Spaces:
Configuration error
Configuration error
| [ | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:00:12Z", | |
| "hostname": "bastion01.prod.fintech-core.internal", | |
| "service": "sshd", | |
| "event_type": "authentication_success", | |
| "source_ip": "10.20.30.14", | |
| "user": "ops_admin", | |
| "raw_message": "Accepted publickey for ops_admin from 10.20.30.14 port 54412 ssh2: RSA SHA256:8d:2a:11:9c" | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:00:15Z", | |
| "hostname": "bastion01.prod.fintech-core.internal", | |
| "service": "sshd", | |
| "event_type": "session_opened", | |
| "source_ip": "10.20.30.14", | |
| "user": "ops_admin", | |
| "raw_message": "pam_unix(sshd:session): session opened for user ops_admin by (uid=0)" | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:01:03Z", | |
| "hostname": "app01.prod.fintech-core.internal", | |
| "service": "sudo", | |
| "event_type": "session_opened", | |
| "source_ip": null, | |
| "user": "ops_admin", | |
| "raw_message": "ops_admin : TTY=pts/1 ; PWD=/opt/fintech ; USER=root ; COMMAND=/usr/bin/systemctl restart payments-api" | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:02:10Z", | |
| "client_ip": "10.20.40.55", | |
| "request_method": "GET", | |
| "request_path": "/", | |
| "status_code": 200, | |
| "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:02:11Z", | |
| "client_ip": "10.20.40.55", | |
| "request_method": "GET", | |
| "request_path": "/assets/app.js", | |
| "status_code": 200, | |
| "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:02:11Z", | |
| "client_ip": "10.20.40.55", | |
| "request_method": "GET", | |
| "request_path": "/assets/styles.css", | |
| "status_code": 200, | |
| "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:02:14Z", | |
| "client_ip": "10.20.40.55", | |
| "request_method": "GET", | |
| "request_path": "/favicon.ico", | |
| "status_code": 200, | |
| "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:03:08Z", | |
| "client_ip": "10.20.41.22", | |
| "request_method": "GET", | |
| "request_path": "/login", | |
| "status_code": 200, | |
| "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4) AppleWebKit/605.1.15 Version/17.4 Safari/605.1.15", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:03:19Z", | |
| "client_ip": "10.20.41.22", | |
| "request_method": "POST", | |
| "request_path": "/api/v1/session", | |
| "status_code": 200, | |
| "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4) AppleWebKit/605.1.15 Version/17.4 Safari/605.1.15", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:04:01Z", | |
| "hostname": "db01.prod.fintech-core.internal", | |
| "service": "sshd", | |
| "event_type": "authentication_success", | |
| "source_ip": "10.20.30.14", | |
| "user": "ops_admin", | |
| "raw_message": "Accepted publickey for ops_admin from 10.20.30.14 port 54501 ssh2: ED25519 SHA256:2f:0d:8b:ce" | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:04:04Z", | |
| "hostname": "db01.prod.fintech-core.internal", | |
| "service": "sshd", | |
| "event_type": "session_opened", | |
| "source_ip": "10.20.30.14", | |
| "user": "ops_admin", | |
| "raw_message": "pam_unix(sshd:session): session opened for user ops_admin by (uid=0)" | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:05:33Z", | |
| "client_ip": "172.16.8.19", | |
| "request_method": "GET", | |
| "request_path": "/healthz", | |
| "status_code": 200, | |
| "user_agent": "kube-probe/1.29", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:06:10Z", | |
| "client_ip": "10.20.42.61", | |
| "request_method": "GET", | |
| "request_path": "/api/v1/accounts/summary", | |
| "status_code": 200, | |
| "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/123.0.0.0 Safari/537.36", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:06:47Z", | |
| "hostname": "app02.prod.fintech-core.internal", | |
| "service": "sudo", | |
| "event_type": "session_opened", | |
| "source_ip": null, | |
| "user": "secops", | |
| "raw_message": "secops : TTY=pts/2 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/journalctl -u nginx --since '5 min ago'" | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:07:18Z", | |
| "client_ip": "10.20.43.77", | |
| "request_method": "GET", | |
| "request_path": "/assets/logo.svg", | |
| "status_code": 200, | |
| "user_agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 Mobile/15E148", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:07:20Z", | |
| "client_ip": "10.20.43.77", | |
| "request_method": "GET", | |
| "request_path": "/assets/fonts/ibm-plex-sans.woff2", | |
| "status_code": 200, | |
| "user_agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 Mobile/15E148", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:08:05Z", | |
| "hostname": "app01.prod.fintech-core.internal", | |
| "service": "sshd", | |
| "event_type": "authentication_success", | |
| "source_ip": "10.20.30.14", | |
| "user": "deploy", | |
| "raw_message": "Accepted publickey for deploy from 10.20.30.14 port 55110 ssh2: ECDSA SHA256:11:74:d1:90" | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:08:06Z", | |
| "hostname": "app01.prod.fintech-core.internal", | |
| "service": "sshd", | |
| "event_type": "session_opened", | |
| "source_ip": "10.20.30.14", | |
| "user": "deploy", | |
| "raw_message": "pam_unix(sshd:session): session opened for user deploy by (uid=0)" | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:09:42Z", | |
| "client_ip": "10.20.44.13", | |
| "request_method": "GET", | |
| "request_path": "/api/v1/transactions?limit=25", | |
| "status_code": 200, | |
| "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:10:02Z", | |
| "client_ip": "172.16.8.19", | |
| "request_method": "GET", | |
| "request_path": "/readyz", | |
| "status_code": 200, | |
| "user_agent": "kube-probe/1.29", | |
| "payload_signature": null | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:10:44Z", | |
| "hostname": "bastion01.prod.fintech-core.internal", | |
| "service": "sudo", | |
| "event_type": "session_opened", | |
| "source_ip": null, | |
| "user": "ops_admin", | |
| "raw_message": "ops_admin : TTY=pts/0 ; PWD=/home/ops_admin ; USER=root ; COMMAND=/usr/bin/tail -n 200 /var/log/auth.log" | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:12:09Z", | |
| "client_ip": "185.220.101.45", | |
| "request_method": "GET", | |
| "request_path": "/api/v1/users?email=' OR 1=1 --", | |
| "status_code": 403, | |
| "user_agent": "sqlmap/1.8.5#stable", | |
| "payload_signature": "SQLI_TAUTOLOGY_OR_1_EQ_1" | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:12:21Z", | |
| "client_ip": "185.220.101.45", | |
| "request_method": "GET", | |
| "request_path": "/search?q=%3Cscript%3Ealert('xss')%3C%2Fscript%3E", | |
| "status_code": 403, | |
| "user_agent": "Mozilla/5.0 (compatible; ReconBot/2.1)", | |
| "payload_signature": "XSS_SCRIPT_TAG_IN_QUERY" | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:12:58Z", | |
| "hostname": "app01.prod.fintech-core.internal", | |
| "service": "sshd", | |
| "event_type": "authentication_failed", | |
| "source_ip": "185.220.101.45", | |
| "user": "root", | |
| "raw_message": "Failed password for root from 185.220.101.45 port 60211 ssh2" | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:13:11Z", | |
| "hostname": "app01.prod.fintech-core.internal", | |
| "service": "sshd", | |
| "event_type": "authentication_failed", | |
| "source_ip": "91.240.118.172", | |
| "user": "admin", | |
| "raw_message": "Failed password for invalid user admin from 91.240.118.172 port 42544 ssh2" | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:13:23Z", | |
| "hostname": "app01.prod.fintech-core.internal", | |
| "service": "sshd", | |
| "event_type": "authentication_failed", | |
| "source_ip": "103.77.192.66", | |
| "user": "oracle", | |
| "raw_message": "Failed password for invalid user oracle from 103.77.192.66 port 33318 ssh2" | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:13:47Z", | |
| "client_ip": "45.146.165.9", | |
| "request_method": "GET", | |
| "request_path": "/?file=../../../../etc/passwd", | |
| "status_code": 403, | |
| "user_agent": "curl/8.6.0", | |
| "payload_signature": "LFI_PATH_TRAVERSAL_DOTDOT" | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:14:05Z", | |
| "client_ip": "203.0.113.212", | |
| "request_method": "GET", | |
| "request_path": "/api/v1/export?format=csv;cat%20/etc/shadow", | |
| "status_code": 403, | |
| "user_agent": "python-requests/2.32.3", | |
| "payload_signature": "CMDI_SHELL_METACHAR_SEQUENCE" | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:14:22Z", | |
| "hostname": "db01.prod.fintech-core.internal", | |
| "service": "sudo", | |
| "event_type": "authentication_failed", | |
| "source_ip": null, | |
| "user": "intern", | |
| "raw_message": "intern : 3 incorrect password attempts ; TTY=pts/5 ; PWD=/home/intern ; USER=root ; COMMAND=/bin/su -" | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:14:49Z", | |
| "hostname": "bastion01.prod.fintech-core.internal", | |
| "service": "sudo", | |
| "event_type": "authentication_failed", | |
| "source_ip": null, | |
| "user": "www-data", | |
| "raw_message": "www-data is not in the sudoers file. This incident will be reported." | |
| }, | |
| { | |
| "log_type": "nginx_waf", | |
| "timestamp": "2026-05-10T09:15:03Z", | |
| "client_ip": "198.51.100.77", | |
| "request_method": "GET", | |
| "request_path": "/login?next=https://evil.example/%0d%0aSet-Cookie:session=steal", | |
| "status_code": 403, | |
| "user_agent": "Mozilla/5.0 zgrab/0.x", | |
| "payload_signature": "CRLF_HEADER_INJECTION" | |
| }, | |
| { | |
| "log_type": "linux_auth", | |
| "timestamp": "2026-05-10T09:15:31Z", | |
| "hostname": "app02.prod.fintech-core.internal", | |
| "service": "sshd", | |
| "event_type": "authentication_failed", | |
| "source_ip": "185.220.101.45", | |
| "user": "deploy", | |
| "raw_message": "maximum authentication attempts exceeded for deploy from 185.220.101.45 port 60320 ssh2 [preauth]" | |
| } | |
| ] |