ZERO-NOISE / logs.json
KanchanP's picture
Upload 9 files
943768f verified
Raw
History Blame Contribute Delete
11.6 kB
[
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:00:12Z",
"hostname": "bastion01.prod.fintech-core.internal",
"service": "sshd",
"event_type": "authentication_success",
"source_ip": "10.20.30.14",
"user": "ops_admin",
"raw_message": "Accepted publickey for ops_admin from 10.20.30.14 port 54412 ssh2: RSA SHA256:8d:2a:11:9c"
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:00:15Z",
"hostname": "bastion01.prod.fintech-core.internal",
"service": "sshd",
"event_type": "session_opened",
"source_ip": "10.20.30.14",
"user": "ops_admin",
"raw_message": "pam_unix(sshd:session): session opened for user ops_admin by (uid=0)"
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:01:03Z",
"hostname": "app01.prod.fintech-core.internal",
"service": "sudo",
"event_type": "session_opened",
"source_ip": null,
"user": "ops_admin",
"raw_message": "ops_admin : TTY=pts/1 ; PWD=/opt/fintech ; USER=root ; COMMAND=/usr/bin/systemctl restart payments-api"
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:02:10Z",
"client_ip": "10.20.40.55",
"request_method": "GET",
"request_path": "/",
"status_code": 200,
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36",
"payload_signature": null
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:02:11Z",
"client_ip": "10.20.40.55",
"request_method": "GET",
"request_path": "/assets/app.js",
"status_code": 200,
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36",
"payload_signature": null
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:02:11Z",
"client_ip": "10.20.40.55",
"request_method": "GET",
"request_path": "/assets/styles.css",
"status_code": 200,
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36",
"payload_signature": null
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:02:14Z",
"client_ip": "10.20.40.55",
"request_method": "GET",
"request_path": "/favicon.ico",
"status_code": 200,
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36",
"payload_signature": null
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:03:08Z",
"client_ip": "10.20.41.22",
"request_method": "GET",
"request_path": "/login",
"status_code": 200,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4) AppleWebKit/605.1.15 Version/17.4 Safari/605.1.15",
"payload_signature": null
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:03:19Z",
"client_ip": "10.20.41.22",
"request_method": "POST",
"request_path": "/api/v1/session",
"status_code": 200,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4) AppleWebKit/605.1.15 Version/17.4 Safari/605.1.15",
"payload_signature": null
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:04:01Z",
"hostname": "db01.prod.fintech-core.internal",
"service": "sshd",
"event_type": "authentication_success",
"source_ip": "10.20.30.14",
"user": "ops_admin",
"raw_message": "Accepted publickey for ops_admin from 10.20.30.14 port 54501 ssh2: ED25519 SHA256:2f:0d:8b:ce"
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:04:04Z",
"hostname": "db01.prod.fintech-core.internal",
"service": "sshd",
"event_type": "session_opened",
"source_ip": "10.20.30.14",
"user": "ops_admin",
"raw_message": "pam_unix(sshd:session): session opened for user ops_admin by (uid=0)"
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:05:33Z",
"client_ip": "172.16.8.19",
"request_method": "GET",
"request_path": "/healthz",
"status_code": 200,
"user_agent": "kube-probe/1.29",
"payload_signature": null
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:06:10Z",
"client_ip": "10.20.42.61",
"request_method": "GET",
"request_path": "/api/v1/accounts/summary",
"status_code": 200,
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/123.0.0.0 Safari/537.36",
"payload_signature": null
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:06:47Z",
"hostname": "app02.prod.fintech-core.internal",
"service": "sudo",
"event_type": "session_opened",
"source_ip": null,
"user": "secops",
"raw_message": "secops : TTY=pts/2 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/journalctl -u nginx --since '5 min ago'"
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:07:18Z",
"client_ip": "10.20.43.77",
"request_method": "GET",
"request_path": "/assets/logo.svg",
"status_code": 200,
"user_agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 Mobile/15E148",
"payload_signature": null
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:07:20Z",
"client_ip": "10.20.43.77",
"request_method": "GET",
"request_path": "/assets/fonts/ibm-plex-sans.woff2",
"status_code": 200,
"user_agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 Mobile/15E148",
"payload_signature": null
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:08:05Z",
"hostname": "app01.prod.fintech-core.internal",
"service": "sshd",
"event_type": "authentication_success",
"source_ip": "10.20.30.14",
"user": "deploy",
"raw_message": "Accepted publickey for deploy from 10.20.30.14 port 55110 ssh2: ECDSA SHA256:11:74:d1:90"
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:08:06Z",
"hostname": "app01.prod.fintech-core.internal",
"service": "sshd",
"event_type": "session_opened",
"source_ip": "10.20.30.14",
"user": "deploy",
"raw_message": "pam_unix(sshd:session): session opened for user deploy by (uid=0)"
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:09:42Z",
"client_ip": "10.20.44.13",
"request_method": "GET",
"request_path": "/api/v1/transactions?limit=25",
"status_code": 200,
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36",
"payload_signature": null
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:10:02Z",
"client_ip": "172.16.8.19",
"request_method": "GET",
"request_path": "/readyz",
"status_code": 200,
"user_agent": "kube-probe/1.29",
"payload_signature": null
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:10:44Z",
"hostname": "bastion01.prod.fintech-core.internal",
"service": "sudo",
"event_type": "session_opened",
"source_ip": null,
"user": "ops_admin",
"raw_message": "ops_admin : TTY=pts/0 ; PWD=/home/ops_admin ; USER=root ; COMMAND=/usr/bin/tail -n 200 /var/log/auth.log"
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:12:09Z",
"client_ip": "185.220.101.45",
"request_method": "GET",
"request_path": "/api/v1/users?email=' OR 1=1 --",
"status_code": 403,
"user_agent": "sqlmap/1.8.5#stable",
"payload_signature": "SQLI_TAUTOLOGY_OR_1_EQ_1"
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:12:21Z",
"client_ip": "185.220.101.45",
"request_method": "GET",
"request_path": "/search?q=%3Cscript%3Ealert('xss')%3C%2Fscript%3E",
"status_code": 403,
"user_agent": "Mozilla/5.0 (compatible; ReconBot/2.1)",
"payload_signature": "XSS_SCRIPT_TAG_IN_QUERY"
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:12:58Z",
"hostname": "app01.prod.fintech-core.internal",
"service": "sshd",
"event_type": "authentication_failed",
"source_ip": "185.220.101.45",
"user": "root",
"raw_message": "Failed password for root from 185.220.101.45 port 60211 ssh2"
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:13:11Z",
"hostname": "app01.prod.fintech-core.internal",
"service": "sshd",
"event_type": "authentication_failed",
"source_ip": "91.240.118.172",
"user": "admin",
"raw_message": "Failed password for invalid user admin from 91.240.118.172 port 42544 ssh2"
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:13:23Z",
"hostname": "app01.prod.fintech-core.internal",
"service": "sshd",
"event_type": "authentication_failed",
"source_ip": "103.77.192.66",
"user": "oracle",
"raw_message": "Failed password for invalid user oracle from 103.77.192.66 port 33318 ssh2"
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:13:47Z",
"client_ip": "45.146.165.9",
"request_method": "GET",
"request_path": "/?file=../../../../etc/passwd",
"status_code": 403,
"user_agent": "curl/8.6.0",
"payload_signature": "LFI_PATH_TRAVERSAL_DOTDOT"
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:14:05Z",
"client_ip": "203.0.113.212",
"request_method": "GET",
"request_path": "/api/v1/export?format=csv;cat%20/etc/shadow",
"status_code": 403,
"user_agent": "python-requests/2.32.3",
"payload_signature": "CMDI_SHELL_METACHAR_SEQUENCE"
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:14:22Z",
"hostname": "db01.prod.fintech-core.internal",
"service": "sudo",
"event_type": "authentication_failed",
"source_ip": null,
"user": "intern",
"raw_message": "intern : 3 incorrect password attempts ; TTY=pts/5 ; PWD=/home/intern ; USER=root ; COMMAND=/bin/su -"
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:14:49Z",
"hostname": "bastion01.prod.fintech-core.internal",
"service": "sudo",
"event_type": "authentication_failed",
"source_ip": null,
"user": "www-data",
"raw_message": "www-data is not in the sudoers file. This incident will be reported."
},
{
"log_type": "nginx_waf",
"timestamp": "2026-05-10T09:15:03Z",
"client_ip": "198.51.100.77",
"request_method": "GET",
"request_path": "/login?next=https://evil.example/%0d%0aSet-Cookie:session=steal",
"status_code": 403,
"user_agent": "Mozilla/5.0 zgrab/0.x",
"payload_signature": "CRLF_HEADER_INJECTION"
},
{
"log_type": "linux_auth",
"timestamp": "2026-05-10T09:15:31Z",
"hostname": "app02.prod.fintech-core.internal",
"service": "sshd",
"event_type": "authentication_failed",
"source_ip": "185.220.101.45",
"user": "deploy",
"raw_message": "maximum authentication attempts exceeded for deploy from 185.220.101.45 port 60320 ssh2 [preauth]"
}
]