalCost": { - Function: aggregationFunction, + Function: &aggregationFunction, Name: &aggregationName, }, }, - Granularity: costmanagement.GranularityTypeDaily, + Granularity: &granularityDaily, }, // Time frame/period of the forecast. Required for MCA accounts. // // If omitted, EA users will get a forecast for the current month, and // MCA users will get an error. - Timeframe: costmanagement.ForecastTimeframeTypeCustom, - TimePeriod: &costmanagement.QueryTimePeriod{ - From: &date.Time{Time: startTime}, - To: &date.Time{Time: endTime}, + Timeframe: &forecastTimeframeCustom, + TimePeriod: &armcostmanagement.QueryTimePeriod{ + From: &startTime, + To: &endTime, }, - Type: costmanagement.ForecastTypeActualCost, + Type: &forecastTypeActualCost, IncludeActualCost: &includeActualCost, IncludeFreshPartialCost: &includeFreshPartialCost, } @@ -116,15 +156,43 @@ func (service *UsageService) GetForecast(scope string, startTime, endTime time.T // required, but I don't have a use for it, yet. filter := "" - queryResult, err := service.forecastClient.Usage(service.context, scope, forecastDefinition, filter) + queryResult, err := service.forecastClient.Usage(service.context, scope, forecastDefinition, &armcostmanagement.ForecastClientUsageOptions{ + Filter: &filter, + }) if err != nil { - return costmanagement.QueryResult{}, err + return armcostmanagement.QueryResult{}, err } - return queryResult, nil + return queryResult.QueryResult, nil } // GetUsageDetails fetches the usage details for the given filters. -func (service *UsageService) GetUsageDetails(scope string, expand string, filter string, skipToken string, top *int32, metrictype consumption.Metrictype, startDate string, endDate string) (consumption.UsageDetailsListResultPage, error) { - return service.usageDetailsClient.List(service.context, scope, expand, filter, skipToken, top, metrictype, startDate, endDate) +func (service *UsageService) GetUsageDetails( + scope string, + expand string, + filter string, + metrictype armconsumption.Metrictype, + startDate string, + endDate string, +) (armconsumption.UsageDetailsListResult, error) { + pager := service.usageDetailsClient.NewListPager(scope, &armconsumption.UsageDetailsClientListOptions{ + Expand: &expand, + Filter: &filter, + Metric: &metrictype, + StartDate: &startDate, + EndDate: &endDate, + }) + + usageDetails := armconsumption.UsageDetailsListResult{} + + for pager.More() { + nextPage, err := pager.NextPage(service.context) + if err != nil { + return armconsumption.UsageDetailsListResult{}, err + } + + usageDetails.Value = append(usageDetails.Value, nextPage.Value...) + } + + return usageDetails, nil } diff --git a/x-pack/metricbeat/module/azure/client.go b/x-pack/metricbeat/module/azure/client.go index 1971a62725e8..e9595425be39 100644 --- a/x-pack/metricbeat/module/azure/client.go +++ b/x-pack/metricbeat/module/azure/client.go @@ -9,9 +9,8 @@ import ( "strings" "time" - "github.com/Azure/azure-sdk-for-go/services/preview/monitor/mgmt/2019-06-01/insights" - - "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/elastic/beats/v7/metricbeat/mb" "github.com/elastic/elastic-agent-libs/logp" @@ -27,7 +26,7 @@ type Client struct { } // mapResourceMetrics function type will map the configuration options to client metrics (depending on the metricset) -type mapResourceMetrics func(client *Client, resources []resources.GenericResourceExpanded, resourceConfig ResourceConfig) ([]Metric, error) +type mapResourceMetrics func(client *Client, resources []*armresources.GenericResourceExpanded, resourceConfig ResourceConfig) ([]Metric, error) // NewClient instantiates the Azure monitoring client func NewClient(config Config) (*Client, error) { @@ -35,12 +34,15 @@ func NewClient(config Config) (*Client, error) { if err != nil { return nil, err } + client := &Client{ AzureMonitorService: azureMonitorService, Config: config, Log: logp.NewLogger("azure monitor client"), } + client.ResourceConfigurations.RefreshInterval = config.RefreshListInterval + return client, nil } @@ -167,13 +169,15 @@ func (client *Client) CreateMetric(resourceId string, subResourceId string, name } // MapMetricByPrimaryAggregation will map the primary aggregation of the metric definition to the client metric -func (client *Client) MapMetricByPrimaryAggregation(metrics []insights.MetricDefinition, resourceId string, subResourceId string, namespace string, dim []Dimension, timegrain string) []Metric { +func (client *Client) MapMetricByPrimaryAggregation(metrics []armmonitor.MetricDefinition, resourceId string, subResourceId string, namespace string, dim []Dimension, timegrain string) []Metric { var clientMetrics []Metric - metricGroups := make(map[string][]insights.MetricDefinition) + + metricGroups := make(map[string][]armmonitor.MetricDefinition) for _, met := range metrics { - metricGroups[string(met.PrimaryAggregationType)] = append(metricGroups[string(met.PrimaryAggregationType)], met) + metricGroups[string(*met.PrimaryAggregationType)] = append(metricGroups[string(*met.PrimaryAggregationType)], met) } + for key, metricGroup := range metricGroups { var metricNames []string for _, metricName := range metricGroup { @@ -186,9 +190,12 @@ func (client *Client) MapMetricByPrimaryAggregation(metrics []insights.MetricDef // GetVMForMetaData func will retrieve the vm details in order to fill in the cloud metadata and also update the client resources func (client *Client) GetVMForMetaData(resource *Resource, metricValues []MetricValue) VmResource { - var vm VmResource - resourceName := resource.Name - resourceId := resource.Id + var ( + vm VmResource + resourceName = resource.Name + resourceId = resource.Id + ) + // check first if this is a vm scaleset and the instance name is stored in the dimension value if dimension, ok := getDimension("VMName", metricValues[0].dimensions); ok { instanceId := getInstanceId(dimension.Value) @@ -197,17 +204,21 @@ func (client *Client) GetVMForMetaData(resource *Resource, metricValues []Metric resourceName = dimension.Value } } + // if vm has been already added to the resource then it should be returned if existingVM, ok := getVM(resourceName, resource.Vms); ok { return existingVM } + // an additional call is necessary in order to retrieve the vm specific details expandedResource, err := client.AzureMonitorService.GetResourceDefinitionById(resourceId) if err != nil { client.Log.Error(err, "could not retrieve the resource details by resource ID %s", resourceId) return VmResource{} } + vm.Name = *expandedResource.Name + if expandedResource.Properties != nil { if properties, ok := expandedResource.Properties.(map[string]interface{}); ok { if hardware, ok := properties["hardwareProfile"]; ok { @@ -220,12 +231,16 @@ func (client *Client) GetVMForMetaData(resource *Resource, metricValues []Metric } } } - if len(vm.Size) == 0 && expandedResource.Sku != nil && expandedResource.Sku.Name != nil { - vm.Size = *expandedResource.Sku.Name + + if len(vm.Size) == 0 && expandedResource.SKU != nil && expandedResource.SKU.Name != nil { + vm.Size = *expandedResource.SKU.Name } + // the client resource and selected resources are being updated in order to avoid additional calls client.AddVmToResource(resource.Id, vm) + resource.Vms = append(resource.Vms, vm) + return vm } diff --git a/x-pack/metricbeat/module/azure/client_test.go b/x-pack/metricbeat/module/azure/client_test.go index 11939b8c1ccc..1f95604e3b89 100644 --- a/x-pack/metricbeat/module/azure/client_test.go +++ b/x-pack/metricbeat/module/azure/client_test.go @@ -8,8 +8,8 @@ import ( "errors" "testing" - "github.com/Azure/azure-sdk-for-go/services/preview/monitor/mgmt/2019-06-01/insights" - "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" ) @@ -36,7 +36,7 @@ var ( } ) -func mockMapResourceMetrics(client *Client, resources []resources.GenericResourceExpanded, resourceConfig ResourceConfig) ([]Metric, error) { +func mockMapResourceMetrics(client *Client, resources []*armresources.GenericResourceExpanded, resourceConfig ResourceConfig) ([]Metric, error) { return nil, nil } @@ -50,7 +50,7 @@ func TestInitResources(t *testing.T) { client := NewMockClient() client.Config = resourceQueryConfig m := &MockService{} - m.On("GetResourceDefinitions", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return([]resources.GenericResourceExpanded{}, errors.New("invalid resource query")) + m.On("GetResourceDefinitions", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return([]*armresources.GenericResourceExpanded{}, errors.New("invalid resource query")) client.AzureMonitorService = m mr := MockReporterV2{} mr.On("Error", mock.Anything).Return(true) @@ -78,7 +78,7 @@ func TestGetMetricValues(t *testing.T) { } m := &MockService{} m.On("GetMetricValues", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Once(). - Return([]insights.Metric{}, "", errors.New("invalid parameters or no metrics found")) + Return([]armmonitor.Metric{}, "", errors.New("invalid parameters or no metrics found")) client.AzureMonitorService = m mr := MockReporterV2{} mr.On("Error", mock.Anything).Return(true) @@ -100,7 +100,7 @@ func TestGetMetricValues(t *testing.T) { } m := &MockService{} m.On("GetMetricValues", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything). - Return([]insights.Metric{}, "", errors.New("invalid parameters or no metrics found")) + Return([]armmonitor.Metric{}, "", errors.New("invalid parameters or no metrics found")) client.AzureMonitorService = m mr := MockReporterV2{} mr.On("Error", mock.Anything).Return(true) diff --git a/x-pack/metricbeat/module/azure/client_utils.go b/x-pack/metricbeat/module/azure/client_utils.go index abfccfa75ec7..d96996c7215b 100644 --- a/x-pack/metricbeat/module/azure/client_utils.go +++ b/x-pack/metricbeat/module/azure/client_utils.go @@ -10,7 +10,7 @@ import ( "strings" "time" - "github.com/Azure/azure-sdk-for-go/services/preview/monitor/mgmt/2019-06-01/insights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" ) // DefaultTimeGrain is set as default timegrain for the azure metrics @@ -19,23 +19,23 @@ const DefaultTimeGrain = "PT5M" var instanceIdRegex = regexp.MustCompile(`.*?(\d+)$`) // mapMetricValues should map the metric values -func mapMetricValues(metrics []insights.Metric, previousMetrics []MetricValue, startTime time.Time, endTime time.Time) []MetricValue { +func mapMetricValues(metrics []armmonitor.Metric, previousMetrics []MetricValue, startTime time.Time, endTime time.Time) []MetricValue { var currentMetrics []MetricValue // compare with the previously returned values and filter out any double records for _, v := range metrics { - for _, t := range *v.Timeseries { - for _, mv := range *t.Data { - if metricExists(*v.Name.Value, mv, previousMetrics) || metricIsEmpty(mv) { + for _, t := range v.Timeseries { + for _, mv := range t.Data { + if metricExists(*v.Name.Value, *mv, previousMetrics) || metricIsEmpty(*mv) { continue } // remove metric values that are not part of the timeline selected - if mv.TimeStamp.Time.After(startTime) && mv.TimeStamp.Time.Before(endTime) { + if mv.TimeStamp.After(startTime) && mv.TimeStamp.Before(endTime) { continue } // define the new metric value and match aggregations values var val MetricValue val.name = *v.Name.Value - val.timestamp = mv.TimeStamp.Time + val.timestamp = *mv.TimeStamp if mv.Minimum != nil { val.min = mv.Minimum } @@ -52,7 +52,7 @@ func mapMetricValues(metrics []insights.Metric, previousMetrics []MetricValue, s val.count = mv.Count } if t.Metadatavalues != nil { - for _, dim := range *t.Metadatavalues { + for _, dim := range t.Metadatavalues { val.dimensions = append(val.dimensions, Dimension{Name: *dim.Name.Value, Value: *dim.Value}) } } @@ -64,7 +64,7 @@ func mapMetricValues(metrics []insights.Metric, previousMetrics []MetricValue, s } // metricExists will check if the metric value has been retrieved in the past -func metricExists(name string, metric insights.MetricValue, metrics []MetricValue) bool { +func metricExists(name string, metric armmonitor.MetricValue, metrics []MetricValue) bool { for _, met := range metrics { if name == met.name && metric.TimeStamp.Equal(met.timestamp) && @@ -80,7 +80,7 @@ func metricExists(name string, metric insights.MetricValue, metrics []MetricValu } // metricIsEmpty will check if the metric value is empty, this seems to be an issue with the azure sdk -func metricIsEmpty(metric insights.MetricValue) bool { +func metricIsEmpty(metric armmonitor.MetricValue) bool { if metric.Average == nil && metric.Total == nil && metric.Minimum == nil && metric.Maximum == nil && metric.Count == nil { return true } @@ -138,22 +138,22 @@ func convertTimegrainToDuration(timegrain string) time.Duration { var duration time.Duration switch timegrain { case "PT1M": - duration = time.Duration(time.Minute) - default: + duration = time.Minute case "PT5M": - duration = time.Duration(5 * time.Minute) + duration = 5 * time.Minute case "PT15M": - duration = time.Duration(15 * time.Minute) + duration = 15 * time.Minute case "PT30M": - duration = time.Duration(30 * time.Minute) + duration = 30 * time.Minute case "PT1H": - duration = time.Duration(time.Hour) + duration = time.Hour case "PT6H": - duration = time.Duration(6 * time.Hour) + duration = 6 * time.Hour case "PT12H": - duration = time.Duration(12 * time.Hour) + duration = 12 * time.Hour case "PT1D": - duration = time.Duration(24 * time.Hour) + duration = 24 * time.Hour + default: } return duration } @@ -173,7 +173,7 @@ func groupMetricsByResource(metrics []Metric) map[string][]Metric { // getDimension will check if the dimension value is found in the list func getDimension(dimension string, dimensions []Dimension) (Dimension, bool) { for _, dim := range dimensions { - if strings.ToLower(dim.Name) == strings.ToLower(dimension) { + if strings.EqualFold(dim.Name, dimension) { return dim, true } } diff --git a/x-pack/metricbeat/module/azure/client_utils_test.go b/x-pack/metricbeat/module/azure/client_utils_test.go index 37528540f705..e3e2de4f96fb 100644 --- a/x-pack/metricbeat/module/azure/client_utils_test.go +++ b/x-pack/metricbeat/module/azure/client_utils_test.go @@ -8,7 +8,7 @@ import ( "testing" "time" - "github.com/Azure/azure-sdk-for-go/services/preview/monitor/mgmt/2019-06-01/insights" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" "github.com/Azure/go-autorest/autorest/date" "github.com/stretchr/testify/assert" ) @@ -22,8 +22,8 @@ func TestMetricExists(t *testing.T) { Time: date1, } var name = "Requests" - insightValue := insights.MetricValue{ - TimeStamp: &stamp, + insightValue := armmonitor.MetricValue{ + TimeStamp: &stamp.Time, Average: &fl, Minimum: &fl1, Maximum: nil, @@ -90,8 +90,8 @@ func TestMetricIsEmpty(t *testing.T) { stamp := date.Time{ Time: time.Date(2019, 12, 12, 12, 12, 12, 12, &location), } - insightValue := insights.MetricValue{ - TimeStamp: &stamp, + insightValue := armmonitor.MetricValue{ + TimeStamp: &stamp.Time, Average: &fl, Minimum: nil, Maximum: nil, diff --git a/x-pack/metricbeat/module/azure/config.go b/x-pack/metricbeat/module/azure/config.go index 3993cf16773b..a6e42ffce070 100644 --- a/x-pack/metricbeat/module/azure/config.go +++ b/x-pack/metricbeat/module/azure/config.go @@ -5,10 +5,9 @@ package azure import ( + "fmt" "time" - "github.com/pkg/errors" - "github.com/elastic/elastic-agent-libs/mapstr" ) @@ -35,6 +34,7 @@ type Config struct { SubscriptionId string `config:"subscription_id" validate:"required"` Period time.Duration `config:"period" validate:"nonzero,required"` ResourceManagerEndpoint string `config:"resource_manager_endpoint"` + ResourceManagerAudience string `config:"resource_manager_audience"` ActiveDirectoryEndpoint string `config:"active_directory_endpoint"` // specific to resource metrics Resources []ResourceConfig `config:"resources"` @@ -81,17 +81,17 @@ func (conf *Config) Validate() error { if conf.ActiveDirectoryEndpoint == "" { ok, err := AzureEnvs.HasKey(conf.ResourceManagerEndpoint) if err != nil { - return errors.Wrap(err, "No active directory endpoint found for the resource manager endpoint selected.") + return fmt.Errorf("no active directory endpoint found for the resource manager endpoint selected: %w", err) } if ok { add, err := AzureEnvs.GetValue(conf.ResourceManagerEndpoint) if err != nil { - return errors.Wrap(err, "No active directory endpoint found for the resource manager endpoint selected.") + return fmt.Errorf("no active directory endpoint found for the resource manager endpoint selected: %w", err) } conf.ActiveDirectoryEndpoint = add.(string) } if conf.ActiveDirectoryEndpoint == "" { - return errors.New("no active directory endpoint has been configured") + return fmt.Errorf("no active directory endpoint has been configured") } } return nil diff --git a/x-pack/metricbeat/module/azure/mock_service.go b/x-pack/metricbeat/module/azure/mock_service.go index 2bb591e9afe1..65f606dde128 100644 --- a/x-pack/metricbeat/module/azure/mock_service.go +++ b/x-pack/metricbeat/module/azure/mock_service.go @@ -5,8 +5,8 @@ package azure import ( - "github.com/Azure/azure-sdk-for-go/services/preview/monitor/mgmt/2019-06-01/insights" - "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/stretchr/testify/mock" "github.com/elastic/beats/v7/metricbeat/mb" @@ -18,33 +18,33 @@ type MockService struct { } // GetResourceDefinitionById is a mock function for the azure service -func (client *MockService) GetResourceDefinitionById(id string) (resources.GenericResource, error) { +func (client *MockService) GetResourceDefinitionById(id string) (armresources.GenericResource, error) { args := client.Called(id) - return args.Get(0).(resources.GenericResource), args.Error(1) + return args.Get(0).(armresources.GenericResource), args.Error(1) } // GetResourceDefinitions is a mock function for the azure service -func (client *MockService) GetResourceDefinitions(id []string, group []string, rType string, query string) ([]resources.GenericResourceExpanded, error) { +func (client *MockService) GetResourceDefinitions(id []string, group []string, rType string, query string) ([]*armresources.GenericResourceExpanded, error) { args := client.Called(id, group, rType, query) - return args.Get(0).([]resources.GenericResourceExpanded), args.Error(1) + return args.Get(0).([]*armresources.GenericResourceExpanded), args.Error(1) } // GetMetricDefinitions is a mock function for the azure service -func (client *MockService) GetMetricDefinitions(resourceId string, namespace string) (insights.MetricDefinitionCollection, error) { +func (client *MockService) GetMetricDefinitions(resourceId string, namespace string) (armmonitor.MetricDefinitionCollection, error) { args := client.Called(resourceId, namespace) - return args.Get(0).(insights.MetricDefinitionCollection), args.Error(1) + return args.Get(0).(armmonitor.MetricDefinitionCollection), args.Error(1) } // GetMetricNamespaces is a mock function for the azure service -func (client *MockService) GetMetricNamespaces(resourceId string) (insights.MetricNamespaceCollection, error) { +func (client *MockService) GetMetricNamespaces(resourceId string) (armmonitor.MetricNamespaceCollection, error) { args := client.Called(resourceId) - return args.Get(0).(insights.MetricNamespaceCollection), args.Error(1) + return args.Get(0).(armmonitor.MetricNamespaceCollection), args.Error(1) } // GetMetricValues is a mock function for the azure service -func (client *MockService) GetMetricValues(resourceId string, namespace string, timegrain string, timespan string, metricNames []string, aggregations string, filter string) ([]insights.Metric, string, error) { +func (client *MockService) GetMetricValues(resourceId string, namespace string, timegrain string, timespan string, metricNames []string, aggregations string, filter string) ([]armmonitor.Metric, string, error) { args := client.Called(resourceId, namespace) - return args.Get(0).([]insights.Metric), args.String(1), args.Error(2) + return args.Get(0).([]armmonitor.Metric), args.String(1), args.Error(2) } // MockReporterV2 mock implementation for testing purposes diff --git a/x-pack/metricbeat/module/azure/monitor/client_helper.go b/x-pack/metricbeat/module/azure/monitor/client_helper.go index c8ab62ca70c8..61254685bb7c 100644 --- a/x-pack/metricbeat/module/azure/monitor/client_helper.go +++ b/x-pack/metricbeat/module/azure/monitor/client_helper.go @@ -5,13 +5,12 @@ package monitor import ( + "fmt" "strings" - "github.com/pkg/errors" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" - "github.com/Azure/azure-sdk-for-go/services/preview/monitor/mgmt/2019-06-01/insights" - - "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/elastic/beats/v7/x-pack/metricbeat/module/azure" ) @@ -19,31 +18,31 @@ import ( const missingNamespace = "no metric definitions were found for resource %s and namespace %s. Verify if the namespace is spelled correctly or if it is supported by the resource in case." // mapMetrics should validate and map the metric related configuration to relevant azure monitor api parameters -func mapMetrics(client *azure.Client, resources []resources.GenericResourceExpanded, resourceConfig azure.ResourceConfig) ([]azure.Metric, error) { +func mapMetrics(client *azure.Client, resources []*armresources.GenericResourceExpanded, resourceConfig azure.ResourceConfig) ([]azure.Metric, error) { var metrics []azure.Metric for _, resource := range resources { for _, metric := range resourceConfig.Metrics { // get all metrics supported by the namespace provided metricDefinitions, err := client.AzureMonitorService.GetMetricDefinitions(*resource.ID, metric.Namespace) if err != nil { - return nil, errors.Wrapf(err, "no metric definitions were found for resource %s and namespace %s.", *resource.ID, metric.Namespace) + return nil, fmt.Errorf("no metric definitions were found for resource %s and namespace %s %w", *resource.ID, metric.Namespace, err) } - if len(*metricDefinitions.Value) == 0 { + if len(metricDefinitions.Value) == 0 { if metric.IgnoreUnsupported { client.Log.Infof(missingNamespace, *resource.ID, metric.Namespace) continue } - return nil, errors.Errorf(missingNamespace, *resource.ID, metric.Namespace) + return nil, fmt.Errorf("%s %s %s", missingNamespace, *resource.ID, metric.Namespace) } // validate metric names and filter on the supported metrics - supportedMetricNames, err := filterMetricNames(*resource.ID, metric, *metricDefinitions.Value) + supportedMetricNames, err := filterMetricNames(*resource.ID, metric, metricDefinitions.Value) if err != nil { return nil, err } //validate aggregations and filter on supported aggregations - metricGroups, err := filterOnSupportedAggregations(supportedMetricNames, metric, *metricDefinitions.Value) + metricGroups, err := filterOnSupportedAggregations(supportedMetricNames, metric, metricDefinitions.Value) if err != nil { return nil, err } @@ -52,7 +51,7 @@ func mapMetrics(client *azure.Client, resources []resources.GenericResourceExpan var dim []azure.Dimension if len(metric.Dimensions) > 0 { for _, dimension := range metric.Dimensions { - dim = append(dim, azure.Dimension{Name: dimension.Name, Value: dimension.Value}) + dim = append(dim, azure.Dimension(dimension)) } } for key, metricGroup := range metricGroups { @@ -68,7 +67,7 @@ func mapMetrics(client *azure.Client, resources []resources.GenericResourceExpan } // filterMetricNames func will verify if the metric names entered are valid and will also return the corresponding list of metrics -func filterMetricNames(resourceId string, metricConfig azure.MetricConfig, metricDefinitions []insights.MetricDefinition) ([]string, error) { +func filterMetricNames(resourceId string, metricConfig azure.MetricConfig, metricDefinitions []*armmonitor.MetricDefinition) ([]string, error) { var supportedMetricNames []string var unsupportedMetricNames []string // check if all metric names are selected (*) @@ -80,18 +79,18 @@ func filterMetricNames(resourceId string, metricConfig azure.MetricConfig, metri // verify if configured metric names are valid, return log error event for the invalid ones, map only the valid metric names supportedMetricNames, unsupportedMetricNames = filterConfiguredMetrics(metricConfig.Name, metricDefinitions) if len(unsupportedMetricNames) > 0 && !metricConfig.IgnoreUnsupported { - return nil, errors.Errorf("the metric names configured %s are not supported for the resource %s and namespace %s", + return nil, fmt.Errorf("the metric names configured %s are not supported for the resource %s and namespace %s", strings.Join(unsupportedMetricNames, ","), resourceId, metricConfig.Namespace) } } if len(supportedMetricNames) == 0 && !metricConfig.IgnoreUnsupported { - return nil, errors.Errorf("the metric names configured : %s are not supported for the resource %s and namespace %s ", strings.Join(metricConfig.Name, ","), resourceId, metricConfig.Namespace) + return nil, fmt.Errorf("the metric names configured : %s are not supported for the resource %s and namespace %s ", strings.Join(metricConfig.Name, ","), resourceId, metricConfig.Namespace) } return supportedMetricNames, nil } // filterConfiguredMetrics will filter out any unsupported metrics based on the namespace selected -func filterConfiguredMetrics(selectedRange []string, allRange []insights.MetricDefinition) ([]string, []string) { +func filterConfiguredMetrics(selectedRange []string, allRange []*armmonitor.MetricDefinition) ([]string, []string) { var inRange []string var notInRange []string var allMetrics string @@ -109,24 +108,28 @@ func filterConfiguredMetrics(selectedRange []string, allRange []insights.MetricD } // filterOnSupportedAggregations will verify if the aggregation values entered are supported and will also return the corresponding list of aggregations -func filterOnSupportedAggregations(metricNames []string, metricConfig azure.MetricConfig, metricDefinitions []insights.MetricDefinition) (map[string][]insights.MetricDefinition, error) { +func filterOnSupportedAggregations( + metricNames []string, + metricConfig azure.MetricConfig, + metricDefinitions []*armmonitor.MetricDefinition, +) (map[string][]*armmonitor.MetricDefinition, error) { var supportedAggregations []string var unsupportedAggregations []string - metricGroups := make(map[string][]insights.MetricDefinition) + metricGroups := make(map[string][]*armmonitor.MetricDefinition) metricDefs := getMetricDefinitionsByNames(metricDefinitions, metricNames) if len(metricConfig.Aggregations) == 0 { for _, metricDef := range metricDefs { - metricGroups[string(metricDef.PrimaryAggregationType)] = append(metricGroups[string(metricDef.PrimaryAggregationType)], metricDef) + metricGroups[string(*metricDef.PrimaryAggregationType)] = append(metricGroups[string(*metricDef.PrimaryAggregationType)], metricDef) } } else { supportedAggregations, unsupportedAggregations = filterAggregations(metricConfig.Aggregations, metricDefs) if len(unsupportedAggregations) > 0 { - return nil, errors.Errorf("the aggregations configured : %s are not supported for some of the metrics selected %s ", + return nil, fmt.Errorf("the aggregations configured : %s are not supported for some of the metrics selected %s ", strings.Join(unsupportedAggregations, ","), strings.Join(metricNames, ",")) } if len(supportedAggregations) == 0 { - return nil, errors.Errorf("no aggregations were found based on the aggregation values configured or supported between the metrics : %s", + return nil, fmt.Errorf("no aggregations were found based on the aggregation values configured or supported between the metrics : %s", strings.Join(metricNames, ",")) } key := strings.Join(supportedAggregations, ",") @@ -136,14 +139,14 @@ func filterOnSupportedAggregations(metricNames []string, metricConfig azure.Metr } // filterAggregations will filter out any unsupported aggregations based on the metrics selected -func filterAggregations(selectedRange []string, metrics []insights.MetricDefinition) ([]string, []string) { +func filterAggregations(selectedRange []string, metrics []*armmonitor.MetricDefinition) ([]string, []string) { var difference []string var supported = []string{"Average", "Maximum", "Minimum", "Count", "Total"} for _, metric := range metrics { var metricSupported []string - for _, agg := range *metric.SupportedAggregationTypes { - metricSupported = append(metricSupported, string(agg)) + for _, agg := range metric.SupportedAggregationTypes { + metricSupported = append(metricSupported, string(*agg)) } supported, _ = intersections(metricSupported, supported) } @@ -154,14 +157,15 @@ func filterAggregations(selectedRange []string, metrics []insights.MetricDefinit } // filter is a helper method, will filter out strings not part of a slice -func filter(src []string) (res []string) { +func filter(src []string) []string { + var res []string for _, s := range src { newStr := strings.Join(res, " ") if !strings.Contains(newStr, s) { res = append(res, s) } } - return + return res } // intersections is a helper method, will compare 2 slices and return their intersection and difference records @@ -180,8 +184,8 @@ func intersections(supported, selected []string) ([]string, []string) { } // getMetricDefinitionsByNames is a helper method, will compare 2 slices and return their intersection -func getMetricDefinitionsByNames(metricDefs []insights.MetricDefinition, names []string) []insights.MetricDefinition { - var metrics []insights.MetricDefinition +func getMetricDefinitionsByNames(metricDefs []*armmonitor.MetricDefinition, names []string) []*armmonitor.MetricDefinition { + var metrics []*armmonitor.MetricDefinition for _, def := range metricDefs { for _, supportedName := range names { if *def.Name.Value == supportedName { diff --git a/x-pack/metricbeat/module/azure/monitor/client_helper_test.go b/x-pack/metricbeat/module/azure/monitor/client_helper_test.go index 98305ec62555..d5c89bbbd781 100644 --- a/x-pack/metricbeat/module/azure/monitor/client_helper_test.go +++ b/x-pack/metricbeat/module/azure/monitor/client_helper_test.go @@ -9,20 +9,22 @@ import ( "github.com/stretchr/testify/mock" - "github.com/Azure/azure-sdk-for-go/services/preview/monitor/mgmt/2019-06-01/insights" - "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources" - "github.com/pkg/errors" + "fmt" + + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/stretchr/testify/assert" "github.com/elastic/beats/v7/x-pack/metricbeat/module/azure" ) -func MockResourceExpanded() resources.GenericResourceExpanded { +func MockResourceExpanded() *armresources.GenericResourceExpanded { id := "123" name := "resourceName" location := "resourceLocation" rType := "resourceType" - return resources.GenericResourceExpanded{ + + return &armresources.GenericResourceExpanded{ ID: &id, Name: &name, Location: &location, @@ -30,33 +32,55 @@ func MockResourceExpanded() resources.GenericResourceExpanded { } } -func MockMetricDefinitions() *[]insights.MetricDefinition { - metric1 := "TotalRequests" - metric2 := "Capacity" - metric3 := "BytesRead" - defs := []insights.MetricDefinition{ +func MockMetricDefinitions() []*armmonitor.MetricDefinition { + var ( + metric1 = "TotalRequests" + metric2 = "Capacity" + metric3 = "BytesRead" + + aggregationTypeAverage = armmonitor.AggregationTypeAverage + aggregationTypeCount = armmonitor.AggregationTypeCount + aggregationTypeMinimum = armmonitor.AggregationTypeMinimum + aggregationTypeMaximum = armmonitor.AggregationTypeMaximum + aggregationTypeTotal = armmonitor.AggregationTypeTotal + ) + + defs := []*armmonitor.MetricDefinition{ { - Name: &insights.LocalizableString{Value: &metric1}, - PrimaryAggregationType: insights.Average, - SupportedAggregationTypes: &[]insights.AggregationType{insights.Maximum, insights.Count, insights.Total, insights.Average}, + Name: &armmonitor.LocalizableString{Value: &metric1}, + PrimaryAggregationType: &aggregationTypeAverage, + SupportedAggregationTypes: []*armmonitor.AggregationType{ + &aggregationTypeMaximum, + &aggregationTypeCount, + &aggregationTypeTotal, + &aggregationTypeAverage, + }, }, { - Name: &insights.LocalizableString{Value: &metric2}, - PrimaryAggregationType: insights.Average, - SupportedAggregationTypes: &[]insights.AggregationType{insights.Average, insights.Count, insights.Minimum}, + Name: &armmonitor.LocalizableString{Value: &metric2}, + PrimaryAggregationType: &aggregationTypeAverage, + SupportedAggregationTypes: []*armmonitor.AggregationType{ + &aggregationTypeAverage, + &aggregationTypeCount, + &aggregationTypeMinimum, + }, }, { - Name: &insights.LocalizableString{Value: &metric3}, - PrimaryAggregationType: insights.Average, - SupportedAggregationTypes: &[]insights.AggregationType{insights.Average, insights.Count, insights.Minimum}, + Name: &armmonitor.LocalizableString{Value: &metric3}, + PrimaryAggregationType: &aggregationTypeAverage, + SupportedAggregationTypes: []*armmonitor.AggregationType{ + &aggregationTypeAverage, + &aggregationTypeCount, + &aggregationTypeMinimum, + }, }, } - return &defs + return defs } func TestMapMetric(t *testing.T) { resource := MockResourceExpanded() - metricDefinitions := insights.MetricDefinitionCollection{ + metricDefinitions := armmonitor.MetricDefinitionCollection{ Value: MockMetricDefinitions(), } metricConfig := azure.MetricConfig{Namespace: "namespace", Dimensions: []azure.DimensionConfig{{Name: "location", Value: "West Europe"}}} @@ -64,9 +88,9 @@ func TestMapMetric(t *testing.T) { client := azure.NewMockClient() t.Run("return error when no metric definitions were found", func(t *testing.T) { m := &azure.MockService{} - m.On("GetMetricDefinitions", mock.Anything, mock.Anything).Return(insights.MetricDefinitionCollection{}, errors.New("invalid resource ID")) + m.On("GetMetricDefinitions", mock.Anything, mock.Anything).Return(armmonitor.MetricDefinitionCollection{}, fmt.Errorf("invalid resource ID")) client.AzureMonitorService = m - metric, err := mapMetrics(client, []resources.GenericResourceExpanded{resource}, resourceConfig) + metric, err := mapMetrics(client, []*armresources.GenericResourceExpanded{resource}, resourceConfig) assert.Error(t, err) assert.Equal(t, metric, []azure.Metric(nil)) m.AssertExpectations(t) @@ -77,7 +101,7 @@ func TestMapMetric(t *testing.T) { client.AzureMonitorService = m metricConfig.Name = []string{"*"} resourceConfig.Metrics = []azure.MetricConfig{metricConfig} - metrics, err := mapMetrics(client, []resources.GenericResourceExpanded{resource}, resourceConfig) + metrics, err := mapMetrics(client, []*armresources.GenericResourceExpanded{resource}, resourceConfig) assert.NoError(t, err) assert.Equal(t, metrics[0].ResourceId, "123") assert.Equal(t, metrics[0].Namespace, "namespace") @@ -93,7 +117,7 @@ func TestMapMetric(t *testing.T) { metricConfig.Name = []string{"TotalRequests", "Capacity"} metricConfig.Aggregations = []string{"Average"} resourceConfig.Metrics = []azure.MetricConfig{metricConfig} - metrics, err := mapMetrics(client, []resources.GenericResourceExpanded{resource}, resourceConfig) + metrics, err := mapMetrics(client, []*armresources.GenericResourceExpanded{resource}, resourceConfig) assert.NoError(t, err) assert.True(t, len(metrics) > 0) @@ -108,14 +132,14 @@ func TestMapMetric(t *testing.T) { func TestFilterSConfiguredMetrics(t *testing.T) { selectedRange := []string{"TotalRequests", "Capacity", "CPUUsage"} - intersection, difference := filterConfiguredMetrics(selectedRange, *MockMetricDefinitions()) + intersection, difference := filterConfiguredMetrics(selectedRange, MockMetricDefinitions()) assert.Equal(t, intersection, []string{"TotalRequests", "Capacity"}) assert.Equal(t, difference, []string{"CPUUsage"}) } func TestFilterAggregations(t *testing.T) { selectedRange := []string{"Average", "Minimum"} - intersection, difference := filterAggregations(selectedRange, *MockMetricDefinitions()) + intersection, difference := filterAggregations(selectedRange, MockMetricDefinitions()) assert.Equal(t, intersection, []string{"Average"}) assert.Equal(t, difference, []string{"Minimum"}) } @@ -142,7 +166,7 @@ func TestIntersections(t *testing.T) { func TestGetMetricDefinitionsByNames(t *testing.T) { metrics := []string{"TotalRequests", "CPUUsage"} - result := getMetricDefinitionsByNames(*MockMetricDefinitions(), metrics) + result := getMetricDefinitionsByNames(MockMetricDefinitions(), metrics) assert.Equal(t, len(result), 1) assert.Equal(t, *result[0].Name.Value, "TotalRequests") } diff --git a/x-pack/metricbeat/module/azure/monitor/monitor_test.go b/x-pack/metricbeat/module/azure/monitor/monitor_test.go index eba7c3e9c9c4..cbc53541abcd 100644 --- a/x-pack/metricbeat/module/azure/monitor/monitor_test.go +++ b/x-pack/metricbeat/module/azure/monitor/monitor_test.go @@ -24,7 +24,7 @@ var ( "client_secret": "unique identifier", "client_id": "unique identifier", "subscription_id": "unique identifier", - "tenant_id": "unique identifier", + "tenant_id": "07482715-b847-4056-86e6-5eec1c7b5996", } resourceConfig = mapstr.M{ @@ -34,7 +34,7 @@ var ( "client_secret": "unique identifier", "client_id": "unique identifier", "subscription_id": "unique identifier", - "tenant_id": "unique identifier", + "tenant_id": "07482715-b847-4056-86e6-5eec1c7b5996", "resources": []mapstr.M{ { "resource_id": "test", diff --git a/x-pack/metricbeat/module/azure/monitor_service.go b/x-pack/metricbeat/module/azure/monitor_service.go index ee2e25aeaf92..9196a386c667 100644 --- a/x-pack/metricbeat/module/azure/monitor_service.go +++ b/x-pack/metricbeat/module/azure/monitor_service.go @@ -11,134 +11,269 @@ import ( "github.com/elastic/elastic-agent-libs/logp" - "github.com/Azure/azure-sdk-for-go/services/preview/monitor/mgmt/2019-06-01/insights" - "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources" - "github.com/Azure/go-autorest/autorest/azure/auth" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" ) // MonitorService service wrapper to the azure sdk for go type MonitorService struct { - metricsClient *insights.MetricsClient - metricDefinitionClient *insights.MetricDefinitionsClient - metricNamespaceClient *insights.MetricNamespacesClient - resourceClient *resources.Client + metricsClient *armmonitor.MetricsClient + metricDefinitionClient *armmonitor.MetricDefinitionsClient + metricNamespaceClient *armmonitor.MetricNamespacesClient + resourceClient *armresources.Client context context.Context log *logp.Logger } const ( metricNameLimit = 20 - ApiVersion = "2019-12-01" + ApiVersion = "2021-04-01" ) // NewService instantiates the Azure monitoring service func NewService(config Config) (*MonitorService, error) { - clientConfig := auth.NewClientCredentialsConfig(config.ClientId, config.ClientSecret, config.TenantId) - clientConfig.AADEndpoint = config.ActiveDirectoryEndpoint - clientConfig.Resource = config.ResourceManagerEndpoint - authorizer, err := clientConfig.Authorizer() + cloudServicesConfig := cloud.AzurePublic.Services + + resourceManagerConfig := cloudServicesConfig[cloud.ResourceManager] + + if config.ResourceManagerEndpoint != "" && config.ResourceManagerEndpoint != DefaultBaseURI { + resourceManagerConfig.Endpoint = config.ResourceManagerEndpoint + } + + if config.ResourceManagerAudience != "" { + resourceManagerConfig.Audience = config.ResourceManagerAudience + } + + clientOptions := policy.ClientOptions{ + Cloud: cloud.Configuration{ + Services: cloudServicesConfig, + ActiveDirectoryAuthorityHost: config.ActiveDirectoryEndpoint, + }, + } + + credential, err := azidentity.NewClientSecretCredential(config.TenantId, config.ClientId, config.ClientSecret, + &azidentity.ClientSecretCredentialOptions{ + ClientOptions: clientOptions, + }) + if err != nil { + return nil, fmt.Errorf("couldn't create client credentials: %w", err) + } + + metricsClient, err := armmonitor.NewMetricsClient(credential, &arm.ClientOptions{ + ClientOptions: clientOptions, + }) + if err != nil { + return nil, fmt.Errorf("couldn't create metrics client: %w", err) + } + + metricsDefinitionClient, err := armmonitor.NewMetricDefinitionsClient(credential, &arm.ClientOptions{ + ClientOptions: clientOptions, + }) if err != nil { - return nil, err - } - metricsClient := insights.NewMetricsClientWithBaseURI(config.ResourceManagerEndpoint, config.SubscriptionId) - metricsDefinitionClient := insights.NewMetricDefinitionsClientWithBaseURI(config.ResourceManagerEndpoint, config.SubscriptionId) - resourceClient := resources.NewClientWithBaseURI(config.ResourceManagerEndpoint, config.SubscriptionId) - metricNamespaceClient := insights.NewMetricNamespacesClientWithBaseURI(config.ResourceManagerEndpoint, config.SubscriptionId) - metricsClient.Authorizer = authorizer - metricsDefinitionClient.Authorizer = authorizer - resourceClient.Authorizer = authorizer - metricNamespaceClient.Authorizer = authorizer + return nil, fmt.Errorf("couldn't create metric definitions client: %w", err) + } + + resourceClient, err := armresources.NewClient(config.SubscriptionId, credential, &arm.ClientOptions{ + ClientOptions: clientOptions, + }) + if err != nil { + return nil, fmt.Errorf("couldn't create resources client: %w", err) + } + + metricNamespaceClient, err := armmonitor.NewMetricNamespacesClient(credential, &arm.ClientOptions{ + ClientOptions: clientOptions, + }) + if err != nil { + return nil, fmt.Errorf("couldn't create metric namespaces client: %w", err) + } + service := &MonitorService{ - metricDefinitionClient: &metricsDefinitionClient, - metricsClient: &metricsClient, - metricNamespaceClient: &metricNamespaceClient, - resourceClient: &resourceClient, + metricDefinitionClient: metricsDefinitionClient, + metricsClient: metricsClient, + metricNamespaceClient: metricNamespaceClient, + resourceClient: resourceClient, context: context.Background(), log: logp.NewLogger("azure monitor service"), } + return service, nil } // GetResourceDefinitions will retrieve the azure resources based on the options entered -func (service MonitorService) GetResourceDefinitions(id []string, group []string, rType string, query string) ([]resources.GenericResourceExpanded, error) { +func (service MonitorService) GetResourceDefinitions(id []string, group []string, rType string, query string) ([]*armresources.GenericResourceExpanded, error) { var resourceQuery string - var resourceList []resources.GenericResourceExpanded + var resourceList []*armresources.GenericResourceExpanded + if len(id) > 0 { // listing multiple resourceId conditions does not seem to work with the API, extracting the name and resource type does not work as the position of the `resourceType` can move if a parent resource is involved, filtering by resource name and resource group (if extracted) is also not possible as // different types of resources can contain the same name. for _, id := range id { - resource, err := service.resourceClient.List(service.context, fmt.Sprintf("resourceId eq '%s'", id), "", nil) - if err != nil { - return nil, err - } - if len(resource.Values()) > 0 { - resourceList = append(resourceList, resource.Values()...) + filter := fmt.Sprintf("resourceId eq '%s'", id) + pager := service.resourceClient.NewListPager(&armresources.ClientListOptions{ + Filter: &filter, + }) + + for pager.More() { + nextResult, err := pager.NextPage(service.context) + if err != nil { + return nil, err + } + + if len(nextResult.Value) > 0 { + resourceList = append(resourceList, nextResult.Value...) + } } } + return resourceList, nil } - if len(group) > 0 { + + switch { + case len(group) > 0: var filterList []string + for _, gr := range group { filterList = append(filterList, fmt.Sprintf("resourceGroup eq '%s'", gr)) } + resourceQuery = strings.Join(filterList, " OR ") if rType != "" { resourceQuery = fmt.Sprintf("(%s) AND resourceType eq '%s'", resourceQuery, rType) } - } else if query != "" { + case query != "": resourceQuery = query } - result, err := service.resourceClient.List(service.context, resourceQuery, "", nil) - if err == nil { - resourceList = result.Values() + + var tempResourceList []*armresources.GenericResourceExpanded + + pager := service.resourceClient.NewListPager(&armresources.ClientListOptions{ + Filter: &resourceQuery, + }) + for pager.More() { + nextResult, err := pager.NextPage(service.context) + if err != nil { + return nil, err + } + + tempResourceList = append(tempResourceList, nextResult.Value...) } - return resourceList, err + + resourceList = tempResourceList + + return resourceList, nil } // GetResourceDefinitionById will retrieve the azure resource based on the resource Id -func (service MonitorService) GetResourceDefinitionById(id string) (resources.GenericResource, error) { - return service.resourceClient.GetByID(service.context, id, ApiVersion) +func (service MonitorService) GetResourceDefinitionById(id string) (armresources.GenericResource, error) { + resp, err := service.resourceClient.GetByID(service.context, id, ApiVersion, nil) + if err != nil { + return armresources.GenericResource{}, err + } + + return resp.GenericResource, nil } // GetMetricNamespaces will return all supported namespaces based on the resource id and namespace -func (service *MonitorService) GetMetricNamespaces(resourceId string) (insights.MetricNamespaceCollection, error) { - return service.metricNamespaceClient.List(service.context, resourceId, "") +func (service *MonitorService) GetMetricNamespaces(resourceId string) (armmonitor.MetricNamespaceCollection, error) { + pager := service.metricNamespaceClient.NewListPager(resourceId, nil) + + metricNamespaceCollection := armmonitor.MetricNamespaceCollection{} + + for pager.More() { + nextPage, err := pager.NextPage(service.context) + if err != nil { + return armmonitor.MetricNamespaceCollection{}, err + } + + metricNamespaceCollection.Value = append(metricNamespaceCollection.Value, nextPage.Value...) + } + + return metricNamespaceCollection, nil } // GetMetricDefinitions will return all supported metrics based on the resource id and namespace -func (service *MonitorService) GetMetricDefinitions(resourceId string, namespace string) (insights.MetricDefinitionCollection, error) { - return service.metricDefinitionClient.List(service.context, resourceId, namespace) +func (service *MonitorService) GetMetricDefinitions(resourceId string, namespace string) (armmonitor.MetricDefinitionCollection, error) { + pager := service.metricDefinitionClient.NewListPager(resourceId, &armmonitor.MetricDefinitionsClientListOptions{ + Metricnamespace: &namespace, + }) + + metricDefinitionCollection := armmonitor.MetricDefinitionCollection{} + + for pager.More() { + nextPage, err := pager.NextPage(service.context) + if err != nil { + return armmonitor.MetricDefinitionCollection{}, err + } + + metricDefinitionCollection.Value = append(metricDefinitionCollection.Value, nextPage.Value...) + } + + return metricDefinitionCollection, nil } // GetMetricValues will return the metric values based on the resource and metric details -func (service *MonitorService) GetMetricValues(resourceId string, namespace string, timegrain string, timespan string, metricNames []string, aggregations string, filter string) ([]insights.Metric, string, error) { +func (service *MonitorService) GetMetricValues(resourceId string, namespace string, timegrain string, timespan string, metricNames []string, aggregations string, filter string) ([]armmonitor.Metric, string, error) { var tg *string var interval string + if timegrain != "" { tg = &timegrain } + + // orderBy := "" + resultTypeData := armmonitor.ResultTypeData + // check for limit of requested metrics (20) - var metrics []insights.Metric + var metrics []armmonitor.Metric + + // API fails with bad request if filter value is sent empty. + var metricsFilter *string + + if filter != "" { + metricsFilter = &filter + } + for i := 0; i < len(metricNames); i += metricNameLimit { end := i + metricNameLimit + if end > len(metricNames) { end = len(metricNames) } - resp, err := service.metricsClient.List(service.context, resourceId, timespan, tg, strings.Join(metricNames[i:end], ","), - aggregations, nil, "", filter, insights.Data, namespace) + + metricNames := strings.Join(metricNames[i:end], ",") + + resp, err := service.metricsClient.List(service.context, resourceId, &armmonitor.MetricsClientListOptions{ + Aggregation: &aggregations, + Filter: metricsFilter, + Interval: tg, + Metricnames: &metricNames, + Metricnamespace: &namespace, + Timespan: ×pan, + Top: nil, + // Orderby: &orderBy, + ResultType: &resultTypeData, + }) // check for applied charges before returning any errors if resp.Cost != nil && *resp.Cost != 0 { service.log.Warnf("Charges amounted to %v are being applied while retrieving the metric values from the resource %s ", *resp.Cost, resourceId) } + if err != nil { return metrics, "", err } + interval = *resp.Interval - metrics = append(metrics, *resp.Value...) + for _, v := range resp.Value { + metrics = append(metrics, *v) + } } + return metrics, interval, nil } diff --git a/x-pack/metricbeat/module/azure/service_interface.go b/x-pack/metricbeat/module/azure/service_interface.go index 738484ede33e..39a7da636214 100644 --- a/x-pack/metricbeat/module/azure/service_interface.go +++ b/x-pack/metricbeat/module/azure/service_interface.go @@ -5,15 +5,15 @@ package azure import ( - "github.com/Azure/azure-sdk-for-go/services/preview/monitor/mgmt/2019-06-01/insights" - "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" ) // Service interface for the azure monitor service and mock for testing type Service interface { - GetResourceDefinitionById(id string) (resources.GenericResource, error) - GetResourceDefinitions(id []string, group []string, rType string, query string) ([]resources.GenericResourceExpanded, error) - GetMetricDefinitions(resourceId string, namespace string) (insights.MetricDefinitionCollection, error) - GetMetricNamespaces(resourceId string) (insights.MetricNamespaceCollection, error) - GetMetricValues(resourceId string, namespace string, timegrain string, timespan string, metricNames []string, aggregations string, filter string) ([]insights.Metric, string, error) + GetResourceDefinitionById(id string) (armresources.GenericResource, error) + GetResourceDefinitions(id []string, group []string, rType string, query string) ([]*armresources.GenericResourceExpanded, error) + GetMetricDefinitions(resourceId string, namespace string) (armmonitor.MetricDefinitionCollection, error) + GetMetricNamespaces(resourceId string) (armmonitor.MetricNamespaceCollection, error) + GetMetricValues(resourceId string, namespace string, timegrain string, timespan string, metricNames []string, aggregations string, filter string) ([]armmonitor.Metric, string, error) } diff --git a/x-pack/metricbeat/module/azure/storage/client_helper.go b/x-pack/metricbeat/module/azure/storage/client_helper.go index a5b3d333941d..393607be7ae9 100644 --- a/x-pack/metricbeat/module/azure/storage/client_helper.go +++ b/x-pack/metricbeat/module/azure/storage/client_helper.go @@ -7,9 +7,8 @@ package storage import ( "fmt" - "github.com/Azure/azure-sdk-for-go/services/preview/monitor/mgmt/2019-06-01/insights" - "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources" - "github.com/pkg/errors" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/elastic/beats/v7/x-pack/metricbeat/module/azure" ) @@ -18,7 +17,7 @@ const resourceIDExtension = "/default" const serviceTypeNamespaceExtension = "Services" // mapMetrics should validate and map the metric related configuration to relevant azure monitor api parameters -func mapMetrics(client *azure.Client, resources []resources.GenericResourceExpanded, resourceConfig azure.ResourceConfig) ([]azure.Metric, error) { +func mapMetrics(client *azure.Client, resources []*armresources.GenericResourceExpanded, resourceConfig azure.ResourceConfig) ([]azure.Metric, error) { var metrics []azure.Metric // list all storage account namespaces for this metricset namespaces := []string{defaultStorageAccountNamespace} @@ -36,31 +35,40 @@ func mapMetrics(client *azure.Client, resources []resources.GenericResourceExpan for _, namespace := range namespaces { // resourceID will be different for a serviceType namespace, format will be resourceID/service/default var resourceID = *resource.ID + if i := retrieveServiceNamespace(namespace); i != "" { resourceID += i + resourceIDExtension } + // get all metric definitions supported by the namespace provided metricDefinitions, err := client.AzureMonitorService.GetMetricDefinitions(resourceID, namespace) if err != nil { - return nil, errors.Wrapf(err, "no metric definitions were found for resource %s and namespace %s.", resourceID, namespace) + return nil, fmt.Errorf("no metric definitions were found for resource %s and namespace %s %w", resourceID, namespace, err) } - if len(*metricDefinitions.Value) == 0 { - return nil, errors.Errorf("no metric definitions were found for resource %s and namespace %s.", resourceID, namespace) + + if len(metricDefinitions.Value) == 0 { + return nil, fmt.Errorf("no metric definitions were found for resource %s and namespace %s %w", resourceID, namespace, err) } - var filteredMetricDefinitions []insights.MetricDefinition - for _, metricDefinition := range *metricDefinitions.Value { - filteredMetricDefinitions = append(filteredMetricDefinitions, metricDefinition) + + var filteredMetricDefinitions []armmonitor.MetricDefinition + for _, metricDefinition := range metricDefinitions.Value { + filteredMetricDefinitions = append(filteredMetricDefinitions, *metricDefinition) } + // some metrics do not support the default PT5M timegrain so they will have to be grouped in a different API call, else call will fail groupedMetrics := groupOnTimeGrain(filteredMetricDefinitions) + for time, groupedMetricList := range groupedMetrics { // metrics will have to be grouped by allowed dimensions dimMetrics := groupMetricsByAllowedDimensions(groupedMetricList) + for dimension, mets := range dimMetrics { var dimensions []azure.Dimension + if dimension != azure.NoDimension { dimensions = []azure.Dimension{{Name: dimension, Value: "*"}} } + metrics = append(metrics, client.MapMetricByPrimaryAggregation(mets, *resource.ID, resourceID, namespace, dimensions, time)...) } } @@ -70,12 +78,13 @@ func mapMetrics(client *azure.Client, resources []resources.GenericResourceExpan } // groupOnTimeGrain - some metrics do not support the default timegrain value so the closest supported timegrain will be selected -func groupOnTimeGrain(list []insights.MetricDefinition) map[string][]insights.MetricDefinition { - var groupedList = make(map[string][]insights.MetricDefinition) +func groupOnTimeGrain(list []armmonitor.MetricDefinition) map[string][]armmonitor.MetricDefinition { + var groupedList = make(map[string][]armmonitor.MetricDefinition) + for _, metric := range list { - timegrain := retrieveSupportedMetricAvailability(*metric.MetricAvailabilities) + timegrain := retrieveSupportedMetricAvailability(metric.MetricAvailabilities) if _, ok := groupedList[timegrain]; !ok { - groupedList[timegrain] = make([]insights.MetricDefinition, 0) + groupedList[timegrain] = make([]armmonitor.MetricDefinition, 0) } groupedList[timegrain] = append(groupedList[timegrain], metric) } @@ -83,7 +92,7 @@ func groupOnTimeGrain(list []insights.MetricDefinition) map[string][]insights.Me } // retrieveSupportedMetricAvailability func will return the default timegrain if supported, else will return the next timegrain -func retrieveSupportedMetricAvailability(availabilities []insights.MetricAvailability) string { +func retrieveSupportedMetricAvailability(availabilities []*armmonitor.MetricAvailability) string { // common case in metrics supported by storage account - one availability if len(availabilities) == 1 { return *availabilities[0].TimeGrain @@ -112,12 +121,12 @@ func retrieveServiceNamespace(item string) string { } // filterAllowedDimension func will filter out all unallowed dimensions -func filterAllowedDimension(metric insights.MetricDefinition) []string { +func filterAllowedDimension(metric armmonitor.MetricDefinition) []string { if metric.Dimensions == nil { return nil } var dimensions []string - for _, dimension := range *metric.Dimensions { + for _, dimension := range metric.Dimensions { for _, dim := range allowedDimensions { if dim == *dimension.Value { dimensions = append(dimensions, dim) @@ -128,19 +137,19 @@ func filterAllowedDimension(metric insights.MetricDefinition) []string { } // groupMetricsByAllowedDimensions will group metrics by dimension names in order to reduce the number of api calls -func groupMetricsByAllowedDimensions(metrics []insights.MetricDefinition) map[string][]insights.MetricDefinition { - var groupedMetrics = make(map[string][]insights.MetricDefinition) +func groupMetricsByAllowedDimensions(metrics []armmonitor.MetricDefinition) map[string][]armmonitor.MetricDefinition { + var groupedMetrics = make(map[string][]armmonitor.MetricDefinition) for _, metric := range metrics { if dimensions := filterAllowedDimension(metric); len(dimensions) > 0 { for _, dimension := range dimensions { if _, ok := groupedMetrics[dimension]; !ok { - groupedMetrics[dimension] = make([]insights.MetricDefinition, 0) + groupedMetrics[dimension] = make([]armmonitor.MetricDefinition, 0) } groupedMetrics[dimension] = append(groupedMetrics[dimension], metric) } } else { if _, ok := groupedMetrics[azure.NoDimension]; !ok { - groupedMetrics[azure.NoDimension] = make([]insights.MetricDefinition, 0) + groupedMetrics[azure.NoDimension] = make([]armmonitor.MetricDefinition, 0) } groupedMetrics[azure.NoDimension] = append(groupedMetrics[azure.NoDimension], metric) } diff --git a/x-pack/metricbeat/module/azure/storage/client_helper_test.go b/x-pack/metricbeat/module/azure/storage/client_helper_test.go index f136f867b378..ecdf4941ac90 100644 --- a/x-pack/metricbeat/module/azure/storage/client_helper_test.go +++ b/x-pack/metricbeat/module/azure/storage/client_helper_test.go @@ -8,8 +8,8 @@ import ( "reflect" "testing" - "github.com/Azure/azure-sdk-for-go/services/preview/monitor/mgmt/2019-06-01/insights" - "github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-10-01/resources" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" @@ -20,25 +20,25 @@ var ( time1 = "PT1M" time2 = "PT5M" time3 = "PT1H" - availability1 = []insights.MetricAvailability{ + availability1 = []*armmonitor.MetricAvailability{ {TimeGrain: &time1}, {TimeGrain: &time2}, } - availability2 = []insights.MetricAvailability{ + availability2 = []*armmonitor.MetricAvailability{ {TimeGrain: &time3}, } - availability3 = []insights.MetricAvailability{ + availability3 = []*armmonitor.MetricAvailability{ {TimeGrain: &time1}, {TimeGrain: &time3}, } ) -func MockResource() resources.GenericResourceExpanded { +func MockResource() *armresources.GenericResourceExpanded { id := "123" name := "resourceName" location := "resourceLocation" rType := "resourceType" - return resources.GenericResourceExpanded{ + return &armresources.GenericResourceExpanded{ ID: &id, Name: &name, Location: &location, @@ -46,50 +46,74 @@ func MockResource() resources.GenericResourceExpanded { } } -func MockNamespace() insights.MetricNamespaceCollection { +func MockNamespace() armmonitor.MetricNamespaceCollection { name := "namespace" - property := insights.MetricNamespaceName{ + property := armmonitor.MetricNamespaceName{ MetricNamespaceName: &name, } - namespace := insights.MetricNamespace{ + namespace := &armmonitor.MetricNamespace{ Name: &name, Properties: &property, } - list := []insights.MetricNamespace{namespace} - return insights.MetricNamespaceCollection{ - Value: &list, + + list := []*armmonitor.MetricNamespace{namespace} + + return armmonitor.MetricNamespaceCollection{ + Value: list, } } -func MockMetricDefinitions() *[]insights.MetricDefinition { - metric1 := "TotalRequests" - metric2 := "Capacity" - defs := []insights.MetricDefinition{ +func MockMetricDefinitions() []*armmonitor.MetricDefinition { + var ( + metric1 = "TotalRequests" + metric2 = "Capacity" + + aggregationTypeAverage = armmonitor.AggregationTypeAverage + aggregationTypeCount = armmonitor.AggregationTypeCount + aggregationTypeMinimum = armmonitor.AggregationTypeMinimum + aggregationTypeMaximum = armmonitor.AggregationTypeMaximum + aggregationTypeTotal = armmonitor.AggregationTypeTotal + ) + + defs := []*armmonitor.MetricDefinition{ { - Name: &insights.LocalizableString{Value: &metric1}, - PrimaryAggregationType: insights.Average, - MetricAvailabilities: &availability1, - SupportedAggregationTypes: &[]insights.AggregationType{insights.Maximum, insights.Count, insights.Total, insights.Average}, + Name: &armmonitor.LocalizableString{Value: &metric1}, + PrimaryAggregationType: &aggregationTypeAverage, + MetricAvailabilities: availability1, + SupportedAggregationTypes: []*armmonitor.AggregationType{ + &aggregationTypeMaximum, + &aggregationTypeCount, + &aggregationTypeTotal, + &aggregationTypeAverage, + }, }, { - Name: &insights.LocalizableString{Value: &metric2}, - PrimaryAggregationType: insights.Average, - MetricAvailabilities: &availability2, - SupportedAggregationTypes: &[]insights.AggregationType{insights.Average, insights.Count, insights.Minimum}, + Name: &armmonitor.LocalizableString{Value: &metric2}, + PrimaryAggregationType: &aggregationTypeAverage, + MetricAvailabilities: availability2, + SupportedAggregationTypes: []*armmonitor.AggregationType{ + &aggregationTypeAverage, + &aggregationTypeCount, + &aggregationTypeMinimum, + }, }, } - return &defs + + return defs } func TestMapMetric(t *testing.T) { resource := MockResource() - metricDefinitions := insights.MetricDefinitionCollection{ + metricDefinitions := armmonitor.MetricDefinitionCollection{ Value: MockMetricDefinitions(), } - emptyList := []insights.MetricDefinition{} - emptyMetricDefinitions := insights.MetricDefinitionCollection{ - Value: &emptyList, + + emptyList := []*armmonitor.MetricDefinition{} + + emptyMetricDefinitions := armmonitor.MetricDefinitionCollection{ + Value: emptyList, } + metricConfig := azure.MetricConfig{Name: []string{"*"}} resourceConfig := azure.ResourceConfig{Metrics: []azure.MetricConfig{metricConfig}, ServiceType: []string{"blob"}} client := azure.NewMockClient() @@ -97,9 +121,9 @@ func TestMapMetric(t *testing.T) { m := &azure.MockService{} m.On("GetMetricDefinitions", mock.Anything, mock.Anything).Return(emptyMetricDefinitions, nil) client.AzureMonitorService = m - metric, err := mapMetrics(client, []resources.GenericResourceExpanded{resource}, resourceConfig) + metric, err := mapMetrics(client, []*armresources.GenericResourceExpanded{resource}, resourceConfig) assert.Error(t, err) - assert.Equal(t, err.Error(), "no metric definitions were found for resource 123 and namespace Microsoft.Storage/storageAccounts.") + assert.Equal(t, err.Error(), "no metric definitions were found for resource 123 and namespace Microsoft.Storage/storageAccounts %!w()") assert.Equal(t, metric, []azure.Metric(nil)) m.AssertExpectations(t) }) @@ -107,7 +131,7 @@ func TestMapMetric(t *testing.T) { m := &azure.MockService{} m.On("GetMetricDefinitions", mock.Anything, mock.Anything).Return(metricDefinitions, nil) client.AzureMonitorService = m - metrics, err := mapMetrics(client, []resources.GenericResourceExpanded{resource}, resourceConfig) + metrics, err := mapMetrics(client, []*armresources.GenericResourceExpanded{resource}, resourceConfig) assert.NoError(t, err) assert.Equal(t, metrics[0].ResourceId, "123") assert.Equal(t, metrics[0].Namespace, "Microsoft.Storage/storageAccounts") @@ -133,20 +157,20 @@ func TestMapMetric(t *testing.T) { } func TestFilterOnTimeGrain(t *testing.T) { - var list = []insights.MetricDefinition{ - {MetricAvailabilities: &availability1}, - {MetricAvailabilities: &availability2}, - {MetricAvailabilities: &availability3}, + var list = []armmonitor.MetricDefinition{ + {MetricAvailabilities: availability1}, + {MetricAvailabilities: availability2}, + {MetricAvailabilities: availability3}, } response := groupOnTimeGrain(list) assert.Equal(t, len(response), 2) - result := [][]insights.MetricDefinition{ + result := [][]armmonitor.MetricDefinition{ { - {MetricAvailabilities: &availability1}, + {MetricAvailabilities: availability1}, }, { - {MetricAvailabilities: &availability2}, - {MetricAvailabilities: &availability3}, + {MetricAvailabilities: availability2}, + {MetricAvailabilities: availability3}, }, } for key, availabilities := range response { diff --git a/x-pack/metricbeat/module/azure/storage/storage_test.go b/x-pack/metricbeat/module/azure/storage/storage_test.go index 6203a4040732..2e2e991664bd 100644 --- a/x-pack/metricbeat/module/azure/storage/storage_test.go +++ b/x-pack/metricbeat/module/azure/storage/storage_test.go @@ -24,7 +24,7 @@ var ( "client_secret": "unique identifier", "client_id": "unique identifier", "subscription_id": "unique identifier", - "tenant_id": "unique identifier", + "tenant_id": "07482715-b847-4056-86e6-5eec1c7b5996", } resourceConfig = mapstr.M{ @@ -34,7 +34,7 @@ var ( "client_secret": "unique identifier", "client_id": "unique identifier", "subscription_id": "unique identifier", - "tenant_id": "unique identifier", + "tenant_id": "07482715-b847-4056-86e6-5eec1c7b5996", "resources": []mapstr.M{ { "resource_id": "test", @@ -56,6 +56,7 @@ func TestFetch(t *testing.T) { assert.NotNil(t, metricsets) assert.NoError(t, err) ms, ok := metricsets[0].(*MetricSet) + assert.True(t, ok) assert.Equal(t, len(ms.Client.Config.Resources), 1) assert.Equal(t, ms.Client.Config.Resources[0].Query, fmt.Sprintf("resourceType eq '%s'", defaultStorageAccountNamespace)) @@ -64,6 +65,7 @@ func TestFetch(t *testing.T) { t.Fatal(err) } module, metricsets, err = mb.NewModule(c, mb.Registry) + assert.NoError(t, err) assert.NotNil(t, module) assert.NotNil(t, metricsets) ms, ok = metricsets[0].(*MetricSet) diff --git a/x-pack/metricbeat/module/statsd/server/data.go b/x-pack/metricbeat/module/statsd/server/data.go index b06e659d09d6..077b3a35e805 100644 --- a/x-pack/metricbeat/module/statsd/server/data.go +++ b/x-pack/metricbeat/module/statsd/server/data.go @@ -6,11 +6,11 @@ package server import ( "bytes" + "errors" + "fmt" "strconv" "time" - "github.com/pkg/errors" - "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/metricbeat/helper/server" "github.com/elastic/elastic-agent-libs/logp" @@ -20,8 +20,7 @@ import ( var errInvalidPacket = errors.New("invalid statsd packet") type metricProcessor struct { - registry *registry - reservoirSize int + registry *registry } type statsdMetric struct { @@ -32,12 +31,12 @@ type statsdMetric struct { tags map[string]string } -func splitTags(rawTags []byte, kvSep []byte) map[string]string { +func splitTags(rawTags, kvSep []byte) map[string]string { tags := map[string]string{} for _, kv := range bytes.Split(rawTags, []byte(",")) { kvSplit := bytes.SplitN(kv, kvSep, 2) if len(kvSplit) != 2 { - logger.Warnf("could not parse tags") + logger.Warn("could not parse tags") continue } tags[string(kvSplit[0])] = string(kvSplit[1]) @@ -86,14 +85,16 @@ func parseSingle(b []byte) (statsdMetric, error) { return s, nil } -// parse will parse a statsd metric into its components +// parse will parse statsd metrics into individual metric and then its components func parse(b []byte) ([]statsdMetric, error) { - metrics := []statsdMetric{} - for _, rawMetric := range bytes.Split(b, []byte("\n")) { - if len(rawMetric) > 0 { - metric, err := parseSingle(rawMetric) + rawMetrics := bytes.Split(b, []byte("\n")) + metrics := make([]statsdMetric, 0, len(rawMetrics)) + for i := range rawMetrics { + if len(rawMetrics[i]) > 0 { + metric, err := parseSingle(rawMetrics[i]) if err != nil { - return metrics, err + logger.Warnf("invalid packet: %s", err) + continue } metrics = append(metrics, metric) } @@ -120,13 +121,13 @@ func eventMapping(metricName string, metricValue interface{}, metricSetFields ma // Not all labels match // Skip and continue to next mapping if len(res) != (len(mapping.Labels) + 1) { - logger.Debugf("not all labels match in statsd.mapping, skipped") + logger.Debug("not all labels match in statsd.mapping, skipped") continue } // Let's add the metric set fields from labels names := mapping.regex.SubexpNames() - for i, _ := range res { + for i := range res { for _, label := range mapping.Labels { if label.Attr != names[i] { continue @@ -139,8 +140,6 @@ func eventMapping(metricName string, metricValue interface{}, metricSetFields ma // Let's add the metric with the value field metricSetFields[mapping.Value.Field] = metricValue } - - return } func newMetricProcessor(ttl time.Duration) *metricProcessor { @@ -162,10 +161,10 @@ func (p *metricProcessor) processSingle(m statsdMetric) error { var err error sampleRate, err = strconv.ParseFloat(m.sampleRate, 64) if err != nil { - return errors.Wrapf(err, "failed to process metric `%s` sample rate `%s`", m.name, m.sampleRate) + return fmt.Errorf("failed to process metric `%s` sample rate `%s`: %w", m.name, m.sampleRate, err) } if sampleRate <= 0.0 { - return errors.Errorf("sample rate of 0.0 is invalid for metric `%s`", m.name) + return fmt.Errorf("sample rate of 0.0 is invalid for metric `%s`: %w", m.name, err) } } @@ -174,7 +173,7 @@ func (p *metricProcessor) processSingle(m statsdMetric) error { c := p.registry.GetOrNewCounter(m.name, m.tags) v, err := strconv.ParseInt(m.value, 10, 64) if err != nil { - return errors.Wrapf(err, "failed to process counter `%s` with value `%s`", m.name, m.value) + return fmt.Errorf("failed to process counter `%s` with value `%s`: %w", m.name, m.value, err) } // apply sample rate v = int64(float64(v) * (1.0 / sampleRate)) @@ -183,9 +182,8 @@ func (p *metricProcessor) processSingle(m statsdMetric) error { c := p.registry.GetOrNewGauge64(m.name, m.tags) v, err := strconv.ParseFloat(m.value, 64) if err != nil { - return errors.Wrapf(err, "failed to process gauge `%s` with value `%s`", m.name, m.value) + return fmt.Errorf("failed to process gauge `%s` with value `%s`: %w", m.name, m.value, err) } - // inc/dec or set if m.value[0] == '+' || m.value[0] == '-' { c.Inc(v) @@ -196,14 +194,14 @@ func (p *metricProcessor) processSingle(m statsdMetric) error { c := p.registry.GetOrNewTimer(m.name, m.tags) v, err := strconv.ParseFloat(m.value, 64) if err != nil { - return errors.Wrapf(err, "failed to process timer `%s` with value `%s`", m.name, m.value) + return fmt.Errorf("failed to process timer `%s` with value `%s`: %w", m.name, m.value, err) } c.SampledUpdate(time.Duration(v), sampleRate) case "h": // TODO: can these be floats? c := p.registry.GetOrNewHistogram(m.name, m.tags) v, err := strconv.ParseInt(m.value, 10, 64) if err != nil { - return errors.Wrapf(err, "failed to process histogram `%s` with value `%s`", m.name, m.value) + return fmt.Errorf("failed to process histogram `%s` with value `%s`: %w", m.name, m.value, err) } c.Update(v) case "s": diff --git a/x-pack/metricbeat/module/statsd/server/data_test.go b/x-pack/metricbeat/module/statsd/server/data_test.go index bf24d945b6da..aeacfc731572 100644 --- a/x-pack/metricbeat/module/statsd/server/data_test.go +++ b/x-pack/metricbeat/module/statsd/server/data_test.go @@ -5,7 +5,7 @@ package server import ( - "fmt" + "errors" "testing" "time" @@ -820,7 +820,7 @@ func TestBuildMappings(t *testing.T) { value: field: started `, - err: fmt.Errorf(`repeated label fields "repeated_label_field"`), + err: errors.New(`repeated label fields "repeated_label_field"`), expected: nil, }, { @@ -833,13 +833,14 @@ func TestBuildMappings(t *testing.T) { value: field: colliding_field `, - err: fmt.Errorf(`collision between label field "colliding_field" and value field "colliding_field"`), + err: errors.New(`collision between label field "colliding_field" and value field "colliding_field"`), expected: nil, }, } { t.Run(test.title, func(t *testing.T) { var mappings []StatsdMapping err := yaml.Unmarshal([]byte(test.input), &mappings) + require.NoError(t, err) actual, err := buildMappings(mappings) for k, v := range actual { v.regex = nil @@ -883,12 +884,36 @@ func TestParseMetrics(t *testing.T) { }}, }, { - input: "decrement-counter:-15|c", - expected: []statsdMetric{{ - name: "decrement-counter", - metricType: "c", - value: "-15", - }}, + // All metrics are parsed except the invalid packet + input: "decrement-counter:-15|c\nmeter1-1.4|m\ndecrement-counter:-20|c", + expected: []statsdMetric{ + { + name: "decrement-counter", + metricType: "c", + value: "-15", + }, + { + name: "decrement-counter", + metricType: "c", + value: "-20", + }, + }, + }, + { + // All metrics are parsed except the invalid packet + input: "meter1-1.4|m\ndecrement-counter:-20|c\ntimer1:1.2|ms", + expected: []statsdMetric{ + { + name: "decrement-counter", + metricType: "c", + value: "-20", + }, + { + name: "timer1", + metricType: "ms", + value: "1.2", + }, + }, }, { input: "timer1:1.2|ms", @@ -995,12 +1020,10 @@ func TestParseMetrics(t *testing.T) { { input: "meter1-1.4|m", expected: []statsdMetric{}, - err: errInvalidPacket, }, { input: "meter1:1.4-m", expected: []statsdMetric{}, - err: errInvalidPacket, }, } { actual, err := parse([]byte(test.input)) @@ -1016,6 +1039,47 @@ func TestParseMetrics(t *testing.T) { } } +func TestParseSingle(t *testing.T) { + tests := map[string]struct { + input string + err error + want statsdMetric + }{ + "invalid packet #1": {input: "meter1-1.4|m", err: errInvalidPacket, want: statsdMetric{}}, + "invalid packet #2": {input: "meter1:1.4-m", err: errInvalidPacket, want: statsdMetric{}}, + "valid packet: counter with tags": { + input: "tags1:1|c|#k1:v1,k2:v2", + err: nil, + want: statsdMetric{ + name: "tags1", + metricType: "c", + sampleRate: "", + value: "1", + tags: map[string]string{"k1": "v1", "k2": "v2"}, + }, + }, + "valid packet: gauge": { + input: "gauge1:1.0|g", + err: nil, + want: statsdMetric{ + name: "gauge1", + metricType: "g", + sampleRate: "", + value: "1.0", + tags: nil, + }, + }, + } + + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + got, err := parseSingle([]byte(tc.input)) + assert.Equal(t, tc.err, err) + assert.Equal(t, tc.want, got) + }) + } +} + type testUDPEvent struct { event mapstr.M meta server.Meta @@ -1068,13 +1132,13 @@ func TestTagsGrouping(t *testing.T) { } expectedTags := []mapstr.M{ - mapstr.M{ + { "labels": mapstr.M{ "k1": "v1", "k2": "v2", }, }, - mapstr.M{ + { "labels": mapstr.M{ "k1": "v2", "k2": "v3", @@ -1182,6 +1246,7 @@ func TestGaugeDeltas(t *testing.T) { "metric01": map[string]interface{}{"value": -1.0}, }) } + func TestCounter(t *testing.T) { ms := mbtest.NewMetricSet(t, map[string]interface{}{"module": "statsd"}).(*MetricSet) testData := []string{ @@ -1316,5 +1381,4 @@ func BenchmarkIngest(b *testing.B) { err := ms.processor.Process(events[i%len(events)]) assert.NoError(b, err) } - } diff --git a/x-pack/metricbeat/modules.d/activemq.yml.disabled b/x-pack/metricbeat/modules.d/activemq.yml.disabled index de0ecb7c79f3..33716db01c9d 100644 --- a/x-pack/metricbeat/modules.d/activemq.yml.disabled +++ b/x-pack/metricbeat/modules.d/activemq.yml.disabled @@ -1,5 +1,5 @@ # Module: activemq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-activemq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-activemq.html - module: activemq metricsets: ['broker', 'queue', 'topic'] diff --git a/x-pack/metricbeat/modules.d/airflow.yml.disabled b/x-pack/metricbeat/modules.d/airflow.yml.disabled index e874fcf7db02..010b1daadd8c 100644 --- a/x-pack/metricbeat/modules.d/airflow.yml.disabled +++ b/x-pack/metricbeat/modules.d/airflow.yml.disabled @@ -1,5 +1,5 @@ # Module: airflow -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-airflow.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-airflow.html - module: airflow host: "localhost" diff --git a/x-pack/metricbeat/modules.d/aws.yml.disabled b/x-pack/metricbeat/modules.d/aws.yml.disabled index 8841991b7be8..3fc7c43a1088 100644 --- a/x-pack/metricbeat/modules.d/aws.yml.disabled +++ b/x-pack/metricbeat/modules.d/aws.yml.disabled @@ -1,5 +1,5 @@ # Module: aws -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-aws.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-aws.html - module: aws period: 1m @@ -52,5 +52,6 @@ - module: aws period: 1m latency: 5m + include_linked_accounts: false metricsets: - s3_request diff --git a/x-pack/metricbeat/modules.d/awsfargate.yml.disabled b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled index 81c34f5759dd..b2b91f06ee45 100644 --- a/x-pack/metricbeat/modules.d/awsfargate.yml.disabled +++ b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled @@ -1,5 +1,5 @@ # Module: awsfargate -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-awsfargate.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-awsfargate.html - module: awsfargate period: 10s diff --git a/x-pack/metricbeat/modules.d/azure.yml.disabled b/x-pack/metricbeat/modules.d/azure.yml.disabled index e42f064618a8..10d00e003cfc 100644 --- a/x-pack/metricbeat/modules.d/azure.yml.disabled +++ b/x-pack/metricbeat/modules.d/azure.yml.disabled @@ -1,5 +1,5 @@ # Module: azure -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-azure.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-azure.html - module: azure metricsets: diff --git a/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled b/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled index e082545a78d0..22a600e51d82 100644 --- a/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled +++ b/x-pack/metricbeat/modules.d/cloudfoundry.yml.disabled @@ -1,5 +1,5 @@ # Module: cloudfoundry -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-cloudfoundry.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-cloudfoundry.html - module: cloudfoundry metricsets: diff --git a/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled b/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled index 198fb66f8d88..5b0a48e86bbe 100644 --- a/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled +++ b/x-pack/metricbeat/modules.d/cockroachdb.yml.disabled @@ -1,5 +1,5 @@ # Module: cockroachdb -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-cockroachdb.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-cockroachdb.html - module: cockroachdb metricsets: ['status'] diff --git a/x-pack/metricbeat/modules.d/containerd.yml.disabled b/x-pack/metricbeat/modules.d/containerd.yml.disabled index 20b03cd9e508..f21b32139eb1 100644 --- a/x-pack/metricbeat/modules.d/containerd.yml.disabled +++ b/x-pack/metricbeat/modules.d/containerd.yml.disabled @@ -1,5 +1,5 @@ # Module: containerd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-containerd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-containerd.html - module: containerd metricsets: ["cpu", "memory", "blkio"] diff --git a/x-pack/metricbeat/modules.d/coredns.yml.disabled b/x-pack/metricbeat/modules.d/coredns.yml.disabled index 60e8b71c32c5..644a62bc4b77 100644 --- a/x-pack/metricbeat/modules.d/coredns.yml.disabled +++ b/x-pack/metricbeat/modules.d/coredns.yml.disabled @@ -1,5 +1,5 @@ # Module: coredns -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-coredns.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-coredns.html - module: coredns metricsets: ["stats"] diff --git a/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled b/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled index 0af7916573a0..e42dde843c2a 100644 --- a/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled +++ b/x-pack/metricbeat/modules.d/enterprisesearch-xpack.yml.disabled @@ -1,5 +1,5 @@ # Module: enterprisesearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-enterprisesearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-enterprisesearch.html - module: enterprisesearch xpack.enabled: true diff --git a/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled b/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled index 122e56b627b1..241791cc203c 100644 --- a/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled +++ b/x-pack/metricbeat/modules.d/enterprisesearch.yml.disabled @@ -1,5 +1,5 @@ # Module: enterprisesearch -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-enterprisesearch.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-enterprisesearch.html - module: enterprisesearch metricsets: ["health", "stats"] diff --git a/x-pack/metricbeat/modules.d/gcp.yml.disabled b/x-pack/metricbeat/modules.d/gcp.yml.disabled index f79e1607a453..4a42e04b3115 100644 --- a/x-pack/metricbeat/modules.d/gcp.yml.disabled +++ b/x-pack/metricbeat/modules.d/gcp.yml.disabled @@ -1,5 +1,5 @@ # Module: gcp -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-gcp.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-gcp.html - module: gcp metricsets: diff --git a/x-pack/metricbeat/modules.d/ibmmq.yml.disabled b/x-pack/metricbeat/modules.d/ibmmq.yml.disabled index 43940532263f..a2fdf552f1ca 100644 --- a/x-pack/metricbeat/modules.d/ibmmq.yml.disabled +++ b/x-pack/metricbeat/modules.d/ibmmq.yml.disabled @@ -1,5 +1,5 @@ # Module: ibmmq -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-ibmmq.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-ibmmq.html - module: ibmmq metricsets: ['qmgr'] diff --git a/x-pack/metricbeat/modules.d/iis.yml.disabled b/x-pack/metricbeat/modules.d/iis.yml.disabled index 19f348a28755..f81d67eedffa 100644 --- a/x-pack/metricbeat/modules.d/iis.yml.disabled +++ b/x-pack/metricbeat/modules.d/iis.yml.disabled @@ -1,5 +1,5 @@ # Module: iis -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-iis.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-iis.html - module: iis metricsets: diff --git a/x-pack/metricbeat/modules.d/istio.yml.disabled b/x-pack/metricbeat/modules.d/istio.yml.disabled index ccb0884610a9..55c2a1d715a8 100644 --- a/x-pack/metricbeat/modules.d/istio.yml.disabled +++ b/x-pack/metricbeat/modules.d/istio.yml.disabled @@ -1,5 +1,5 @@ # Module: istio -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-istio.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-istio.html # Istio mesh. To collect all Mixer-generated metrics. For versions of Istio prior to 1.5. - module: istio diff --git a/x-pack/metricbeat/modules.d/mssql.yml.disabled b/x-pack/metricbeat/modules.d/mssql.yml.disabled index fbbb7bad8fc1..12eff0522eed 100644 --- a/x-pack/metricbeat/modules.d/mssql.yml.disabled +++ b/x-pack/metricbeat/modules.d/mssql.yml.disabled @@ -1,5 +1,5 @@ # Module: mssql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-mssql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-mssql.html - module: mssql metricsets: diff --git a/x-pack/metricbeat/modules.d/oracle.yml.disabled b/x-pack/metricbeat/modules.d/oracle.yml.disabled index 445924b61ea1..99d59eb2c3a5 100644 --- a/x-pack/metricbeat/modules.d/oracle.yml.disabled +++ b/x-pack/metricbeat/modules.d/oracle.yml.disabled @@ -1,5 +1,5 @@ # Module: oracle -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-oracle.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-oracle.html # Module: oracle diff --git a/x-pack/metricbeat/modules.d/prometheus.yml.disabled b/x-pack/metricbeat/modules.d/prometheus.yml.disabled index 11cc449ba47b..d6e00936b2a5 100644 --- a/x-pack/metricbeat/modules.d/prometheus.yml.disabled +++ b/x-pack/metricbeat/modules.d/prometheus.yml.disabled @@ -1,5 +1,5 @@ # Module: prometheus -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-prometheus.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-prometheus.html - module: prometheus period: 10s diff --git a/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled b/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled index 350843a88e93..c3121d7c2fb1 100644 --- a/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled +++ b/x-pack/metricbeat/modules.d/redisenterprise.yml.disabled @@ -1,5 +1,5 @@ # Module: redisenterprise -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-redisenterprise.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-redisenterprise.html - module: redisenterprise metricsets: diff --git a/x-pack/metricbeat/modules.d/sql.yml.disabled b/x-pack/metricbeat/modules.d/sql.yml.disabled index f45644b0b112..5663e03b1ef1 100644 --- a/x-pack/metricbeat/modules.d/sql.yml.disabled +++ b/x-pack/metricbeat/modules.d/sql.yml.disabled @@ -1,5 +1,5 @@ # Module: sql -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-sql.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-sql.html - module: sql metricsets: diff --git a/x-pack/metricbeat/modules.d/stan.yml.disabled b/x-pack/metricbeat/modules.d/stan.yml.disabled index b3f192298747..0f93c0f5a0c2 100644 --- a/x-pack/metricbeat/modules.d/stan.yml.disabled +++ b/x-pack/metricbeat/modules.d/stan.yml.disabled @@ -1,5 +1,5 @@ # Module: stan -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-stan.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-stan.html - module: stan metricsets: ["stats", "subscriptions", "channels"] diff --git a/x-pack/metricbeat/modules.d/statsd.yml.disabled b/x-pack/metricbeat/modules.d/statsd.yml.disabled index 16712fd96b3d..ced946c242fd 100644 --- a/x-pack/metricbeat/modules.d/statsd.yml.disabled +++ b/x-pack/metricbeat/modules.d/statsd.yml.disabled @@ -1,5 +1,5 @@ # Module: statsd -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-statsd.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-statsd.html - module: statsd host: "localhost" diff --git a/x-pack/metricbeat/modules.d/syncgateway.yml.disabled b/x-pack/metricbeat/modules.d/syncgateway.yml.disabled index f37b367c9593..54c42a11809c 100644 --- a/x-pack/metricbeat/modules.d/syncgateway.yml.disabled +++ b/x-pack/metricbeat/modules.d/syncgateway.yml.disabled @@ -1,5 +1,5 @@ # Module: syncgateway -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-syncgateway.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-syncgateway.html - module: syncgateway metricsets: diff --git a/x-pack/metricbeat/modules.d/tomcat.yml.disabled b/x-pack/metricbeat/modules.d/tomcat.yml.disabled index 623f5a888d5c..58a9a4038f7b 100644 --- a/x-pack/metricbeat/modules.d/tomcat.yml.disabled +++ b/x-pack/metricbeat/modules.d/tomcat.yml.disabled @@ -1,5 +1,5 @@ # Module: tomcat -# Docs: https://www.elastic.co/guide/en/beats/metricbeat/main/metricbeat-module-tomcat.html +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-tomcat.html - module: tomcat metricsets: ['threading', 'cache', 'memory', 'requests'] diff --git a/x-pack/packetbeat/Jenkinsfile.yml b/x-pack/packetbeat/Jenkinsfile.yml index 4c07c4c0221f..82b0274deabb 100644 --- a/x-pack/packetbeat/Jenkinsfile.yml +++ b/x-pack/packetbeat/Jenkinsfile.yml @@ -60,6 +60,11 @@ stages: - "macosM1Test" tags: false ## for all the tags stage: extended + rhel-9: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "rhel-9" + stage: mandatory windows-2022: mage: "mage build unitTest" platforms: ## override default labels in this specific stage. diff --git a/x-pack/packetbeat/packetbeat.reference.yml b/x-pack/packetbeat/packetbeat.reference.yml index ee4f565e0c18..736c07548935 100644 --- a/x-pack/packetbeat/packetbeat.reference.yml +++ b/x-pack/packetbeat/packetbeat.reference.yml @@ -44,6 +44,11 @@ packetbeat.interfaces.internal_networks: # The default is 30 MB. #packetbeat.interfaces.buffer_size_mb: 30 +# Set the polling frequency for interface metrics. This currently only applies +# to the "afpacket" interface type. +# The default is 5s (seconds). +#packetbeat.interfaces.metrics_interval: 5s + # To scale processing across multiple Packetbeat processes, a fanout group # identifier can be specified. When `fanout_group` is used the Linux kernel splits # packets across Packetbeat instances in the same group by using a flow hash. It diff --git a/x-pack/winlogbeat/module/sysmon/ingest/sysmon.yml b/x-pack/winlogbeat/module/sysmon/ingest/sysmon.yml index 8468c29e87d7..6cd70ee7bd56 100644 --- a/x-pack/winlogbeat/module/sysmon/ingest/sysmon.yml +++ b/x-pack/winlogbeat/module/sysmon/ingest/sysmon.yml @@ -782,15 +782,20 @@ processors: if (answer.startsWith("type:")) { def parts = /\s+/.split(answer); - if (parts.length != 3) { + if (parts.length < 2) { throw new Exception("unexpected QueryResult format"); } - - answers.add([ - "type": params[parts[1]], - "data": parts[2] - ]); - relatedHosts.add(parts[2]); + if (parts.length == 3) { + answers.add([ + "type": params[parts[1]], + "data": parts[2] + ]); + relatedHosts.add(parts[2]); + } else { + answers.add([ + "type": params[parts[1]] + ]); + } } else { answer = answer.replace("::ffff:", ""); ips.add(answer); diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/collection/sysmon-no-evtx.evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/collection/sysmon-no-evtx.evtx.golden.json new file mode 100644 index 000000000000..32626231386b --- /dev/null +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/collection/sysmon-no-evtx.evtx.golden.json @@ -0,0 +1,47 @@ +[ + { + "event": { + "code": "22", + "kind": "event", + "provider": "Microsoft-Windows-Sysmon" + }, + "host": { + "name": "internal.network.org" + }, + "log": { + "level": "information" + }, + "winlog": { + "channel": "Microsoft-Windows-Sysmon/Operational", + "computer_name": "internal.network.org", + "event_data": { + "Image": "C:\\Windows\\System32\\lsass.exe", + "ProcessGuid": "{00000000-0000-0000-0000-000000000000}", + "ProcessId": "500", + "QueryName": "some.other.domain.com", + "QueryResults": "type: 33 ;type: 33 ;1:2:3::3;1.2.3.3;", + "QueryStatus": "0", + "RuleName": "-", + "User": "NT AUTHORITY\\SYSTEM", + "UtcTime": "2000-01-01T00:00:00.000" + }, + "event_id": "22", + "level": "information", + "opcode": "Info", + "process": { + "pid": 1000, + "thread": { + "id": 2000 + } + }, + "provider_guid": "{00000000-0000-0000-0000-000000000000}", + "provider_name": "Microsoft-Windows-Sysmon", + "record_id": 1111, + "time_created": "2000-01-01T00:00:00Z", + "user": { + "identifier": "A-0-0-00" + }, + "version": 5 + } + } +] diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-10.2-dns.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-10.2-dns.golden.json index 57fddb0e275d..be32a76383ef 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-10.2-dns.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-10.2-dns.golden.json @@ -34,7 +34,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.773701Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -136,7 +135,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.773734900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -239,7 +237,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.773751300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -346,7 +343,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.773860300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -449,7 +445,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.773878300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -539,8 +534,9 @@ ], "question": { "name": "confiant-integrations.global.ssl.fastly.net", - "registered_domain": "confiant-integrations.global.ssl.fastly.net", - "top_level_domain": "global.ssl.fastly.net" + "registered_domain": "global.ssl.fastly.net", + "subdomain": "confiant-integrations", + "top_level_domain": "ssl.fastly.net" }, "resolved_ip": [ "151.101.1.194", @@ -557,7 +553,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.773931300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -656,7 +651,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.773947600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -762,7 +756,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.773963700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -857,7 +850,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774007200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -965,7 +957,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774062200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1109,7 +1100,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774078900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1215,7 +1205,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774112400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1316,7 +1305,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774166300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1423,7 +1411,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774267400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1518,7 +1505,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774283800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1624,7 +1610,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774312Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1727,7 +1712,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774330300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1829,7 +1813,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774385800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1958,7 +1941,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774419200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2053,8 +2035,9 @@ ], "question": { "name": "clarium.freetls.fastly.net", - "registered_domain": "clarium.freetls.fastly.net", - "top_level_domain": "freetls.fastly.net" + "registered_domain": "freetls.fastly.net", + "subdomain": "clarium", + "top_level_domain": "fastly.net" }, "resolved_ip": [ "151.101.194.79", @@ -2071,7 +2054,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774434800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2226,7 +2208,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774450Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2378,7 +2359,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774489600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2533,7 +2513,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774523Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2654,7 +2633,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774562600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2805,7 +2783,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774578600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2966,7 +2943,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774592900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3074,7 +3050,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774604100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3216,7 +3191,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774616600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3326,7 +3300,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774629200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3469,7 +3442,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774645300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3575,7 +3547,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774658100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3672,7 +3643,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774732100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3808,7 +3778,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774764Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -3941,7 +3910,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774798100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4044,7 +4012,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774809600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4176,7 +4143,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774843200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4330,7 +4296,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774880100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4488,7 +4453,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774892300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4595,7 +4559,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774905800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4742,7 +4705,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774932Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4893,7 +4855,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774942600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -4999,7 +4960,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774956100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5092,7 +5052,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774966100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5201,7 +5160,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.774991400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5341,7 +5299,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775006900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5490,7 +5447,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775021800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5604,7 +5560,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775036700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5754,7 +5709,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775051600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5870,7 +5824,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775066300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -5998,7 +5951,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775081Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6105,7 +6057,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775096200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6203,7 +6154,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775111500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6287,7 +6237,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775148400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6367,7 +6316,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775184200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6505,7 +6453,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775246500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6620,7 +6567,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775264600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6719,7 +6665,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775280100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6861,7 +6806,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775295Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -6976,7 +6920,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775309500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7120,7 +7063,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775324500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7226,7 +7168,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775338700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7338,7 +7279,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775353200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7453,7 +7393,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775367700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7554,7 +7493,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775383700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7696,7 +7634,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775398800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -7852,7 +7789,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775413200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8010,7 +7946,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775427900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8162,7 +8097,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775442300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8277,7 +8211,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775456800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8391,7 +8324,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775472Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8491,7 +8423,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775486500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8633,7 +8564,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775501200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8794,7 +8724,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775515700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -8946,7 +8875,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775530400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9056,7 +8984,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775570Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9204,7 +9131,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775583800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9315,7 +9241,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775615300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9463,7 +9388,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775648500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9615,7 +9539,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775770600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9744,7 +9667,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775788300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -9897,7 +9819,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775820400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10029,7 +9950,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775851100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10127,7 +10047,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775888700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10268,7 +10187,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775899100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10389,7 +10307,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775953700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10484,7 +10401,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.775968900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10625,7 +10541,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776019500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10777,7 +10692,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776052500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -10908,7 +10822,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776093500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11055,7 +10968,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776107700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11195,7 +11107,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776118400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11333,7 +11244,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776133300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11492,7 +11402,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776144300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11646,7 +11555,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776158800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11791,7 +11699,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776170Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -11941,7 +11848,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776180100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12092,7 +11998,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776194800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12202,7 +12107,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776209300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12343,7 +12247,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776223400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12453,7 +12356,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776242400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12566,7 +12468,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776257400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12671,7 +12572,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776271800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12774,7 +12674,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776286200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12876,7 +12775,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776300500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -12979,7 +12877,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776314800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13077,7 +12974,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776329Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13183,7 +13079,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776343200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13286,7 +13181,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776357400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13392,7 +13286,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776371400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13495,7 +13388,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776385700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13597,7 +13489,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776400100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13699,7 +13590,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776414600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13848,7 +13738,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776428700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -13970,7 +13859,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776443200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14076,7 +13964,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776457400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14220,7 +14107,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776471400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14322,7 +14208,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776485800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14422,7 +14307,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776500100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14570,7 +14454,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776514300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14677,7 +14560,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776528600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14778,7 +14660,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776542700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -14924,7 +14805,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776556700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15085,7 +14965,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776570600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15197,7 +15076,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776586800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15345,7 +15223,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776601200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15503,7 +15380,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776616500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15656,7 +15532,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776672300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15803,7 +15678,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776839200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -15959,7 +15833,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776888800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -16321,7 +16194,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -16534,7 +16406,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776929800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -16644,7 +16515,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776944Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -16749,7 +16619,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776960900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -16835,7 +16704,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776975700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -16932,7 +16800,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.776990100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -17081,7 +16948,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777004300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -17239,7 +17105,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777018400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -17350,7 +17215,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777032700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -17493,7 +17357,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777046600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -17644,7 +17507,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777060700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -17794,7 +17656,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777079700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -17933,7 +17794,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777088100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -18041,7 +17901,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777094600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -18143,7 +18002,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777102400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -18286,7 +18144,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777108200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -18408,7 +18265,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777117700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -18560,7 +18416,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777144300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -18667,7 +18522,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777156200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -18768,7 +18622,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777163100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -18866,7 +18719,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.777205500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -18950,7 +18802,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.778350300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -19027,7 +18878,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.778386300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -19104,7 +18954,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.778398900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -19205,7 +19054,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.778411100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -19304,7 +19152,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.778423200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -19435,7 +19282,6 @@ "network" ], "code": "22", - "ingested": "2022-06-08T05:43:58.778435Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-filedelete.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-filedelete.golden.json index fd3bd910927d..b9a4dad64b7c 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-filedelete.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-filedelete.golden.json @@ -9,7 +9,6 @@ "file" ], "code": "23", - "ingested": "2022-06-08T05:43:59.441187600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -95,7 +94,6 @@ "file" ], "code": "23", - "ingested": "2022-06-08T05:43:59.441228100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -177,7 +175,6 @@ "file" ], "code": "23", - "ingested": "2022-06-08T05:43:59.441237800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-filedeletedetected.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-filedeletedetected.golden.json index 7c3de49ee67e..e058bfb168df 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-filedeletedetected.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-filedeletedetected.golden.json @@ -9,7 +9,6 @@ "file" ], "code": "26", - "ingested": "2022-06-08T05:43:59.469107800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -90,7 +89,6 @@ "file" ], "code": "26", - "ingested": "2022-06-08T05:43:59.469128600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-registry.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-registry.golden.json index 3202da160c89..82c66715fdc1 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-registry.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-11-registry.golden.json @@ -10,7 +10,6 @@ "registry" ], "code": "13", - "ingested": "2022-06-08T05:43:59.481703200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -83,7 +82,6 @@ "registry" ], "code": "13", - "ingested": "2022-06-08T05:43:59.481743400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -156,7 +154,6 @@ "registry" ], "code": "13", - "ingested": "2022-06-08T05:43:59.481754200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -229,7 +226,6 @@ "registry" ], "code": "13", - "ingested": "2022-06-08T05:43:59.481765Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -302,7 +298,6 @@ "registry" ], "code": "13", - "ingested": "2022-06-08T05:43:59.481866400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-12-loadimage.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-12-loadimage.golden.json index 3bec5596d5c1..f03df6a6dfde 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-12-loadimage.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-12-loadimage.golden.json @@ -9,7 +9,6 @@ "process" ], "code": "7", - "ingested": "2022-06-08T05:43:59.511582Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-12-processcreate.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-12-processcreate.golden.json index 7768f215d471..7747ccf46eba 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-12-processcreate.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-12-processcreate.golden.json @@ -9,7 +9,6 @@ "process" ], "code": "1", - "ingested": "2022-06-08T05:43:59.519128600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-13-clipboardchange.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-13-clipboardchange.golden.json index b8bf9c88b0db..a8e3c1c18b76 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-13-clipboardchange.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-13-clipboardchange.golden.json @@ -6,7 +6,6 @@ }, "event": { "code": "24", - "ingested": "2022-06-08T05:43:59.529777700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-13-processtampering.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-13-processtampering.golden.json index 039fa1ab72ae..8ff7aca6af2c 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-13-processtampering.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-13-processtampering.golden.json @@ -9,7 +9,6 @@ "process" ], "code": "25", - "ingested": "2022-06-08T05:43:59.536869500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-9.01.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-9.01.golden.json index b7f7a5b55955..67e22fa17534 100644 --- a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-9.01.golden.json +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-9.01.golden.json @@ -9,7 +9,6 @@ "configuration" ], "code": "16", - "ingested": "2022-06-08T05:43:59.545036400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -60,7 +59,6 @@ "process" ], "code": "4", - "ingested": "2022-06-08T05:43:59.545055Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -116,7 +114,6 @@ "process" ], "code": "1", - "ingested": "2022-06-08T05:43:59.545067Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -219,7 +216,6 @@ "process" ], "code": "1", - "ingested": "2022-06-08T05:43:59.545078400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -325,7 +321,6 @@ "process" ], "code": "5", - "ingested": "2022-06-08T05:43:59.545089900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -382,7 +377,6 @@ "process" ], "code": "5", - "ingested": "2022-06-08T05:43:59.545101100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -439,7 +433,6 @@ "process" ], "code": "1", - "ingested": "2022-06-08T05:43:59.545112500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -549,7 +542,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545123700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -634,7 +626,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545135100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -720,7 +711,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545143100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -806,7 +796,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545149Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -892,7 +881,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545153600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -978,7 +966,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545160600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1062,7 +1049,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545170500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1148,7 +1134,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545180100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1233,7 +1218,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545191700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1317,7 +1301,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545202500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1401,7 +1384,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545207800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1486,7 +1468,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545212500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1571,7 +1552,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545217900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1656,7 +1636,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545228Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1741,7 +1720,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545239300Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1826,7 +1804,6 @@ "network" ], "code": "3", - "ingested": "2022-06-08T05:43:59.545244900Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1907,7 +1884,6 @@ "process" ], "code": "5", - "ingested": "2022-06-08T05:43:59.545253700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -1964,7 +1940,6 @@ "process" ], "code": "5", - "ingested": "2022-06-08T05:43:59.545265200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2021,7 +1996,6 @@ "file" ], "code": "2", - "ingested": "2022-06-08T05:43:59.545276400Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2088,7 +2062,6 @@ "file" ], "code": "2", - "ingested": "2022-06-08T05:43:59.545287700Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2155,7 +2128,6 @@ "file" ], "code": "2", - "ingested": "2022-06-08T05:43:59.545299200Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2222,7 +2194,6 @@ "file" ], "code": "2", - "ingested": "2022-06-08T05:43:59.545310500Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2289,7 +2260,6 @@ "process" ], "code": "5", - "ingested": "2022-06-08T05:43:59.545321800Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2346,7 +2316,6 @@ "file" ], "code": "2", - "ingested": "2022-06-08T05:43:59.545333100Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", @@ -2413,7 +2382,6 @@ "file" ], "code": "2", - "ingested": "2022-06-08T05:43:59.545344600Z", "kind": "event", "module": "sysmon", "provider": "Microsoft-Windows-Sysmon", diff --git a/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-no-evtx.golden.json b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-no-evtx.golden.json new file mode 100644 index 000000000000..93a011fed42b --- /dev/null +++ b/x-pack/winlogbeat/module/sysmon/test/testdata/ingest/sysmon-no-evtx.golden.json @@ -0,0 +1,104 @@ +[ + { + "dns": { + "answers": [ + { + "type": "SRV" + }, + { + "type": "SRV" + }, + { + "data": "1:2:3::3", + "type": "AAAA" + }, + { + "data": "1.2.3.3", + "type": "A" + } + ], + "question": { + "name": "some.other.domain.com", + "registered_domain": "domain.com", + "subdomain": "some.other", + "top_level_domain": "com" + }, + "resolved_ip": [ + "1:2:3::3", + "1.2.3.3" + ] + }, + "ecs": { + "version": "1.12.0" + }, + "event": { + "category": [ + "network" + ], + "code": "22", + "kind": "event", + "module": "sysmon", + "provider": "Microsoft-Windows-Sysmon", + "type": [ + "connection", + "protocol", + "info" + ] + }, + "host": { + "name": "internal.network.org" + }, + "log": { + "level": "information" + }, + "network": { + "protocol": "dns" + }, + "process": { + "executable": "C:\\Windows\\System32\\lsass.exe", + "name": "lsass.exe", + "pid": 500 + }, + "related": { + "hosts": [ + "some.other.domain.com" + ], + "ip": [ + "1:2:3::3", + "1.2.3.3" + ], + "user": [ + "SYSTEM" + ] + }, + "sysmon": { + "dns": { + "status": "SUCCESS" + } + }, + "user": { + "domain": "NT AUTHORITY", + "id": "A-0-0-00", + "name": "SYSTEM" + }, + "winlog": { + "channel": "Microsoft-Windows-Sysmon/Operational", + "computer_name": "internal.network.org", + "event_id": "22", + "opcode": "Info", + "process": { + "pid": 1000, + "thread": { + "id": 2000 + } + }, + "provider_guid": "{00000000-0000-0000-0000-000000000000}", + "provider_name": "Microsoft-Windows-Sysmon", + "record_id": "1111", + "user": { + "identifier": "A-0-0-00" + }, + "version": 5 + } + } +] \ No newline at end of file diff --git a/x-pack/winlogbeat/module/testing.go b/x-pack/winlogbeat/module/testing.go index 69490fa3f91c..8e402c030902 100644 --- a/x-pack/winlogbeat/module/testing.go +++ b/x-pack/winlogbeat/module/testing.go @@ -50,7 +50,7 @@ func WithFieldFilter(filter []string) Option { } // TestIngestPipeline tests the partial pipeline by reading events from the .json files -// and processing them the ingest pipeline. Then it compares the results against +// and processing them through the ingest pipeline. Then it compares the results against // a saved golden file. Use -update to regenerate the golden files. func TestIngestPipeline(t *testing.T, pipeline, json string, opts ...Option) { var p params